Sign in to follow this  
boolean

Business networks - IP confusion

Recommended Posts

I’m confused when it comes to business networks. At my old home the internet setup looks like: Cable modem---->Router---->Users Now at my new building with 200 people, the setup is more like (as far as I can tell): Cable modem---->Physical Firewall (from Sonicwall, although I don't know which one)----->Network switches---->Users The things I'm confused about are: 1) What takes over the role of the router? Do the switches assign IPs? 2) In my building we have the Firewall also marked as the same IP as the Gateway and the DHCP server. Do these business type firewalls take over the role of the router, assigning IP's, acting as a DHCP server, and the switches are invisible as far as the network is concerned? 3) If business firewalls don't control any of this stuff, who assigns the IPs for the network? Where does the DHCP server sit? Blarg, I’m all confuzzled [dead]

Share this post


Link to post
Share on other sites
I'm no expert on networks, but I can answer some of it based on the setup we have. Our firewall does nothing but do it's job as a firewall and your DHCP server is what actually hands out the IP addresses to your devices.

We have our setup like this:
Modem->Router->Firewall->Switch->Users

The reason we have a router between the modem and the firewall is so we can bypass the firewall and have a direct connection to the outside when needed (bypass the network). For example, we use video phones and those need public IP addresses. When you setup your network you usually setup a public IP address on your firewall, but this would work for one VP and no more.

Like I said, we have a pulic IP address on our firewall. This way we can access our exchange server or whatever we need to do from any external PC over the Internet. So we can do the normal mail.domain.com for remote connection, mail.domain.com/exchange for email access, etc.

If I remember correctly, our DHCP server sits on our DC (Domain Controller).

DHCP Server - Assign IP addresses to devices (computers, phones, etc.)
Firewall - Does nothing but keep unwanted traffic off of your network.

Share this post


Link to post
Share on other sites
^^

AH! Brilliant! That's explains a lot then.

So with my old internet, the router we had also controlled the DHCP list. Is it common that some business networks manage the DHCP through the router instead of having a dedicated DHCP server, or would that really only be applicable in small user situations?

Share this post


Link to post
Share on other sites
Quote:
Original post by boolean
^^

AH! Brilliant! That's explains a lot then.

So with my old internet, the router we had also controlled the DHCP list. Is it common that some business networks manage the DHCP through the router instead of having a dedicated DHCP server, or would that really only be applicable in small user situations?


Usually home users let their router manage the DHCP since they really don't need a network. For instance, they just leave it setup as a gateway. However, I rarely see it in a business unless they are too cheap. The one company I do business for actually just threw in a wide open wireless router and they run all of their computers (expect the server) off of it. They were too cheap to pay me to run the Cat5e wire and do it right. I would say a very small business could get away with that if there is no real network model. If there is a file server, exchange, etc. then it would be a good idea to have it.

Anyway, you really don't need a dedicated server for it though. Every network has to have a domain controller where the sctive directory forest sits (to validate logins, manage computers, etc.). You can have the DNS and DHCP on that server as well. The only thing we have a dedicated server for is our exchange server because you never want to have that sitting on your domain controller. Exchange uses active directory too, but it just replicates the domain controllers active directory forest.

Share this post


Link to post
Share on other sites
You get all of the IP information from your ISP provider. You should get a WAN IP, subnet, default gateway, primary DNS, and a secondary DNS. This will all go into your firewall. Then after you have it all setup you will have to specify a LAN IP (device IP). For instance, ours is 192.168.1.254 (the gateway) and this his how you can reference it on your network. So if you needed to change the settings you would do it just like a router. Go into Internet Explorer and type http://192.168.1.254/ put in your username and password and your in. Also, our firewall has 8 ports, a DMZ port, and an Internet port. The only things plugged into it is the uplink into the Internet port and the out (the ethernet cord going from port 1 to the network switch).

Share this post


Link to post
Share on other sites
The network i'm running has the firewall that is also a router.
So it goes Modem (which provides the WAN IP from the ISP) -> Firewall/router ->Switches

We have one server for DHCP, which is also the DC and DNS. You can have the router/firewall do the DHCP, but for larger networks this would be a nightmare. With DHCP setup through a server you get a lot more control over it. so to answer you questions in order:
1.)Switches never assign ip's, they only ever forward packets to their destination. You can have a server takeover the job of DHCP for the router, even better you can create a router from a server (not usually needed).
2.) I'm assuming yours is also a firewall/router combo then. You can have a pure firewall, but in most economical cases, even for businesses, they will be clumped together into one device. If your firewall is also registered as the gateway, then it must be acting as a router. Switches are pretty much invisible, depending on your switches you can get pretty advanced, but as far as the rest of the network is concerned they don't exist.
3.) Just as a domain controller can act for DNS, they also can do DHCP, and on larger networks this is the preferred method.

"So with a DC running, could that assign the firewall it's IP for the network?"

If it is a firewall/router combo it will be assigned two ip addresses, a WAN and a LAN address. If it is just a pure firewall it will only be assigned a LAN address. The WAN address is always assigned by the ISP, and for business use is static. The LAN ip is usually given a default address like 192.168.1.1...etc. However every firewall and router i've seen allow you to alter this value.

Share this post


Link to post
Share on other sites
We use to use a combo as well. However, if I remember correctly, we had issues with it so we went to the dedicated firewall. Our network would run fine for about a month then it would come to a crawl. Here to find out the firewall/router combo had a cache that would fill up. So once a month we would have to unplug it and plug it back in to clear the cache. Now we use Linksys RV082 and it seems to work pretty well for the size of our company (around 60 workstations).

Share this post


Link to post
Share on other sites
Sign in to follow this