expanding our network with a router

[pthomass]

Hi,

we have an existing network here and would like te expand it by inserting a router.

the network is as follows:

We have one incoming cable that is connected to the uplink of a Level1 switch. From this switch, we have several other switches and a Novell server with a DHCP server.

We have 49 IP adresses that we can distribute. the DHCP server will do this. So all computer that are connected to the switches will get their IP adres from that DHCP server. The 49 adresses are given to us from an IT service.

Now we want to do the following. We want to insert a router in this network to expand the IP adresses.

So in my theory the routers front-end will get an IP adress from the Novell server.

The back-end of the router(with its own DHCP server) will then be able to distribute a new range of IP adresses over its 4 LAN ports. Connecting switches to these ports will expand the network.

Is my theory correct? Is it possible to have the front-end IP 172.17.120.50 and the back-end IP range 192.168.1.xxx ?

Do the subnets on both ends have to be the same?

Is it possible to simply go through the router to connect to the novell server that will be on the front-side of the router?

Can anyone help??

These are the routers that we wanted to use:

http://level1.com/products3.php?sklop=10&id=560146

http://level1.com/products3.php?sklop=12&id=560156

[Scarecrow Man]

You should read HCA's Networking Fundamentals.

http://forums.neoplanet.co.uk/index.php?showtopic=13725

"Is my theory correct? Is it possible to have the front-end IP 172.17.120.50 and the back-end IP range 192.168.1.xxx ?

Do the subnets on both ends have to be the same?"

Quick answer, yes.

Long answer would require more information. Basically, the router is doing to broadcast the 172.17.120.50 out and anything on the inside of the router can be whatever you want it to be. I do suggest a NAT router, as this will provide quite a bit of security.

Basically, your router will make a table of hosts it knows about. When a packet is sent out, it records where it was sent from, and when the reply comes back it sends it to that address.

I will get more info for you and reply later on.

EDIT: Those are both broadband routers. They are for home use to split an incomming cable/dsl modem to 4 computers. They are probably not going to provide the functionality you are looking for.

[pthomass]

Thank you for your answer. I do know the basics on how a router works. Only I've come across them as in terms of splitting the cable/ADSL line that comes in.

I do not quite know how it is implemented in an existing network to expand the IP range.

I do wish to stick to Level1 products for now.

EDIT: Those are both broadband routers. They are for home use to split an incomming cable/dsl modem to 4 computers. They are probably not going to provide the functionality you are looking for.

That answer is one of the reasons that I wanted a second or third opinion. Someone (from a computer shop) told me that I can use both these products for the things I explained earlier.

I do know that an ADSL router has an intern modem for the ADSL line. And a broadband router doesn't have that. Normally I could use a broadband router for my purpose, I guess. Because there is a DHCP server in my network and he distributes IP adresses. So the router will get an IP adress, there is a subnet, the gateway is also known and the DNS servers are also known.

Why can't I use those products? I do not know for sure, thats why I came for help.

Thanks in advance

[Scarecrow Man]

You can use those routers. I am not saying you cannot. I am just saying they are not business level routers.

If you are just trying to expand your network, they will probably serve that purpose. Although, adding a switch will also give you more links.

[pthomass]

The switch only provides me with more cables to connect to. I need extra IP-adresses. So a router is needed. I the degree of business level, we are on the inside of a major network, but the IT-service is not that helpfull.

On the otherhand, they are responsible for the business level security. But I'm looking for a router that has a firewall inside. You'll never know when that can come in handy.

Thank you for your help. I've also send an email to Level1. Their first respons was that I can use one of the mentioned products. the other has an internall modem and that is not recommended.

I've asked them now which products would best suite my needs.

Thanks again for your help and time...

Greetz

Peter

[scuzzman]

You could also just use an old PC with dual NICs and an installed Linux distro like SmoothWall, and a switch for the extra ports. Smoothwall is a specialized distro for firewalling and packet routing, with a DHCP server. It also has a web-based configuration interface and a very simple installation.

[homecomputeraid]

pthomas,

I recommend having the 'outside', or 'public', or 'WAN' (many names for the same port on your Router/Firewall) side of the router or firewall obtain its address directly from your ISP. It sounds like you have a static public IP, or a pool of public IP's you can choose from. Work with your ISP on this and let them know what you want to do. I definitely recommend having a firewall between your LAN and the Internet!

Once you have the Router/Firewall in place, I would use a private network scheme behind, or 'inside' the firewall. If there is a real need to have any of your devices visible from the Internet (a web server or mail server for example) I would use Network Address Translation to give them a private IP address which the Router/Firewall 'translates' to its public IP, making it look to the Internet like the device is directly connected. In fact, it's best to put web servers, mail servers, etc. in a DMZ.

[edit] In my proposed solution above, you would change the DHCP scope on your server to issue addresses in a private range, and set it to permit more hosts. For more on Private Addresses, click here:

http://www.rfc-editor.org/rfc/rfc1918.txt

Private IP's are in the ranges of:

10.0.0.0 - 10.255.255.255 (10/8 prefix)

172.16.0.0 - 172.31.255.255 (172.16/12 prefix)

192.168.0.0 - 192.168.255.255 (192.168/16 prefix)