one last newbie broadband/router question....

one last newbie broadband/router question....

Post by John Q Gace » Tue, 03 Dec 2002 21:27:54



   Hello all,

   I have been struggling for 2 weeks now. Here is my problem:

   I have a broadband connection that comes into our building in a front
office, near a switch and our ancient novell server. I have our "real"
server SBS2k, on the other side of the plant connected to another
switch. My solution was Cable Modem > Router > Switch > Switch > SBS. It
isnt working.

   Do I have to relocate my SBS server so that I have Modem > Router >
SBS ? Relocating the broadband connection isn't an option.

   Thanks for your time.
   Greg

 
 
 

one last newbie broadband/router question....

Post by Merv Porte » Tue, 03 Dec 2002 22:24:57


John:

You need the SBS's 2nd (i.e., external) NIC plugged directly into the
router.  So, you have some choices to make:

1.  Relocate the SBS to the cable modem/router location
2.  Run a Cat 5 Ethernet cable from the cable modem or router to your SBS
(if the length of wire will be less than 100 meters).  If the wire length
would exceed 100 meters, you could run a Cat5 cable from the cable modem 100
meters (maximum) to the router and then run another Cat5 cable from the
router 100 meters (maximum) to the SBS.

Merv
======================


Quote:

>    Hello all,

>    I have been struggling for 2 weeks now. Here is my problem:

>    I have a broadband connection that comes into our building in a front
> office, near a switch and our ancient novell server. I have our "real"
> server SBS2k, on the other side of the plant connected to another
> switch. My solution was Cable Modem > Router > Switch > Switch > SBS. It
> isnt working.

>    Do I have to relocate my SBS server so that I have Modem > Router >
> SBS ? Relocating the broadband connection isn't an option.

>    Thanks for your time.
>    Greg


 
 
 

one last newbie broadband/router question....

Post by Hendrik Cannood » Tue, 03 Dec 2002 22:42:43


or you could use fiber. up to 3km. pricy though.

HC


> John:

> You need the SBS's 2nd (i.e., external) NIC plugged directly into the
> router.  So, you have some choices to make:

> 1.  Relocate the SBS to the cable modem/router location
> 2.  Run a Cat 5 Ethernet cable from the cable modem or router to your SBS
> (if the length of wire will be less than 100 meters).  If the wire length
> would exceed 100 meters, you could run a Cat5 cable from the cable modem
100
> meters (maximum) to the router and then run another Cat5 cable from the
> router 100 meters (maximum) to the SBS.

> Merv
> ======================


> >    Hello all,

> >    I have been struggling for 2 weeks now. Here is my problem:

> >    I have a broadband connection that comes into our building in a front
> > office, near a switch and our ancient novell server. I have our "real"
> > server SBS2k, on the other side of the plant connected to another
> > switch. My solution was Cable Modem > Router > Switch > Switch > SBS. It
> > isnt working.

> >    Do I have to relocate my SBS server so that I have Modem > Router >
> > SBS ? Relocating the broadband connection isn't an option.

> >    Thanks for your time.
> >    Greg

 
 
 

one last newbie broadband/router question....

Post by Mark A. Esse » Tue, 03 Dec 2002 22:15:18


What kinds of errors are you getting?  I don't see why the below setup
wouldn't work.  Many routers can be configured remotely using a browser or a
telnet session.  Can you 'see' the router from your SBS server?  Can you
ping it?  It could be some sort of IP address issue, or something else like
that.  I would first make sure you can 'see' the router, and if you can't,
that would be the first place to start looking.

Also, do you have any computers that are on the first switch (closest to
router), and can they see the internet?

Mark



Quote:

>    Hello all,

>    I have been struggling for 2 weeks now. Here is my problem:

>    I have a broadband connection that comes into our building in a front
> office, near a switch and our ancient novell server. I have our "real"
> server SBS2k, on the other side of the plant connected to another
> switch. My solution was Cable Modem > Router > Switch > Switch > SBS. It
> isnt working.

>    Do I have to relocate my SBS server so that I have Modem > Router >
> SBS ? Relocating the broadband connection isn't an option.

>    Thanks for your time.
>    Greg

 
 
 

one last newbie broadband/router question....

Post by Jeff Middleton [SBS-MVP » Wed, 04 Dec 2002 01:10:25


Technically, Merv, John doesn't need to do either of those, he can in fact
configure his SBS in the manner he has suggested. Merv's suggestion
simplifies a manner to envision the connections, but it isn't necessary to
run a dedicated cable, or move the server.

The point I'm making is that there is no rule of networking that limits you
to running only a single subnet on a cable, or a switch, or hub, or on your
SBS connected LAN. As an example, let's suppose you run a small computer lab
for a school, and you want to setup a 24 port hub/switch to support 24
students, but break the class into 6 independent groups. You can do this by
isolating groups of 4 computers into one of six independent subnets. Note,
I'm intentionally choosing an example where I don't want typical network
traffic between each of the six groups, only between the four computers of
each respective "subnet workgroup". I can choose any convenient subnets, but
suppose I just do the simple approach of using:

10.0.1.x
10.0.2.x
10.0.3.x
10.0.4.x
10.0.5.x
10.0.6.x

Assuming that in all cases a subnet mask of 255.255.255.0 is used, this
means that any computer numbered in one of the subnets above can actually be
part of 254 host subnet using an IP of 1-254 in that subnet, even though I
only intend to use 4 IPs in each subnet. The point is that a computer using
10.0.1.2 could talk to a computer using any other IP in 10.0.1.x, but not to
any computer using a different subnet from the list above.

The result of my "lab design" is that my workgroups of four computers act as
if they are the only workstations on the wire, even though I have 6
different groups running this way at the same time. For practical matters,
there are conditions where the combined use of the single cable could affect
or interact with the other groups. The most obvious is that all of the
computer are limited by the maximum bandwidth of the wire, or hub/switch, so
a massive file transfer would slow all users, but they wouldn't necessarily
be able to see the traffic without a packet sniffer. Another case of
interaction is for any broadcast traffic like a DHCP announcement/request
since the point of DHCP is to provide a computer *not yet in a subnet* with
the ability to request an IP to use. You couldn't use DHCP in this
arrangement unless you wanted to either get extremely sophisticated in the
use of MAC hardware addresses to control allocation, or put any DHCP client
into a single subnet.

The point I'm trying to make here is that the reason that TCP/IP allows for
both IP and subnet mask assignment is to allow for breaking up a network in
a manner that suits your logical needs. The most common reason to use a
subnet mask is to connect between "routed subnets", but you can also use
subnets to isolate normal traffic on the very same media.

As a result, it would be possible to connect the SBS using either a primary
NIC or secondary NIC to a router in the manner that John requested, and it
could still carry the majority of the security needs wanted in the
configuration.....provided you understand what is going on.

I'm betting the actual problem is more likely an issue of not properly
configuring the gateway routing between the SBS and the router.

------------------

Let me expand the discussion a little to reveal what I mean.

In the above, I offer the example of 6 different workgroups using the same
"cable" to communicate in 6 different, independent workgroups. Even if you
name each workgroup something common like "OURGROUP", only the four computer
in the same respective subnet would see each other. Naming them differently
would clarify more about the activity only for the convenience of the
administrator, not the network functions, simply because the workstations
wouldn't communicate across subnets or workgroups unless that ability is
added to the network in some manner. How you accomplish that is called a
"router".

Let's talk about what it means to use a router to connect between subnets.
Typically, a router is used to connect between totally independent "LANs",
where the router is the only common link provided. You might have something
like this:

Hub/Switch ------Router----------Hub Switch
 /         |        \                                 /         |        \
pc11   pc12    pc13                  pc21   pc22    pc23

The fact is, you can actually have a single hub/switch with all the PCs
connected to it, some in the first subnet, some in the second subnet, and
they will not be able to communicate between each other in normal manner.
However, if you add the router and connect *both* interfaces of the router
to the very same hub/switch, then configure the router interfaces to the
respective different subnets, now you can communicate between all computers.
In fact, the configuration of the LAN where you "stack" subnets on the same
media is no different that how you would configure the above as indicated in
the diagram as two LANs using independent hub/switches linked exclusively by
the router. The only difference is that the diagram above indicates how you
would link two subnets *and* two separate media networks using the router.
If the router were connected to a single hub/switch on both interfaces, it's
really doing the exact same job, but now the hub/switch is handling the
logical traffic for more than one subnet, but all on the same media.

If that makes sense, you would now have this:

            pc21  pc22  pc23
                \         |     /
router-----Hub/Switch -----pc13
     |_____/         |        \
                       pc11   pc12

[note: the router above is linked on both interfaces to the same hub/switch,
and the router is not trying to connect the LAN to the web, it is in fact
connecting one "subnet" of computers to another subnet of computers, both
physically on the same network, but not logically on the same network due to
the IP subnets being different.]

The result is the same in a TCP/IP logical configuration as the diagram
further above. The router handles sending the IP information between the two
subnets.

What I've shown here explains how to allow more than one subnet to
communicate where the router is connecting two logical subnets on the same
medial. What we are interested in is what happens when you are expanding the
network over a larger physical area, using more switches/hubs, but not more
routers.

            pc21  pc22  pc23
                \         |     /
router-----Hub/Switch ---------Hub/Switch
     |_____/                                /         |        \
                                            pc11   pc12   pc13

This again is the same diagram in a logical sense, even though it physically
lays out differently. As long as you connect one side as an Uplink
connection for the interconnecting cable between the two hub/switches, this
works exactly the same way as before. In other works, if you obey the rules
of cascading between hubs/switches as far as the cabling goes, the logical
connection of the workstations is not affected. These two network groups
will communicate between each other *physically* because there's this cable
between the two hub/switches, but the logical connection happens because the
router on the end is routing traffic for one subnet back to the switch once
it has been translated to the other subnet. The router is the key to
connecting the two network logically.

Now, what happens if you connect the exact same thing as above, but instead
of the router shown above, you connect the SBS using two interfaces, just as
above indicates?

Like this:

            pc21  pc22  pc23
                \         |     /
SBS-----Hub/Switch ---------Hub/Switch
     |_____/                                /         |        \
                                            pc11   pc12   pc13

[Note: I'm intending for you to imagine the SBS has two NICs, each of the
NICs is using a different subnet (they aren't both on a particular common
subnet like load-balancing attempts might imply).]

Let me first state....don't do this, at least, in a production environment.
Don't connect two NICs to your SBS and try to put LAN clients on each subnet
used by the SBS. What I'm showing is legal as far as TCP/IP transport is
concerned, but it causes problems if you try to bind an SBS to two NICs,
both trying to use Microsoft Networking to browse two different subnets at
the same time. This is actually a complication you want to avoid, but as an
intermediate illustration, you will see where I am going in just a second.

I've substituted the SBS for the router that was linking two subnets to make
the point that the SBS is actually able to connect and use TCP/IP to
communicate in more than one subnet while both NICs are on the same
hub/switch, but I'm not really interested in using MS Networking this way,
just  basic TCP/IP. What I really want is to have all the LAN workstations
on a single subnet, connected by a cascade of hub/switches, but I want a web
connected router to link my SBS to the web using a dedicated NIC for that
purpose, like this:

            pc21  pc22  pc23
                \         |     /
SBS-----Hub/Switch ---------Hub/Switch ------WebRouter--->web
     |_____/                                /         |    \
                                          pc24   pc25   pc26

[Note: Now I'm intending for you to imagine the SBS has two NICs, each of
the NICs is still using a different subnet. However, in this case, the LAN
workstations are all on a single subnet, and the only thing on the different
subnet with the SBS 2nd NIC is in fact the WebRouter.]

I have the final configuration I was looking for. Only the SBS second NIC
sees the WebRouter because these are the only two devices on the same
subnet. None of the workstations see the WebRouter because I'm not giving
that router an IP in the subnet of the LAN, just the web subnet.

One can assume that the WebRouter and the SBS second NIC are both using
public IPs. Or perhaps if you ...

read more »

 
 
 

one last newbie broadband/router question....

Post by Merv Porte » Wed, 04 Dec 2002 02:04:14


Absolutely excellent analysis!  This is why I stick around this NG - I'm
always learning new ways of looking at problems.

So, now John needs to come back so we can talk about his network setup and
the answers to some of Mark's questions.

Thanks for the tutorial Jeff.

Merv
============
"Jeff Middleton [SBS-MVP]" <j...@cfisolutions.com> wrote in message
news:uZvXK4hmCHA.2360@tkmsftngp07...

> Technically, Merv, John doesn't need to do either of those, he can in fact
> configure his SBS in the manner he has suggested. Merv's suggestion
> simplifies a manner to envision the connections, but it isn't necessary to
> run a dedicated cable, or move the server.

> The point I'm making is that there is no rule of networking that limits
you
> to running only a single subnet on a cable, or a switch, or hub, or on
your
> SBS connected LAN. As an example, let's suppose you run a small computer
lab
> for a school, and you want to setup a 24 port hub/switch to support 24
> students, but break the class into 6 independent groups. You can do this
by
> isolating groups of 4 computers into one of six independent subnets. Note,
> I'm intentionally choosing an example where I don't want typical network
> traffic between each of the six groups, only between the four computers of
> each respective "subnet workgroup". I can choose any convenient subnets,
but
> suppose I just do the simple approach of using:

> 10.0.1.x
> 10.0.2.x
> 10.0.3.x
> 10.0.4.x
> 10.0.5.x
> 10.0.6.x

> Assuming that in all cases a subnet mask of 255.255.255.0 is used, this
> means that any computer numbered in one of the subnets above can actually
be
> part of 254 host subnet using an IP of 1-254 in that subnet, even though I
> only intend to use 4 IPs in each subnet. The point is that a computer
using
> 10.0.1.2 could talk to a computer using any other IP in 10.0.1.x, but not
to
> any computer using a different subnet from the list above.

> The result of my "lab design" is that my workgroups of four computers act
as
> if they are the only workstations on the wire, even though I have 6
> different groups running this way at the same time. For practical matters,
> there are conditions where the combined use of the single cable could
affect
> or interact with the other groups. The most obvious is that all of the
> computer are limited by the maximum bandwidth of the wire, or hub/switch,
so
> a massive file transfer would slow all users, but they wouldn't
necessarily
> be able to see the traffic without a packet sniffer. Another case of
> interaction is for any broadcast traffic like a DHCP announcement/request
> since the point of DHCP is to provide a computer *not yet in a subnet*
with
> the ability to request an IP to use. You couldn't use DHCP in this
> arrangement unless you wanted to either get extremely sophisticated in the
> use of MAC hardware addresses to control allocation, or put any DHCP
client
> into a single subnet.

> The point I'm trying to make here is that the reason that TCP/IP allows
for
> both IP and subnet mask assignment is to allow for breaking up a network
in
> a manner that suits your logical needs. The most common reason to use a
> subnet mask is to connect between "routed subnets", but you can also use
> subnets to isolate normal traffic on the very same media.

> As a result, it would be possible to connect the SBS using either a
primary
> NIC or secondary NIC to a router in the manner that John requested, and it
> could still carry the majority of the security needs wanted in the
> configuration.....provided you understand what is going on.

> I'm betting the actual problem is more likely an issue of not properly
> configuring the gateway routing between the SBS and the router.

> ------------------

> Let me expand the discussion a little to reveal what I mean.

> In the above, I offer the example of 6 different workgroups using the same
> "cable" to communicate in 6 different, independent workgroups. Even if you
> name each workgroup something common like "OURGROUP", only the four
computer
> in the same respective subnet would see each other. Naming them
differently
> would clarify more about the activity only for the convenience of the
> administrator, not the network functions, simply because the workstations
> wouldn't communicate across subnets or workgroups unless that ability is
> added to the network in some manner. How you accomplish that is called a
> "router".

> Let's talk about what it means to use a router to connect between subnets.
> Typically, a router is used to connect between totally independent "LANs",
> where the router is the only common link provided. You might have
something
> like this:

> Hub/Switch ------Router----------Hub Switch
>  /         |        \                                 /         |        \
> pc11   pc12    pc13                  pc21   pc22    pc23

> The fact is, you can actually have a single hub/switch with all the PCs
> connected to it, some in the first subnet, some in the second subnet, and
> they will not be able to communicate between each other in normal manner.
> However, if you add the router and connect *both* interfaces of the router
> to the very same hub/switch, then configure the router interfaces to the
> respective different subnets, now you can communicate between all
computers.
> In fact, the configuration of the LAN where you "stack" subnets on the
same
> media is no different that how you would configure the above as indicated
in
> the diagram as two LANs using independent hub/switches linked exclusively
by
> the router. The only difference is that the diagram above indicates how
you
> would link two subnets *and* two separate media networks using the router.
> If the router were connected to a single hub/switch on both interfaces,
it's
> really doing the exact same job, but now the hub/switch is handling the
> logical traffic for more than one subnet, but all on the same media.

> If that makes sense, you would now have this:

>             pc21  pc22  pc23
>                 \         |     /
> router-----Hub/Switch -----pc13
>      |_____/         |        \
>                        pc11   pc12

> [note: the router above is linked on both interfaces to the same
hub/switch,
> and the router is not trying to connect the LAN to the web, it is in fact
> connecting one "subnet" of computers to another subnet of computers, both
> physically on the same network, but not logically on the same network due
to
> the IP subnets being different.]

> The result is the same in a TCP/IP logical configuration as the diagram
> further above. The router handles sending the IP information between the
two
> subnets.

> What I've shown here explains how to allow more than one subnet to
> communicate where the router is connecting two logical subnets on the same
> medial. What we are interested in is what happens when you are expanding
the
> network over a larger physical area, using more switches/hubs, but not
more
> routers.

>             pc21  pc22  pc23
>                 \         |     /
> router-----Hub/Switch ---------Hub/Switch
>      |_____/                                /         |        \
>                                             pc11   pc12   pc13

> This again is the same diagram in a logical sense, even though it
physically
> lays out differently. As long as you connect one side as an Uplink
> connection for the interconnecting cable between the two hub/switches,
this
> works exactly the same way as before. In other works, if you obey the
rules
> of cascading between hubs/switches as far as the cabling goes, the logical
> connection of the workstations is not affected. These two network groups
> will communicate between each other *physically* because there's this
cable
> between the two hub/switches, but the logical connection happens because
the
> router on the end is routing traffic for one subnet back to the switch
once
> it has been translated to the other subnet. The router is the key to
> connecting the two network logically.

> Now, what happens if you connect the exact same thing as above, but
instead
> of the router shown above, you connect the SBS using two interfaces, just
as
> above indicates?

> Like this:

>             pc21  pc22  pc23
>                 \         |     /
> SBS-----Hub/Switch ---------Hub/Switch
>      |_____/                                /         |        \
>                                             pc11   pc12   pc13

> [Note: I'm intending for you to imagine the SBS has two NICs, each of the
> NICs is using a different subnet (they aren't both on a particular common
> subnet like load-balancing attempts might imply).]

> Let me first state....don't do this, at least, in a production
environment.
> Don't connect two NICs to your SBS and try to put LAN clients on each
subnet
> used by the SBS. What I'm showing is legal as far as TCP/IP transport is
> concerned, but it causes problems if you try to bind an SBS to two NICs,
> both trying to use Microsoft Networking to browse two different subnets at
> the same time. This is actually a complication you want to avoid, but as
an
> intermediate illustration, you will see where I am going in just a second.

> I've substituted the SBS for the router that was linking two subnets to
make
> the point that the SBS is actually able to connect and use TCP/IP to
> communicate in more than one subnet while both NICs are on the same
> hub/switch, but I'm not really interested in using MS Networking this way,
> just  basic TCP/IP. What I really want is to have all the LAN workstations
> on a single subnet, connected by a cascade of hub/switches, but I want a
web
> connected router to link my SBS to the web using a dedicated NIC for that
> purpose, like this:

>             pc21  pc22  pc23
>                 \         |     /
> SBS-----Hub/Switch ---------Hub/Switch ------WebRouter--->web
>      |_____/                                /         |    \

...

read more »

 
 
 

one last newbie broadband/router question....

Post by Jeff Middleton [SBS MVP » Wed, 04 Dec 2002 13:24:04


I'm grateful for the recirculation of great ideas and the inspiration of
alternate viewpoints myself. Sometimes, I find it a challenge to bring a
different perspective, so I thank you for the correct answer leaving room
for me to expose an alter-view on the possibilities. Truth told, I've used
this technical concept more than I like to admit for the simple reason that
it works, it's free, and it works.

"Merv Porter" <mwp...@hotmail.com> wrote in  message
news:O3kIPTimCHA.688@tkmsftngp07...

> Absolutely excellent analysis!  This is why I stick around this NG - I'm
> always learning new ways of looking at problems.

> So, now John needs to come back so we can talk about his network setup and
> the answers to some of Mark's questions.

> Thanks for the tutorial Jeff.

> Merv
> ============
> "Jeff Middleton [SBS-MVP]" <j...@cfisolutions.com> wrote in message
> news:uZvXK4hmCHA.2360@tkmsftngp07...
> > Technically, Merv, John doesn't need to do either of those, he can in
fact
> > configure his SBS in the manner he has suggested. Merv's suggestion
> > simplifies a manner to envision the connections, but it isn't necessary
to
> > run a dedicated cable, or move the server.

> > The point I'm making is that there is no rule of networking that limits
> you
> > to running only a single subnet on a cable, or a switch, or hub, or on
> your
> > SBS connected LAN. As an example, let's suppose you run a small computer
> lab
> > for a school, and you want to setup a 24 port hub/switch to support 24
> > students, but break the class into 6 independent groups. You can do this
> by
> > isolating groups of 4 computers into one of six independent subnets.
Note,
> > I'm intentionally choosing an example where I don't want typical network
> > traffic between each of the six groups, only between the four computers
of
> > each respective "subnet workgroup". I can choose any convenient subnets,
> but
> > suppose I just do the simple approach of using:

> > 10.0.1.x
> > 10.0.2.x
> > 10.0.3.x
> > 10.0.4.x
> > 10.0.5.x
> > 10.0.6.x

> > Assuming that in all cases a subnet mask of 255.255.255.0 is used, this
> > means that any computer numbered in one of the subnets above can
actually
> be
> > part of 254 host subnet using an IP of 1-254 in that subnet, even though
I
> > only intend to use 4 IPs in each subnet. The point is that a computer
> using
> > 10.0.1.2 could talk to a computer using any other IP in 10.0.1.x, but
not
> to
> > any computer using a different subnet from the list above.

> > The result of my "lab design" is that my workgroups of four computers
act
> as
> > if they are the only workstations on the wire, even though I have 6
> > different groups running this way at the same time. For practical
matters,
> > there are conditions where the combined use of the single cable could
> affect
> > or interact with the other groups. The most obvious is that all of the
> > computer are limited by the maximum bandwidth of the wire, or
hub/switch,
> so
> > a massive file transfer would slow all users, but they wouldn't
> necessarily
> > be able to see the traffic without a packet sniffer. Another case of
> > interaction is for any broadcast traffic like a DHCP

announcement/request

- Show quoted text -

> > since the point of DHCP is to provide a computer *not yet in a subnet*
> with
> > the ability to request an IP to use. You couldn't use DHCP in this
> > arrangement unless you wanted to either get extremely sophisticated in
the
> > use of MAC hardware addresses to control allocation, or put any DHCP
> client
> > into a single subnet.

> > The point I'm trying to make here is that the reason that TCP/IP allows
> for
> > both IP and subnet mask assignment is to allow for breaking up a network
> in
> > a manner that suits your logical needs. The most common reason to use a
> > subnet mask is to connect between "routed subnets", but you can also use
> > subnets to isolate normal traffic on the very same media.

> > As a result, it would be possible to connect the SBS using either a
> primary
> > NIC or secondary NIC to a router in the manner that John requested, and
it
> > could still carry the majority of the security needs wanted in the
> > configuration.....provided you understand what is going on.

> > I'm betting the actual problem is more likely an issue of not properly
> > configuring the gateway routing between the SBS and the router.

> > ------------------

> > Let me expand the discussion a little to reveal what I mean.

> > In the above, I offer the example of 6 different workgroups using the
same
> > "cable" to communicate in 6 different, independent workgroups. Even if
you
> > name each workgroup something common like "OURGROUP", only the four
> computer
> > in the same respective subnet would see each other. Naming them
> differently
> > would clarify more about the activity only for the convenience of the
> > administrator, not the network functions, simply because the
workstations
> > wouldn't communicate across subnets or workgroups unless that ability is
> > added to the network in some manner. How you accomplish that is called a
> > "router".

> > Let's talk about what it means to use a router to connect between
subnets.
> > Typically, a router is used to connect between totally independent
"LANs",
> > where the router is the only common link provided. You might have
> something
> > like this:

> > Hub/Switch ------Router----------Hub Switch
> >  /         |        \                                 /         |
\
> > pc11   pc12    pc13                  pc21   pc22    pc23

> > The fact is, you can actually have a single hub/switch with all the PCs
> > connected to it, some in the first subnet, some in the second subnet,
and
> > they will not be able to communicate between each other in normal
manner.
> > However, if you add the router and connect *both* interfaces of the
router
> > to the very same hub/switch, then configure the router interfaces to the
> > respective different subnets, now you can communicate between all
> computers.
> > In fact, the configuration of the LAN where you "stack" subnets on the
> same
> > media is no different that how you would configure the above as
indicated
> in
> > the diagram as two LANs using independent hub/switches linked
exclusively
> by
> > the router. The only difference is that the diagram above indicates how
> you
> > would link two subnets *and* two separate media networks using the
router.
> > If the router were connected to a single hub/switch on both interfaces,
> it's
> > really doing the exact same job, but now the hub/switch is handling the
> > logical traffic for more than one subnet, but all on the same media.

> > If that makes sense, you would now have this:

> >             pc21  pc22  pc23
> >                 \         |     /
> > router-----Hub/Switch -----pc13
> >      |_____/         |        \
> >                        pc11   pc12

> > [note: the router above is linked on both interfaces to the same
> hub/switch,
> > and the router is not trying to connect the LAN to the web, it is in
fact
> > connecting one "subnet" of computers to another subnet of computers,
both
> > physically on the same network, but not logically on the same network
due
> to
> > the IP subnets being different.]

> > The result is the same in a TCP/IP logical configuration as the diagram
> > further above. The router handles sending the IP information between the
> two
> > subnets.

> > What I've shown here explains how to allow more than one subnet to
> > communicate where the router is connecting two logical subnets on the
same
> > medial. What we are interested in is what happens when you are expanding
> the
> > network over a larger physical area, using more switches/hubs, but not
> more
> > routers.

> >             pc21  pc22  pc23
> >                 \         |     /
> > router-----Hub/Switch ---------Hub/Switch
> >      |_____/                                /         |        \
> >                                             pc11   pc12   pc13

> > This again is the same diagram in a logical sense, even though it
> physically
> > lays out differently. As long as you connect one side as an Uplink
> > connection for the interconnecting cable between the two hub/switches,
> this
> > works exactly the same way as before. In other works, if you obey the
> rules
> > of cascading between hubs/switches as far as the cabling goes, the
logical
> > connection of the workstations is not affected. These two network groups
> > will communicate between each other *physically* because there's this
> cable
> > between the two hub/switches, but the logical connection happens because
> the
> > router on the end is routing traffic for one subnet back to the switch
> once
> > it has been translated to the other subnet. The router is the key to
> > connecting the two network logically.

> > Now, what happens if you connect the exact same thing as above, but
> instead
> > of the router shown above, you connect the SBS using two interfaces,
just
> as
> > above indicates?

> > Like this:

> >             pc21  pc22  pc23
> >                 \         |     /
> > SBS-----Hub/Switch ---------Hub/Switch
> >      |_____/                                /         |        \
> >                                             pc11   pc12   pc13

> > [Note: I'm intending for you to imagine the SBS has two NICs, each of
the
> > NICs is using a different subnet (they aren't both on a particular
common
> > subnet like load-balancing attempts might imply).]

> > Let me first state....don't do this, at least, in a production
> environment.
> > Don't connect two NICs to your SBS and try to put LAN clients on each
> subnet
> > used by the SBS. What I'm showing is legal as far as TCP/IP transport is
> > concerned, but it causes problems if you try to bind an SBS to two NICs,
> > both trying to use Microsoft Networking to browse two different subnets
at

...

read more »

 
 
 

one last newbie broadband/router question....

Post by John Q Gace » Wed, 04 Dec 2002 21:08:24


Many Thanks for this wonderful article, it helped my understanding a lot!

In article <uZvXK4hmCHA.2360@tkmsftngp07>,
 "Jeff Middleton [SBS-MVP]" <j...@cfisolutions.com> wrote:

> Technically, Merv, John doesn't need to do either of those, he can in fact
> configure his SBS in the manner he has suggested. Merv's suggestion
> simplifies a manner to envision the connections, but it isn't necessary to
> run a dedicated cable, or move the server.

> The point I'm making is that there is no rule of networking that limits you
> to running only a single subnet on a cable, or a switch, or hub, or on your
> SBS connected LAN. As an example, let's suppose you run a small computer lab
> for a school, and you want to setup a 24 port hub/switch to support 24
> students, but break the class into 6 independent groups. You can do this by
> isolating groups of 4 computers into one of six independent subnets. Note,
> I'm intentionally choosing an example where I don't want typical network
> traffic between each of the six groups, only between the four computers of
> each respective "subnet workgroup". I can choose any convenient subnets, but
> suppose I just do the simple approach of using:

> 10.0.1.x
> 10.0.2.x
> 10.0.3.x
> 10.0.4.x
> 10.0.5.x
> 10.0.6.x

> Assuming that in all cases a subnet mask of 255.255.255.0 is used, this
> means that any computer numbered in one of the subnets above can actually be
> part of 254 host subnet using an IP of 1-254 in that subnet, even though I
> only intend to use 4 IPs in each subnet. The point is that a computer using
> 10.0.1.2 could talk to a computer using any other IP in 10.0.1.x, but not to
> any computer using a different subnet from the list above.

> The result of my "lab design" is that my workgroups of four computers act as
> if they are the only workstations on the wire, even though I have 6
> different groups running this way at the same time. For practical matters,
> there are conditions where the combined use of the single cable could affect
> or interact with the other groups. The most obvious is that all of the
> computer are limited by the maximum bandwidth of the wire, or hub/switch, so
> a massive file transfer would slow all users, but they wouldn't necessarily
> be able to see the traffic without a packet sniffer. Another case of
> interaction is for any broadcast traffic like a DHCP announcement/request
> since the point of DHCP is to provide a computer *not yet in a subnet* with
> the ability to request an IP to use. You couldn't use DHCP in this
> arrangement unless you wanted to either get extremely sophisticated in the
> use of MAC hardware addresses to control allocation, or put any DHCP client
> into a single subnet.

> The point I'm trying to make here is that the reason that TCP/IP allows for
> both IP and subnet mask assignment is to allow for breaking up a network in
> a manner that suits your logical needs. The most common reason to use a
> subnet mask is to connect between "routed subnets", but you can also use
> subnets to isolate normal traffic on the very same media.

> As a result, it would be possible to connect the SBS using either a primary
> NIC or secondary NIC to a router in the manner that John requested, and it
> could still carry the majority of the security needs wanted in the
> configuration.....provided you understand what is going on.

> I'm betting the actual problem is more likely an issue of not properly
> configuring the gateway routing between the SBS and the router.

> ------------------

> Let me expand the discussion a little to reveal what I mean.

> In the above, I offer the example of 6 different workgroups using the same
> "cable" to communicate in 6 different, independent workgroups. Even if you
> name each workgroup something common like "OURGROUP", only the four computer
> in the same respective subnet would see each other. Naming them differently
> would clarify more about the activity only for the convenience of the
> administrator, not the network functions, simply because the workstations
> wouldn't communicate across subnets or workgroups unless that ability is
> added to the network in some manner. How you accomplish that is called a
> "router".

> Let's talk about what it means to use a router to connect between subnets.
> Typically, a router is used to connect between totally independent "LANs",
> where the router is the only common link provided. You might have something
> like this:

> Hub/Switch ------Router----------Hub Switch
>  /         |        \                                 /         |        \
> pc11   pc12    pc13                  pc21   pc22    pc23

> The fact is, you can actually have a single hub/switch with all the PCs
> connected to it, some in the first subnet, some in the second subnet, and
> they will not be able to communicate between each other in normal manner.
> However, if you add the router and connect *both* interfaces of the router
> to the very same hub/switch, then configure the router interfaces to the
> respective different subnets, now you can communicate between all computers.
> In fact, the configuration of the LAN where you "stack" subnets on the same
> media is no different that how you would configure the above as indicated in
> the diagram as two LANs using independent hub/switches linked exclusively by
> the router. The only difference is that the diagram above indicates how you
> would link two subnets *and* two separate media networks using the router.
> If the router were connected to a single hub/switch on both interfaces, it's
> really doing the exact same job, but now the hub/switch is handling the
> logical traffic for more than one subnet, but all on the same media.

> If that makes sense, you would now have this:

>             pc21  pc22  pc23
>                 \         |     /
> router-----Hub/Switch -----pc13
>      |_____/         |        \
>                        pc11   pc12

> [note: the router above is linked on both interfaces to the same hub/switch,
> and the router is not trying to connect the LAN to the web, it is in fact
> connecting one "subnet" of computers to another subnet of computers, both
> physically on the same network, but not logically on the same network due to
> the IP subnets being different.]

> The result is the same in a TCP/IP logical configuration as the diagram
> further above. The router handles sending the IP information between the two
> subnets.

> What I've shown here explains how to allow more than one subnet to
> communicate where the router is connecting two logical subnets on the same
> medial. What we are interested in is what happens when you are expanding the
> network over a larger physical area, using more switches/hubs, but not more
> routers.

>             pc21  pc22  pc23
>                 \         |     /
> router-----Hub/Switch ---------Hub/Switch
>      |_____/                                /         |        \
>                                             pc11   pc12   pc13

> This again is the same diagram in a logical sense, even though it physically
> lays out differently. As long as you connect one side as an Uplink
> connection for the interconnecting cable between the two hub/switches, this
> works exactly the same way as before. In other works, if you obey the rules
> of cascading between hubs/switches as far as the cabling goes, the logical
> connection of the workstations is not affected. These two network groups
> will communicate between each other *physically* because there's this cable
> between the two hub/switches, but the logical connection happens because the
> router on the end is routing traffic for one subnet back to the switch once
> it has been translated to the other subnet. The router is the key to
> connecting the two network logically.

> Now, what happens if you connect the exact same thing as above, but instead
> of the router shown above, you connect the SBS using two interfaces, just as
> above indicates?

> Like this:

>             pc21  pc22  pc23
>                 \         |     /
> SBS-----Hub/Switch ---------Hub/Switch
>      |_____/                                /         |        \
>                                             pc11   pc12   pc13

> [Note: I'm intending for you to imagine the SBS has two NICs, each of the
> NICs is using a different subnet (they aren't both on a particular common
> subnet like load-balancing attempts might imply).]

> Let me first state....don't do this, at least, in a production environment.
> Don't connect two NICs to your SBS and try to put LAN clients on each subnet
> used by the SBS. What I'm showing is legal as far as TCP/IP transport is
> concerned, but it causes problems if you try to bind an SBS to two NICs,
> both trying to use Microsoft Networking to browse two different subnets at
> the same time. This is actually a complication you want to avoid, but as an
> intermediate illustration, you will see where I am going in just a second.

> I've substituted the SBS for the router that was linking two subnets to make
> the point that the SBS is actually able to connect and use TCP/IP to
> communicate in more than one subnet while both NICs are on the same
> hub/switch, but I'm not really interested in using MS Networking this way,
> just  basic TCP/IP. What I really want is to have all the LAN workstations
> on a single subnet, connected by a cascade of hub/switches, but I want a web
> connected router to link my SBS to the web using a dedicated NIC for that
> purpose, like this:

>             pc21  pc22  pc23
>                 \         |     /
> SBS-----Hub/Switch ---------Hub/Switch ------WebRouter--->web
>      |_____/                                /         |    \
>                                           pc24   pc25   pc26

> [Note: Now I'm intending for you to imagine the SBS has two NICs, each of
> the NICs is still using a different subnet. However, in

...

read more »