Subnetting for Simpletons

[TrX]

Macs are large, and have the benefit of being both heavy *and* expensive.

You don't need vlans, or a better router - a small cheap linux box with two NIC cards in it will do this. If you're switch can do VLANs it's a bonus, as you'll only need a small cheap linux box with a single NIC to do what you want.

As wij pointed out, that router supports port based VLANS
one VLAN for each switch, one for the tubes (probably with NAT) different subnet on each of the internal Vlans, bit of static routing, and job done.

He could even use port based Vlans on the Cisco to get rid of the netgear switch (admittedly would need two links from the cisco to the draytek if only port based vlan was supported).. and if 802.1q was supported.. a trunk link would be the way forward!

//TrX

 

[VeNT]

not read the rest of the thread but why not fake it?
setup your DHCP to have 192.168.0.2-192.168.1.254 as its range with the subnet 255.255.0.0? then add the mac's to static IP address's using their mac address?
also this means you can set the PCs IPs to static addresses and know what each one is at any one time

this also has the advantage that it may even let the mac's still use the printer on 192.168.0.74(or whatever). (I think)
you may not even need to give it a whole 255, as iirc you can use partial subnetting or somthing like that?

 

[Sone]

stupid response, i missed the faking

 

[joey1211]

Only problem with bluffing it is that he might insist that I explain to the managers and him exactly what i've done.

 

[oddjob62]

the main issue with VeNT's idea is it doesn't fix MacBoy's main gripe.

His biggest bugbear is that the pcs show up in his network neighbourhood equivalent on OSX. Who cares? Do some work.

 

[VeNT]

firewall.
block those ports on his mac

 

[Chief Wiggum]

Well, I can only add my two pennith (trying to help your design here)

Firstly what sort of Cisco Switch is it?

Solution 1:
If it's a Layer 3 Capable switch (ie can do inter-vlan routing) and you can create 3 VLANs - one for the router, one for the PC's and Servers and one for the MAC's
you have 3 network 'interfaces' created on the switch and give them the IP addresses that would be the default gateway for the PC/MAC networks and set a default route up pointing to the Dreytek, then set static routes to your subnets pointing at the switch IP on the Dreytek

Solution 2:

Pretty much the same, but if your switch is L2 then, you're need a router that can do the L3 bit, now you could go the whole hog and get a cisco 1801 which has an ADSL WIC so you can replace the dreytek altogether - or as wij and TrX pointed out you could use the VLAN routing functions of the dreytek (if it has them) and run cables from each vlan into the router

(See sol 1 Diagram)

or

Solution 3:
Setup similar as solution 2 but with a router on a stick (such as an auction Cisco 1721) and continue to use the dreytek.

Excuse the bad drawing - still trying to get used to a tablet....

Kev

 

[Plasmoid]

Not to hijack the thread or anything... but this stuff kind of got me thinking.

If you had your pc and your mac networks set up and seperate, running off two switches or 1 switch virtual lanned into 2, and connected by some gateway. If you wanted printers on one side to be visible to there other, what would you do?

Wouldn't the pc's want to use their uPnP to find printers and the broadcast packets wont cross subnets...

I know having printers set to static ip's and preconfigured in every pc/mac would do the trick but what about a dodgy dhcp enviorment.

 

[oddjob62]

I know having printers set to static ip's and preconfigured in every pc/mac would do the trick but what about a dodgy dhcp enviorment.

I would always have printers on static, or at least reserved DHCP addresses.

 

[bigredshark]

Or how about tell management it's a bad idea and to it properly requires a real router (cisco 1841 or something like that).

Just tell them it's stupid and unnecessary...end of. If they disagree then tell them to get a second opinion from a consultant who'll say the exact same thing.

 

[joey1211]

£500 for another router for no real reason!!! That's the way to go.

But after another 6 months of agro i'm sure they'll be happy to stump up.

 

[Ricochet J]

Why don't you use the Cisco Switch to its full potential? Could you not remove the other switch, put all nodes on the same Cisco switch, and seperate them out using VLSMs? Surely that'd be better for the router too as its not recieving traffic from two ports?

 

[crazyDAJT]

They don't want to know. Which is why I'm applying for jobs elsewhere, then macboy can have all the fun he wants.

sorry to go off topic a bit, but if this is the case, why you planning to lose sleep about it??

 

[joey1211]

Because it's annoying working somewhere where the management take their orders from employees.

And jobs on the west coast of Wales are in short supply.

 

[neil_g]

are the servers connected to the cisco switch? how is the netgear linked to the cisco, via a single cat5 through the router? i think you may have overlooked a bottleneck which is probably slowing the macs access to the server(s).

ditch the netgear and get another cisco then fibre them together imho.

we run our macs on a different subnet but dont fanny around with vlans etc. we use a class B (255.255.0.0) and use different ranges for each device..

example:

PC's - dhcp range of 192.168.1.x
mac's - dhcp reservations of 192.168.2.x
servers - static non dhcp of 192.168.3.x
printers - static non dhcp of 192.168.4.x

etc etc

works fine.

 

[bigredshark]

are the servers connected to the cisco switch? how is the netgear linked to the cisco, via a single cat5 through the router? i think you may have overlooked a bottleneck which is probably slowing the macs access to the server(s).

ditch the netgear and get another cisco then fibre them together imho.

we run our macs on a different subnet but dont fanny around with vlans etc. we use a class B (255.255.0.0) and use different ranges for each device..

example:

PC's - dhcp range of 192.168.1.x
mac's - dhcp reservations of 192.168.2.x
servers - static non dhcp of 192.168.3.x
printers - static non dhcp of 192.168.4.x

etc etc

works fine.

well unless you have a router per /24 your not actually running them on different subnets at all, just one big subnet

 

[neil_g]

ah router based dhcp, i missed that (kinda skim read). that limits things slightly.

 

[Fr0dders]

Because it's annoying working somewhere where the management take their orders from employees.

And jobs on the west coast of Wales are in short supply.

in which case you lay it on the line with them

your the one in charge of the network, not him

and you say that currently you do not have the required hardware to properly subnet off his PC. Point them in the direction of the Cisco switch price list and see what management think to his idea then. Management have no idea of the implications this sort of setup will bring. Its not just a bit of config tweaking

Have a chat with your consultant bloke, and explain to him your reservations about trying to subnet off this Mac with just a draytek router. He'll probably agree that the proper way to do this would be a cisco switch with 2 routing interfaces.

If management agree, then explain you'll need ccna to configure and maintain it properly. You'll find their tune changes quickly once they find its not a free 5 minute fix

 

[joey1211]

All I can say is thanks for all the replies... especially the last one.

Even the consultant (he lives nearby and does this work as a favour, paid but at a reduced rate) is ****** off. Angry that the network setup is being dictated by someones ego trip and refusal to understand that he's not the centre of the company.

 

[Fr0dders]

i work in the NHS, so im used to politics in IT

tbh it sounds like the guy in question is on an ego trip. He wants to be runing the show but isnt, so instead trys to find a way to feel important by having a different setup to everybody else

Just make sure you explain the complications and cost involved in "silencing him"

as a side thought, why dont you challenge him on what exactly subnetting his PC will do. Because it sounds like hes under the impression his mac is running slow because its on a windows network (hence complaining about seeing windows PC's in his network neighbourhood) and thinks that moving his PC off the windows network will speed it up

You need to explain to you boss the reasoing behind client and server interactions, and that the notion that other PCs on the network are causing his to run slow is preposterous. Even more so considering the only reason for this is that they're running windows and he's got a mac. Because the other thing you've got to warn your bosses about, is that if they do spend x ammount of £ on cisco switches and properly subnetting him off, it may not actually shut him up. What next ? a server of his own ? a leased line of his own ? a new mac ? the list is endless of what he could request once he gets the message he can have what he wants.