0

I have a background in software engineering and am in the process of trying to network a system I have built. There are two networks (A and B) that use the same static IP addresses:

  • 10.251.2.2
  • 10.251.2.5
  • 10.251.2.11

On one network A, I have a surveillance camera with IP address 192.168.1.250. Network B, surveillance camera with IP address 192.168.1.251. I have two laptops, one for network A and one for network B. Each laptop has two NICs. Laptop A has addresses:

  • 10.251.2.5
  • 192.168.1.10

Laptop B has addresses:

  • 10.251.2.5
    • 192.168.1.11

The server has the address 192.168.1.5. I would like to keep the 10.2.251.X network the same, so production doesn’t have such a big job building say, a ten unit system. I need the cameras to communicate on the server network 192.168.1.X, so the server can serve the images. I have a layer 3 switch I am attempting to configure with multiple VLANs and forward traffic to different ports to try and keep things isolated while also communicating properly. I am using Access-List with a cisco catalyst 2960.

I think I need a sanity check. I am doing the right thing here? Is the layer three switch, in general, capable of doing what I need?

Thank you.

Edit: Hmm, need 10 reputation to post a network diagram. Maybe a better way of phrasing the question is, can I use a layer three switch to setup VLANs and forward only certain IP traffic to specific ports to keep the two 10.251.2 networks isolated, yet still collect 192.168.1 traffic?

Edit: Uploaded to some hosting site per Svens comment:

enter image description here

Mark Henderson
  • 68,316
  • 31
  • 175
  • 255
Johnny
  • 11
  • 1
  • 3

2 Answers2

6

Your network appears to be a complete mess -- multiple networks using the same IP Subnets is going to confuse the hell out of the Router. Even if you do manage to get the router to somehow co-operate, you're definitely going to confuse anyone else looking at your network.

For example, if 10.251.2.11 opens a connection to 192.168.1.5 by sending a TCP SYN packet. The server replies with a SYN ACK -- how do you expect the router to know which 10.251.2.11 to send that packet to -- "Network A" or "Network B"?

Not to mention you've got the 192.168.1.0/24 and 10.251.2.5/24 (I'm assuming you're using /24 networks since most people who don't specify are) subnets together in a third network -- that poor router has no idea what's going on.

I think I need a sanity check. I am doing the right thing here?

Almost certainly not.

fukawi2
  • 5,327
  • 3
  • 30
  • 51
  • OK, great. Can you propose an alternative? Should I change Network A to say, 10.251.1.X and Network B to 10.251.2.X? – Johnny Mar 05 '15 at 23:48
  • That would be one solution, yes -- you haven't clearly explained the environment except for "so production doesn’t have such a big job building say, a ten unit system" so it's difficult to offer any specific suggestion. – fukawi2 Mar 05 '15 at 23:49
  • The boxes around network A and B are physical enclosures and the laptops are in a room physically separated from the enclosures. One Ethernet cable per enclosure to the room (total of two). – Johnny Mar 05 '15 at 23:52
  • 1
    Thank you all for your input. I am going to reconfigure and use multiple networks (10.251.1.X, 10.251.2.X, etc). This will allow me to establish gateways for VLANs that I can use to forward 192 traffic to a specific set of ports on a layer three switch. Thank you again. – Johnny Mar 06 '15 at 00:22
  • I was able to get this working in the following way. Keeping the IP addresses the same (10.251.2.11, 10.251.2.2, etc) for both networks A and B. I created three VLANs. I then created 3 SVIs such that the 192 traffic from the cameras was forwarded to the server VLAN. The traffic is isolated and the 192 traffic forwarded. Thank you for your help Fukawi2. Please remove the hold from this inquiry as it is clearly a networking question. – Johnny Mar 10 '15 at 20:53
1

You probably could arrange things like this; you'ld need some clever dancing with NAT or something to convince the server that it could talk to mutiple distinct machines on the same IP address.

However, in the name of all that's holy, why would you build such an abomination? DHCP, DNS and proper configuration management tools are your friends. 10, or even 100 machines, configured the same except with different IP addresses should be an everyday request.

richardb
  • 1,206
  • 9
  • 14