Re-Setting up Network

July 1, 2009 at 08:38:12
Specs: Windows XP
Here is what I want to do:

CableModem -> Switch1 -> Wireless Rtr #1
Switch1 -> Wireless Rtr #2
Switch1 -> Wireless Rtr #3
Switch1 -> VPN
Switch1 -> Switch2
Switch2 -> Office PCs

Anyone see any issues????

See More: Re-Setting up Network

Report •

July 1, 2009 at 09:01:42
Un ya there are a number of issues with that design.

cable modem will only supply you one ip yet you have 3 router and office pcs.

switches don't do vpns. routers do. switches do vlans if managed.

nothing off the routers so why do you have three of them?

No firewall/router so if you did have public ips you are raw on the internet. Hacker magnet config.

Proper design is modem<>router<>everything else.
If you are setting up the routers for wireless access you should consider a router/firewall between them and your office pcs/servers for security.

Report •

July 1, 2009 at 09:38:59
According to the FAQs on the Motorola SB6120, I can connect up to 63 computers to the CM via a hub/switch. With that, I am assuming that the SB6120 does DHCP...

Parts for the above diagram are:

CM - Motorola SB6120
Swithes - DLink DGS2008
Wireless#1 - Dlink DIR-655
(other Wireless are already in place, b/g wireless routers)
VPN - Netgear FVS318

Report •

July 1, 2009 at 10:02:41
New Idea:

CableModem -> Switch#1
Switch#1 -> Wireless Rtr#1 - serves area A w/DHCP (2-50)
Switch#1 -> Wireless Rtr#2 - serves area B w/DHCP (52-100)
Switch#1 -> Wireless Rtr#3 - serves area C w/DHCP (102-150)
Switch#1 -> VPNBox - w/DHCP (152-200)
VPNBox -> POS Devices
VPNBox -> Switch#2
Switch#2 -> Office PCs

WR#1 - Static IP 1.1
WR#2 - Static IP 1.51
WR#3 - Static IP 1.101
VPN - Static IP 1.151

How 'bout that?

Report •

Related Solutions

July 1, 2009 at 11:37:14
As Wanderers said, it should be Modem >> Router >> everything else. The other two will not get a public IP address to connect to the router unless your ISP supplies you with three IP addresses..


Report •

July 1, 2009 at 11:43:36
Is this for work or a homework assignment?

You may wish to review those documents again. No where is there a dhcp server mentioned. Only mention of ip is that it supports v4 and v6 ip.

A modem is not a router. So unless that model is also a router [no mention of NAT/PAT/DHCP/firewall/site restrictions, etc.] you have yet to account for those operations.

You do understand that even though you are using the same subnet on the wireless router lans that they will not talk to each other? You are also using the same subnet on the router lans as would exist on the routers wan ports. That will not work unless you bypass the wan ports [connect to just lan port]. Then you have three dhcp servers on the same subnet and that won't work either.

Report •

July 1, 2009 at 11:56:25
Ok then, how about this:

Cm -> VPN -> Switches with everything else hanging off the switches.

All Wireless routers have DHCP turned off...

Report •

July 1, 2009 at 12:38:36
What does a vpn have to do with your lan?
VPNs are for across the internet. Vlans are what you do within your lan.
What is your "vpn box"?

Sorry SCGrant327 but you are just guessing at the configuration. You are not informed concerning your modem or ip configuration. It appears you do not understand how to put these pieces of equipment together to form a secure and operational network.

We are happy to help here but no one is interested in guessing games.

Report •

July 1, 2009 at 12:54:41
If that is how you feel...BITE ME!

What I am trying to do is upgrade an outdated network to newer, faster equipment. The current network has been bandaided for years...and continues to fail and fail and fail. Each time it fails, someone else puts a bandaid on it.

What I want is serious advice on setting up the net with the 'same' parts that exist already, just newer and faster ones.

The object is to upgrade the net, and allow for future expansion.

I am using a VPN, because there is a VPN there already. Currently the VPN is connected to a WirelessB router which is connected to the Cable Modem. PCs are connected to a switch which connects to the VPN. The POS systems connect directly to the VPN. Also, there is a WirelessG router that is connected to the WirelessB router. A switch is connected to the WirelessG router. An access point is connected to the WirelessG's switch...

COMPLICATED and SCREWY. I just want to get new, fast parts and upgrade the entire network.

I do NOT know why things are connected the way they don't ask me WHY.

The new VPN Box (Netgear FVS318) will DHCP for the entire network. The two switches will be connected to the VPN and everything else will hang off the switches. Any extra devices can be directly connected to the available ports on the VPN.

And contrary to popular belief, I am NOT guessing. Yes, I have done business networking in the past, but have not been invovled with setting up VPNs...

Report •

July 1, 2009 at 13:31:28
Hmm can't take criticism graciously I see. As Shakespear once said in Hamlet "The [man] doth protest too much, methinks".
Lucky I am in a great mood today.

modem<>FVS318<> all switches<>all other routers and office.

You do not want to connect anything to the FVS318 except the switches unless the pos are part of a site to site vpn. Then make sure the FVS318 supports site to site as well as internet access [split tunneling].

You do not want to connect the wireless routers via their wan ports. review this diagram

You do want to have the FVS318 do your dhcp serving unless your Office is also running Active Directory. If running AD you want the AD server doing all dhcp.

You do want to assign static ips to all routers and managed switches [and servers if you have them] so you can admin them. Plan your dhcp scope accordingly.

You wrote:
"The POS systems connect directly to the VPN" and
"PCs are connected to a switch which connects to the VPN"

This does not sound right. Make sure you have a complete understanding of this configuration before you make any changes. Here is why
1. you need open ports on the internet facing router to have the vpn go thru it from the wireless b router.
2. determine if this is a site to site vpn [router to router] or that in fact it is the pos machines doing a client vpn [software vpn to router at the other end of the internet connection]. If this is the case you only need to open the vpn ports on the router. Nothing further is required.

Report •

July 1, 2009 at 13:38:42
Honestly, from the investigation that I have done...there are NO VPN tunnels anywhere. Seems like somebody decided we needed a VPN box and bought one (remember the bandaid approach).

I am thinking about getting a 3rd switch for the POS system. It really only needs to talk to itself (with the exception of nightly downloads).

No servers here, no active directory, just windows boxes doing windows things...

I did realize that I could not use the WAN ports on the routers...

Thanks for the input.

Report •

July 1, 2009 at 14:09:34
get a managed switch so you can setup a vlan for the pos systems.

I would call the folks at the other end of the pos vpn to clarify the config.

Report •

July 2, 2009 at 08:12:17

It appears that there is no 'other end' for the POS system. It is completely localized, we handle all communications...and they are all in-house.

I think I am going to get rid of the VPN and just go with a GigE router instead. If we need the VPN down the road, then I will have the 'old' VPN box to put in place...

If I need extra space later, I will just get another Switch....

Report •

Ask Question