Joining Two Large Network

Joining Two Large Network Research

I have a church I'm trying to help out with a network topology. They
have a school and a rectory they want to connect via fiber.

However, the school wants to continue with their outbound internet
connection and DHCP server. The rectory also wants to continue with
their outbound internet connection and DHCP server.

Consolidation is NOT a possibility.

My thoughts are to use existing Dell PowerConnect 5324 switches. It
has an IOS-esque interface and has a lot of power that I've never
explored.

My plan would be either:

Plan A:
Give the switch two vlans with an IP address appropriate for each
side. Add a route from the existing routers on each side to the
switch IP.

In my head, this seems like it might theoretically work but there is
the question: can the Dell 5324 route packets between vlans?

Plan B:
Give the switch two vlans with two ports in common. On the port in
common, block broadcast packets to block the DHCP.

Before someone suggest Plan C, the physical wires are spread out
accross a multi-acre facility. Handling access via wire control to a
specific port is simply impossible. Switching to static IPs and
removing DHCP is also simply not maintainable/realistic.

Anyway, after that it gets worse because they want the lans tied
together but only for a few machines to cross over between them. I've
researched that part and I can do MAC address filtering and they
understand that MAC's can be spoofed.

Any thoughts?

Thanks ahead of time.

In article
<(E-Mail Removed) om>Bowman.NicholasW@g
mail.com wrote:

> Joining Two Large Network Research
>
> I have a church I'm trying to help out with a network topology.
> Theyhave a school and a rectory they want to connect via fiber.
>
> However, the school wants to continue with their outbound internet
> connection and DHCP server. The rectory also wants to continue
> withtheir outbound internet connection and DHCP server.
>
> Consolidation is NOT a possibility.
>
> My thoughts are to use existing Dell PowerConnect 5324 switches.
> Ithas an IOS-esque interface and has a lot of power that I've never
> explored.
>
> My plan would be either:
>
> Plan A:
> Give the switch two vlans with an IP address appropriate for each
> side. Add a route from the existing routers on each side to
> theswitch IP.
>
> In my head, this seems like it might theoretically work but there
> isthe question: can the Dell 5324 route packets between vlans?
>
> Plan B:
> Give the switch two vlans with two ports in common. On the port
> incommon, block broadcast packets to block the DHCP.
>
> Before someone suggest Plan C, the physical wires are spread out
> accross a multi-acre facility. Handling access via wire control to a
> specific port is simply impossible. Switching to static IPs
> andremoving DHCP is also simply not maintainable/realistic.
>
> Anyway, after that it gets worse because they want the lans tied
> together but only for a few machines to cross over between them. I've
> researched that part and I can do MAC address filtering and
> theyunderstand that MAC's can be spoofed.
>
> Any thoughts?
>
> Thanks ahead of time.

I don't know if the PowerConnect 5324 supports Layer 3 routing, but
if it does then you should be fine. If not, you could always throw
in a Windows box with a couple of NICs and an appropriately configured
routing table. (Or, if you are so inclined, you could do the same
thing with a certain unnamed open source operating system--but we're
not allowed to discuss those sorts of things in this NG.)

Regards,
Scott

--
I'm trying a new usenet client for Mac, Nemo OS X.
You can download it at http://www.malcom-mac.com/nemo

(E-Mail Removed) wrote:
> Joining Two Large Network Research
>
> I have a church I'm trying to help out with a network topology. They
> have a school and a rectory they want to connect via fiber.
>
> However, the school wants to continue with their outbound internet
> connection and DHCP server. The rectory also wants to continue with
> their outbound internet connection and DHCP server.
>
> Consolidation is NOT a possibility.
>
> My thoughts are to use existing Dell PowerConnect 5324 switches. It
> has an IOS-esque interface and has a lot of power that I've never
> explored.
>
> My plan would be either:
>
> Plan A:
> Give the switch two vlans with an IP address appropriate for each
> side. Add a route from the existing routers on each side to the
> switch IP.
>
> In my head, this seems like it might theoretically work but there is
> the question: can the Dell 5324 route packets between vlans?
>
> Plan B:
> Give the switch two vlans with two ports in common. On the port in
> common, block broadcast packets to block the DHCP.
>
> Before someone suggest Plan C, the physical wires are spread out
> accross a multi-acre facility. Handling access via wire control to a
> specific port is simply impossible. Switching to static IPs and
> removing DHCP is also simply not maintainable/realistic.
>
> Anyway, after that it gets worse because they want the lans tied
> together but only for a few machines to cross over between them. I've
> researched that part and I can do MAC address filtering and they
> understand that MAC's can be spoofed.
>
> Any thoughts?
>
> Thanks ahead of time.
>

http://www.dell.com/content/products...en&s=bsd&cs=04

That's the link I found for the Dell 5324. It says on the front page
that it's a layer 2 switch. You need a layer 3 switch to route between
VLAN's.

However, you can use a router to route between VLAN's with the switch
you currently have. You set the port on the switch that connects to the
router, as a trunk port. "Trunk" means it carries multiple VLAN's. Let
the router route between them. That's what you call "Routing on a stick"

I'm not sure what kind of router each has at their location. Some
models won't be capable of trunking. You'll have to investigate.

I just had another thought. If you only need a few machines to access
the resources on the other end, just configure a remote access VPN, and
install the client on those machines of users you want to have access.

My reply is going to be a little different.

You don't need VLans nessessarily, but they can be used. Just so you understand
that they aren't a "requirement",..only an unrelated option. You can not use a
Switch,..it requires a Router,...this can be a Layer3 Switch which is really
nothing more than a Layer3 Router and a Layer2 Switch built into the same piece
of hardware. The "router interfaces" of a Layer3 Switch are created with VLans
internally which "group" selected Layer2 ports on the Switch into a single
Layer3 Router Interface,..but the VLans don't have to extend out beyond that
device unless there is a real reason to do so.

The rest is fairly simple although a lot of people may not notice it (no offense
to anyone).
Since each "side" wants to keep their own internet connection that creates some
issues. DHCP is no issue at all,..but each side does have to use a different
subnet, and I am operating on the assumption that this is already the case. You
will need each side to keep using their Internet Device as their Default Gateway
as they probably already are doing. Then each Internet Device will have to have
a static route configured to tell it that the "path" to the opposite subnet is
the LAN Router that sits in the logical center. Also, it is *very* important
that both Internet Devices be configured with both subnets as the "internal"
private network, even if they don't provide any service to the opposite subnet.
If they can not do that and also accept a static route, then they will have to
be replaced.

All done, that's pretty much it.

You cannot make the LAN Router everyone's Default Gateway because that will mean
the LAN Router will then have to use one of the Internet Devices as its Default
Gateway, and you can only choose one, which causes everyone to use the same
internet connection,..which isn't what they want. However some Routers may be
able to choose from more than one Gateway depending on the location of the
source of the traffic (called Source Routing), but off the top of my head I
don't know how that would be done.

If you stick with what I described, it will be simple to deal with.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ps.com...
> Joining Two Large Network Research
>
> I have a church I'm trying to help out with a network topology. They
> have a school and a rectory they want to connect via fiber.
>
> However, the school wants to continue with their outbound internet
> connection and DHCP server. The rectory also wants to continue with
> their outbound internet connection and DHCP server.
>
> Consolidation is NOT a possibility.
>
> My thoughts are to use existing Dell PowerConnect 5324 switches. It
> has an IOS-esque interface and has a lot of power that I've never
> explored.
>
> My plan would be either:
>
> Plan A:
> Give the switch two vlans with an IP address appropriate for each
> side. Add a route from the existing routers on each side to the
> switch IP.
>
> In my head, this seems like it might theoretically work but there is
> the question: can the Dell 5324 route packets between vlans?
>
> Plan B:
> Give the switch two vlans with two ports in common. On the port in
> common, block broadcast packets to block the DHCP.
>
> Before someone suggest Plan C, the physical wires are spread out
> accross a multi-acre facility. Handling access via wire control to a
> specific port is simply impossible. Switching to static IPs and
> removing DHCP is also simply not maintainable/realistic.
>
> Anyway, after that it gets worse because they want the lans tied
> together but only for a few machines to cross over between them. I've
> researched that part and I can do MAC address filtering and they
> understand that MAC's can be spoofed.
>
> Any thoughts?
>
> Thanks ahead of time.
>

On Jun 1, 12:58 am, "Phillip Windell" <philwind...@hotmail.com> wrote:
> My reply is going to be a little different.
>
> You don't need VLans nessessarily, but they can be used. Just so you understand
> that they aren't a "requirement",..only an unrelated option. You can not use a
> Switch,..it requires a Router,...this can be a Layer3 Switch which is really
> nothing more than a Layer3 Router and a Layer2 Switch built into the same piece
> of hardware. The "router interfaces" of a Layer3 Switch are created with VLans
> internally which "group" selected Layer2 ports on the Switch into a single
> Layer3 Router Interface,..but the VLans don't have to extend out beyond that
> device unless there is a real reason to do so.
>
> The rest is fairly simple although a lot of people may not notice it (no offense
> to anyone).
> Since each "side" wants to keep their own internet connection that creates some
> issues. DHCP is no issue at all,..but each side does have to use a different
> subnet, and I am operating on the assumption that this is already the case. You
> will need each side to keep using their Internet Device as their Default Gateway
> as they probably already are doing. Then each Internet Device will have to have
> a static route configured to tell it that the "path" to the opposite subnet is
> the LAN Router that sits in the logical center. Also, it is *very* important
> that both Internet Devices be configured with both subnets as the "internal"
> private network, even if they don't provide any service to the opposite subnet.
> If they can not do that and also accept a static route, then they will have to
> be replaced.
>
> All done, that's pretty much it.
>
> You cannot make the LAN Router everyone's Default Gateway because that will mean
> the LAN Router will then have to use one of the Internet Devices as its Default
> Gateway, and you can only choose one, which causes everyone to use the same
> internet connection,..which isn't what they want. However some Routers may be
> able to choose from more than one Gateway depending on the location of the
> source of the traffic (called Source Routing), but off the top of my head I
> don't know how that would be done.
>
> If you stick with what I described, it will be simple to deal with.
>
> --
> Phillip Windellwww.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft, or
> anyone else associated with me, including my cats.
> -----------------------------------------------------
>
> <Bowman.Nichol...@gmail.com> wrote in message
>
> news:(E-Mail Removed) ps.com...
>
> > Joining Two Large Network Research
>
> > I have a church I'm trying to help out with a network topology. They
> > have a school and a rectory they want to connect via fiber.
>
> > However, the school wants to continue with their outbound internet
> > connection and DHCP server. The rectory also wants to continue with
> > their outbound internet connection and DHCP server.
>
> > Consolidation is NOT a possibility.
>
> > My thoughts are to use existing Dell PowerConnect 5324 switches. It
> > has an IOS-esque interface and has a lot of power that I've never
> > explored.
>
> > My plan would be either:
>
> > Plan A:
> > Give the switch two vlans with an IP address appropriate for each
> > side. Add a route from the existing routers on each side to the
> > switch IP.
>
> > In my head, this seems like it might theoretically work but there is
> > the question: can the Dell 5324 route packets between vlans?
>
> > Plan B:
> > Give the switch two vlans with two ports in common. On the port in
> > common, block broadcast packets to block the DHCP.
>
> > Before someone suggest Plan C, the physical wires are spread out
> > accross a multi-acre facility. Handling access via wire control to a
> > specific port is simply impossible. Switching to static IPs and
> > removing DHCP is also simply not maintainable/realistic.
>
> > Anyway, after that it gets worse because they want the lans tied
> > together but only for a few machines to cross over between them. I've
> > researched that part and I can do MAC address filtering and they
> > understand that MAC's can be spoofed.
>
> > Any thoughts?
>
> > Thanks ahead of time.

Thanks guys for all your help and advice.