I`ve been dealing with Cisco support trying to add another Subnet to my office network. Unfortunately the support is now outsourced so there`s a language barrier on top of a complex topology.



http://i150.photobucket.com/albums/s99/Mindflux98/diagram.jpg



This is what I am trying to accomplish.



Cisco says this is not do-able. They state the 172.x subnet needs to be on separate hardware coming off the ASA 5505. Which means another separate switch and separate cabling (or switches/hubs) for those workstations.



This simply isn`t possible with the existing wiring in place. Each office may have 2-3 network jacks but if we run out I split one off with a switch or hub. No big deal.



Now we have these specialized instruments that are on off-the-wall subnets and the only way they currently communicate with my network is through NetBIOS. My ultimate goal is to set those off-the-wall subnets to 172.0.0.x addresses and take NetBIOS off my network.

After a quick glance at your situation, I disagree that you need separate physical infrastructure for two separate subnets and actually I am quite surprise that Cisco told you this.



Is any of your equipment capable of doing port based VLANs, because this would allow you to do what you need (If I am understanding correctly what you want).

After a quick glance at your situation, I disagree that you need separate physical infrastructure for two separate subnets and actually I am quite surprise that Cisco told you this.



Is any of your equipment capable of doing port based VLANs, because this would allow you to do what you need (If I am understanding correctly what you want).





howarweb: the ASA5505 (top of the pyramid) does 3 VLANs. It`s currently doing 2, outside and inside. I can add another one.



One of my biggest problems with this is even though port 1 is 10.x and port 2 is 172.x, because some of the offices are mixed between subnets but share common wiring back to the closet.. I cannot simply take computer 2,3,8 and 9 and plug them into a switch that is uplinked to a designated VLAN port.

why not have a windows server manage the subnets for you? I have a few links I think...fun reading



dhcpd.conf multiple subnet / single physical network configuration - Linux Forums (http://www.linuxforums.org/forum/servers/69851-dhcpd-conf-multiple-subnet-single-physical-network-configuration.html)



Build Your Skills: Create a robust DHCP infrastructure (http://articles.techrepublic.com.com/5100-10878_11-5034551.html)



Designing the Active Directory Infrastructure (http://technet2.microsoft.com/windowsserver/en/library/32bd254e-42f9-45c0-98a2-71581feeb69e1033.mspx)



that help at all? :(



fwiw when I was in my SF Unit at Fort Bragg, we used cisco routers and used active directory to manage the subnets with....

fwiw when I was in my SF Unit at Fort Bragg, we used cisco routers and used active directory to manage the subnets with....





I thought about doing this with RRaS but I really don`t want to if I don`t have to. It`s more load on the server.

true....hmmmm....i`ll do some thinking and ask our IT dept here at the Hospital and see what they say....

howarweb: the ASA5505 (top of the pyramid) does 3 VLANs. It`s currently doing 2, outside and inside. I can add another one.



One of my biggest problems with this is even though port 1 is 10.x and port 2 is 172.x, because some of the offices are mixed between subnets but share common wiring back to the closet.. I cannot simply take computer 2,3,8 and 9 and plug them into a switch that is uplinked to a designated VLAN port.



You are correct from your first posting this can be complex. :D Also there are so many alternatives.



I am not totally familiar with the features of the ASA5505 security device (Firewall) but it sounds to me that you need better switches at your end-workstation level.



I hope that the business that you are doing this for can consider a switch upgrade. A VLAN will best accomplish what you want, but your switches are going to need the ability to understand VLANs (not the ASA5505). You could setup VLANs by subnet addresses, but this will add delays to your network because most of the traffic would need to be evaluated by the ASA5505.



So my recommendation is to upgrade the hardware. Switches with per-port (or MAC) VLAN capabilities are not that expensive and it would be a good investment long term. After looking at your post a little closer a MAC VLAN may suit you better, which would mean that you only have to change the netgear switch and network performance would not suffer as much. The per-port however will give you the best performance and easiest manageability.

So my recommendation is to upgrade the hardware. Switches with per-port (or MAC) VLAN capabilities are not that expensive and it would be a good investment long term. After looking at your post a little closer a MAC VLAN may suit you better, which would mean that you only have to change the netgear switch and network performance would not suffer as much. The per-port however will give you the best performance and easiest manageability.





Ideally I`d not like to buy a large 48 port VLAN switch from Cisco or another company because we`re simply not going to spend that sort of money.



The best solution I can come up with is an 8 port managed Cisco switch with two vlans configured. Each vlan port goes to the `dumb` netgear switches.. which in turn go off to the machines requiring that subnet.



The problem there is that there are some machines sharing a `dumb` switch inside of the rooms(offices) because we`ve long since run out of LAN connections on the wall so they got `split` with a switch to enable more machines per room. So I`d either need to try and group the workstations together on a dumb switch with the shared cable back to the network room or buy small Level 3 switches for each office ... ew.

I agree with howareb, IMHO best bet is upgrading your Netgear switch.



If you are on a budget check out CDW.com: HP, 3Com, Netgear all make some reasonably priced managed switches with VLAN support.

I agree with howareb, IMHO best bet is upgrading your Netgear switch.



If you are on a budget check out CDW.com: HP, 3Com, Netgear all make some reasonably priced managed switches with VLAN support.



The problem is I still have (if I configured my network the way the diagram shows) both subnets coming off a `dumb` switch in our offices. I`d have to put some managed switches with vlan support in each office with multiple subnets. Keep in mind the switches probably need routing support too... atleast one of them does anyway so the subnets can communicate.