I am looking for suggestions on IP Addressing. My office is expanding and opening up another office. I am linking these two offices over a secure MPLS channel for site to site communications. IP Addressing has always been a thorn in my side. I seem to never be able to fully grasp the concept. Hopefully one day I will.
Currently my network is flat, it is not subnetted. The intial company who setup the network before I arrived configured the network on the 192.168.1.0 network. netmask 255.255.255.0. No VLANS are established. All machines,printers, etc. are using 192.168.1.2-254 addresses.
Now the two offices have to be able to communicate between them. Is there any problem with configuring the the local network in the new office on the 10.10.10.0/24 network? All mahcines, printers, etc. will use 10.10.10.2-254 addresses. I will setup up routes between the two offices so they can communicate with each other.
I eventually want to setup VLANs to seperate management, sales and general staff. Management will have access to all networks, but sales and general staff will only have access to their respective networks.
Should I look at a different IP addressing scheme instead of just one block for each office? If so any suggestions? I believe each VLAN has to be on their own network.
This is what I'm thinking:
management - 192.168.1.0/24 Mask: 255.255.255.0
sales - 192.168.2.0/24 Mask: 255.255.255.0
general staff - 192.168.3.0/24 Mask: 255.255.255.0
management - 10.10.11.0/24 Mask: 255.255.255.0
sales - 10.10.12.0/24 Mask: 255.255.255.0
general staff - 10.10.13.0/24 Mask: 255.255.255.0
Hello FiercePowahs; welcome to Firewall.cx
There are many ways to do what you've described, and your arrangement will work as well as any other. And one thing you've got right is to use a logical arrangement for the addresses on each site so that when someone throws an IP address at you it will 'mean something' and you'll be able to say at once where and what it is. I'd be tempted to even take this furher and have a block within each site for servers, another for network kit etc.
Finally, you're right about VLAns too - they have to be on different IP networks if you want to route between them
Another quick question, the router in the new office will be managed by the voice/data provider of the T1's. They want the internal IP address of my new network.
Initially I told them 10.10.10.1 for the office. If I plan to expand out and create 3 or more VLANs on different networks, shouldn't I have them set router up for 10.10.0.0/255.255.0.0? That way it allows for greater expansion? Or is that a little too aggresive for what I'm trying to do?
All you need to give them is the subnet mask of the VPN your router will be on, plus an IP address on that VLAN. If you have your address space at your office divided up into VLANs then one of them will need to be "the VLAN that has internet access" and that is the one your external router will sit on. To gain internet access from the other VLANs you'll need to use your own internal inter-VLAN routing to hop across to the internet VLAN