CLEO Thread, Lancashire Schools firewall setup in Regional Broadband Consortiums (RBC); After traditionally running NAT at our perimeter for 10 years to give use internal flexibility it seems the only way ...
After traditionally running NAT at our perimeter for 10 years to give use internal flexibility it seems the only way to get the lightspeed client to work properly is to be on a valid 10.X.X.X ip. I know they mentioned about changing our IP addresses in the lead up to this but I thought there would be a way round this.
What I want to know is what do other Lancashire schools have at the edge of the network as the only way I can currently see this working is if you are going direct to the router unless you have had some modification to your layer 3 Cisco switch and the network is pretty much flat and no extra VLANs are in place. I would love to hear what the current config that people are running, we had a recent thread about which ranges we are all using etc but I would like some more information for some inspiration or options I am not aware of. I was going to subnet up my Curriculum range but the edge router/switch is not going to know about these extra subnetworks and is always going to assume they are on the same network and therefore send an arp request, rather than go to the next hop so this is never going to work.
So please post up your setups or any ideas for future setups, that you know are going to work.
I'd be interested in this as well, any Lancs schools I've come across normally either runs as yours did or runs on the supplied ranges, but these have been small enough to manage on one flat network. Would be interesting to see how others on a scale that needs it have done it?
I've almost reconfiguring my client IP ranges. I have managed to retain my firewall and my internal VLANs. I sent a proposal to BTLS to subnet up my existing range and use my 'external' firewall IP as the next hop. They decided that it would be to messy to advertise all of those networks so what they did is give me another range of 10.x.x.x and pointed a route to that at my firewall IP. I then subnetted that up for my internal VLANs for the client computers. It's all working well now and I am happy with the result.
My configuration is because of security and not because of a particular size although it helps to be able to segment certain traffic.