[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Advice Please - Extending a Network



Philip,

For this new fast ethernet (100Mb) network you're putting in place you'll
almost certainly be buying new fast ethernet compatible switches anyway.
These are usually 10/100 compatible anyway.  You can just connect your old
ethernet II/802.3/SNAP (10Mb) network into one of the ports on one of the
new switches.  Switches are designed to do lots of clever stuff, including
ethernet level routing (often using "spanning tree" to allow loops in the
networks), full duplex and autosensing
(http://www.howstuffworks.com/lan-switch.htm).  If you have to buy very dumb
switches or hubs (because of cost) that won't allow mixed speeds then this
won't work.

Remember, as John Andersen says you only need one autosensing switch to
connect together the ethernet II/802.3/SNAP LAN segment and the fast
ethernet segment, even if you can't afford the benefits of a switch for the
entire fast ethernet network.  Think though that the switch is a critical
point of failure for the whole network and I've seen cheap switches that pop
out every few months leaving the users puzzled and in a panic until the
switch is power cycled!

If the hardware solutions described are not an option then you have two
options using Linux (i) seperate subnets or (ii) a bridge.  The latter
consists of extra modules in the kernel which effectively turn your box into
a switch, thus saving the expense, and all LAN traffic goes across both
segments.  Alternatively split the LAN into two subnets, have two IP
addresses, one for each NIC and have DHCP serve different IP addresses to
hosts on each segment.  This is more traditional in some ways but can be
annoying for users, depending on what applications they use.  For instance
if they are SMB clients that want to browse a "Network Neighbourhood" then
you'll need to implement a WINS server (and possibly a domain server) to
keep the two subnets talking to each other.

Carl Peto
Linux Server Support
Bookman Associates


----- Original Message ----- 
From: "John Andersen" <jsa@xxxxxxxxxxxxxx>
To: <suse-security@xxxxxxxx>
Cc: "Philip B Cook" <philipbcook@xxxxxxxxxxxx>
Sent: Saturday, January 10, 2004 9:56 AM
Subject: Re: [suse-security] Advice Please - Extending a Network


> On Friday 09 January 2004 23:07, Philip B Cook wrote:
> > I have an existing local network connected using 'old' ethernet nics and
> > coax cabling. It is connected via a Linux 8.2 machine to the internet on
a
> > Broadband Cable Modem.
> >
> > The Linux machine is a gateway and runs DHCP, DNS, Squid, SuSEFirewall2,
> > Samba to provide services to the network.
> >
> > I want to progressively migrate the local connections to 100 Mb/s
Twisted
> > Pair, so during the transition I shall have a third nic in the machine
with
> > some hosts on the coax and some on the RJ45/100 Mb/s
> >
> > How do I configure the services to support the additional local network,
> > with minimum disruption to the existing (unmigrated hosts).
> >
> > The Linux machine has a fixed IP address in the local net
(192.168.0.101)
> > and allocates IP addresses in the range 192.168.0.102-199.
> >
> > I want all the hosts to continue to 'see' one another during the
> > transition.  Can I uses similar addresses on the new subnet (e.g. set
the
> > nic as 192.168.0.201 and assign addresses 192.168.0.202-299) or do I
need
> > to use a new subnet (e.g 192.168.1.xxx)
> >
> > Many thanks for specific advice or some pointers to where to find the
> > answers.
> >
> > Philip
>
> Don't add another nic, It complicates matters beyond need.
>
> Replace your existing server nic with a 10/100 nic, any one will do,
> intel works nice, as do most of the $10 nics.
>
> Go down to the computer store and find a  SMALL (5port) 10/100 switch
> (or hub).  If lucky, you will find one with a cat5 port as well as a coax
> port.  Connect coax to it, and plug your server into one of the cat
> 5 ports, or any combination of that which works.
>
> Remember, all you want this cheap hub/switch for is its coax port.
> So if you can't find one, buy one without a coax port and offer it in
> trade to anyone who has an older hub which almost always had
> coax ports.
>
> Since you will be buying a big switch to handle the whole house
> anyway, make sure its 10/100 autosensing, and you can
> plug any old 10meg hub into it to carry the load till you
> cut over.
>
> Don't add another nic, its just more routeing problems than
> you need.
>
> -- 
> _____________________________________
> John Andersen
>
> -- 
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here