Need some tips in reorganizing our LAN.

Mark Jayson Alvarez jay2xra at yahoo.com
Thu Mar 30 06:09:51 UTC 2006 


Benjamin Lutz <benlutz at datacomm.ch> wrote: Hello jay,


I see no place for a wireless network in a professional network. It's hard to 
secure it (it's possible, encrypted-VPN-over-WLAN works, but it's difficult 
and expensive to set up). Stick with a wired LAN, and there'll be one 
security threat less that you have to worry about.

 No, problem with this as we already have wireless authentication wherein users are forced to login before accessing proxy servers.
 
 
 
 Keep in mind that a DHCP server needs to be in the same subnet it serves. 
Other services do not have this requirement.

  So you mean, If I have 1 pc router that has maximum of 8 lan ports, I can't do dhcp on 8 networks?? Let's say, dhcp will listen on each interface and serve only the assigned subnets....
 
 It sounds like you're planning to have all subnets connected through this one 
FreeBSD box. This is not necessary. You can put a router in between subnets, 
and have that one located elsewhere, where it's more convenient. 
   
  
 My partner say that having a separate pc router for each subnet and placing it in their designated area is not an option. He said we should try having a redundant/failover central pc router instead. If we were to deploy 5 or more of those, we should put it somewhere we can access it easily.. that is.... here in our NOC, at the 3rd floor. Unfortunately, we don't have much space left for tower pc's unless we can afford to buy rackmounted servers... Even purchasing those 5 servers will be a big issue....
 
 
 
And here's another thought: reliability and redundancy. Computers fail. If you 
have one central router that everything goes through, not only is it a 
performance choke point, but it'll also bring the whole agency to a 
standstill if it should fail. Maybe there isn't a better way to do things 
given your resources, but if there is, try to limit the impact of potential 
failures. Distribute things like routing, and most of the network will keep 
working if one machine fails. Or, if you can, make things redundant.

Cheers
Benjamin
 
 I have attached here our current lan setup...
 
 

		
---------------------------------
New Yahoo! Messenger with Voice. Call regular phones from your PC for low, low rates.

More information about the freebsd-questions mailing list