New job, new network problem

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

But he has already stated that he is running two internal DHCP servers for resilience, that wouldn't be something an ISP does.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Yes it would be. A router and a backup router - both would also be DHCP servers.

 

Without sounding rude.....

1, If its not broke dont fix it.....

2, By the sounds of it you need to read the ccna books first not after. Will teach you some very important things you need to know and how to plan a move like this (WHEN IT IS NEEDED.

3, When the work needs to be done, why not just move the servers to their own subnet and then have clients on their own subnet?

Even after this, if you still need more IP's then you can create another Vlan to give you more IP's. If you expanded again you could then create another vlan and so on.... Once you have the required amount of Vlans for each floor, THEN you can organise them better!

I work where the network is a complete mess but i cant just go and reconfigure it in my own eyes because it will make it look better/tidier (or even to make me look better ). I am biding my time and making sure the hardware is slowing being moved over to something that is acceptable and then when a problem arises in the specific areas of the network i will be suggesting that "While we are in there..... lets reconfigure this whole part of the network"

A production network is not a Lab environment. If changes are needed then implement them. Note the operative words.....
CHANGE (not redesign) &;
IMPLEMENT (lots of thought and planning trying to utilise what you have got first!

As always, i am learning just as much as the rest and the above is not gospel but my opinion!

Cheer
Jon

 

Dont need relay agents, if you are using a Microsoft server for DHCP and you have the correct NIC you can actually assign Vlans to the server interface, effectively making it a Trunk!

This enables you to use the server like a Router on a stick environment and the subnets will be distributed to each VLAN - once you have the switches setup correctly then you can assign VLAN 3 to Floor 3, VLAN 2 to Floor 2 and so on!!

Cheers
Jon

 

Sorry guys, don't want you having a huge fight!
DHCP, DNS Servers are setup by us, EasyNet have provided us with two routers they own, one for failover.

Here is the DHCP as it stands
10.0.10.1 - 10.0.10.75 (Servers & Devices. 25 Virtual servers / 14 Physical servers (some dual NIC) / SAN, SAN Switches, Printers, Wireless Access Points & Wireless Access Controller, Phone system )
10.0.10.75 - 10.0.10.166 (Laptops & Desktops)
10.0.10.166 - 10.0.10.254 (Remote Users, loads of these are used because no WAN setup yet with the US branch)

Lease time: 1 Day

 

No huge fights on here! lol. The whole idea is for opinions to be shared.

The work you are proposing is Internal so Easynet shouldnt come in to it any where; Apart from changing IP's on there routers if needed..... If you are using ISA and if it is multihomed then you wont even have to change these!

If ISA is also your VPN Server then you could just supply a 10.0.11.0/24 subnet to the remote users and then reallocate the existing remote IP's (10.0.10.166 - 10.0.10.254) to the clients (laptops & Desktops) which would give you 88 more IP's to use for the clients!??

Cheers
Jon

 

So reduce the lease time to an hour or two, that way all laptops\remote users won't be keeping an IP address from the pool if they only log in for 15 minutes every day.

 

This is what I would recommend as well: giving the remote users their own /24 subnet. You could even give the remote users a /23 or /22 subnet if you wanted, leaving the existing subnet for local users and servers alone.

 

I presume I could do 10.0.11.0 /24 for VPN using ISA 2006 Static Pool?
Would this conflict and do you know if routing is taken care of by ISA 2006?

 

Why would it conflict? If you use the 10.0.10.0/24 for your internal network, 10.0.11.0/24 is a different subnet - no overlap.

I haven't used ISA in years and years, so I couldn't begin to tell you how it works nowadays. However, if you're using ISA to handle your incoming VPN requests, I would assume it would route.

 

Why not create a subnet over in the US and use the US router as a DHCP server, set the DNS server it dishes out to be yours in the UK so everything can be resolved and create a site to site VPN tunnel?

 

IIRC within ISA you have the "Networks" which are statements to define the Internal network range (and other options), the VPN's / Remote users have their own "network" aswell so you should be able to assign the 10.0.11.0/24 subnet and then ISA will do the rest.

Failing all of the above i would remove the rubbish ISA and install all new super duper CISCO Equipment!

Cheers
Jon

 

ISA has never been rubbish, it is arguably one of the best pieces of software available.

 

Maybe i phrased that wrong..... Its not rubbish, i just dont like it!

Dont get me wrong, its Powerfull and "all great"...... but its just not for me! Its all down to personal preference and if i had the chance i wouldnt use it!

 

I will change the VPN not to get IP's from the DHCP server and to assign its own range of 10.0.11.1 - 10.0.11.254 /24
I will let you all know how this ends.

But i really am thankful for all the feedback so far!

 

It may not be rubbish, but there are certainly better solutions available. Personally, I wouldn't recommend ISA.

 

ALL HAIL 'BosonMichael' for he is ALWAYS Right (because he generally agrees with me)

 

I'm not always right.

...just usually.

In any case, this would just be an opinion - no "right" or "wrong" to it.