T1 and VLANS

isukatdancing · Post by **isukatdancing** » Mon May 12, 2008 1:03 pm

I am having some confusion on an issue. How do VLANS over t1 or other dedicated lines work?

For example, I work in a worldwide company. How do they make it possible for me to access things on other parts of the world? If it because the domain has a static IP and I just log into that, or is it because I am on the same VLAN as the domain? If that is the case, in theory, you can use DSL to run a small organiztion with one DC remontly as long as it keeps a static IP (even though it would be ridiculously slow). Im just trying to understand the concept of VLANS of T1and if it has anything to do with the internal IP, or if it is just related to a connection to the domain controller.

Thanks for your help.

Post by **YeOldeStonecat** » Sun May 18, 2008 2:35 pm

It's routing that connects wide area networks...not necessarily VLANs.

With broadband..mixtures of DSL, cable, various flavors of Ts, etc....what we usually do is put a router at each site..which supports "Router to router VPN tunnels"...usually done with IPSec VPN.

You can have your central office on one internet connection..several satellite offices on other internet connections. A router at each satellite office...which does a VPN tunnel right to the main offices router. This way...they are effectively part of the network at the main office.

At home..I have a cable connection, and my router of choice for this month (since I change routers frequently just to fiddle around with various ones)...is a laptap that is running a linux distro called PFSense. At my office...which is sitting on part of an OC3...I have a Linksys/Cisco RV082 at the moment. I set up an IPSec VPN tunnel between my PFSense box..as the RV082 at the office. I can access all network resources at the office.

Each branch/location...gets a public IP address on the internet side of the router...and they hit the internet on their own. You don't NEED to have static IP addresses..you can do VPN tunnels using dynamic IP services...but for maximum uptime...static IPs are desired...at least at the central office.

Some wide area networks that use T-1s...the satellite offices just to a point to point to the central office..they don't get public IP addresses on their own.....everything routes to the central location.

VLANs are usually used to separate parts of a network..so workstations that are setup on a certain VLAN...cannot access resources on another VLAN....even though they're on the same network. Example...a small school setup I did....I created 3x VLANs. One VLAN for the office...a second VLAN for the classrooms, and a third VLAN for a computer lab. Only the router (for internet)..and another PC that runs the antivirus for the entire network..can get access to all VLANs...otherwise...the network is effectively separated into 3x networks...that cannot access each other.

ErikD · Post by **ErikD** » Sun May 18, 2008 3:01 pm

VLANs are also used to minimize traffic in larger networks, but have routing between them setup so all computers can access everything. This also makes it easier to troubleshoot problems when you have a network with hundreds or thousands of devices in it.

isukatdancing · Post by **isukatdancing** » Sun May 18, 2008 6:08 pm

So what would be the best way to implement this. I want to set this up for someone so they can work from there home to there office. The home has a DSL connection with dynamic addressing, and the office as T1 with static. Whats the best way to implement it?

Thanks for all the help.

Post by **YeOldeStonecat** » Sun May 18, 2008 6:09 pm

Many ways.

Any servers at the office? Small Business Server by chance? If so...there ya go...Remote Web Workplace.

Is this just for 1x user? If so...just setup logmein or gotomypc. Much less expensive. (logmein...1x account is free)

These are assuming they have a workstation at the office to log into.

Or don't they? If so..what do they need to get to at the office..from home? What software?

isukatdancing · Post by **isukatdancing** » Sun May 18, 2008 6:10 pm

also, I want the home computers to only use the DSL, and the office to only use the T1 to access the internet, I dont want them to share the same connection to access the internet.

isukatdancing · Post by **isukatdancing** » Sun May 18, 2008 6:10 pm

yeah, I know I could do that, but I want to get the experience of setting this up so I can use it in the future. I'm close with these people, so I know I can experiment on them.

isukatdancing · Post by **isukatdancing** » Sun May 18, 2008 6:13 pm

The use IVT to telnet into a server they use for customs. I just want them to be able to use IVT as if they were sitting in the office, but from a computer here. Also to be able to access shared files on workstations that are in the office. I want them to be able to do the same things they do in the office, from home. If I were to setup a DC, how would I make it so they could login to the domain from home?

ErikD · Post by **ErikD** » Tue May 20, 2008 8:50 pm

Did you read the previous post by YOSC and answer any of those questions? Using LogMeIn or GoToMyPC would be an easy and cheap method for a single user.

What is in the office? What router, servers, OS, etc? You need to give a lot more information because setting up remote connectivity between remote offices is not an easy task.

isukatdancing · Post by **isukatdancing** » Tue May 20, 2008 10:17 pm

Did you read the previous post by me? I said that I know I could use that, but I wanted to learn how to do it by using VPN. Now I remember why I never use these forums. its because there are some people who come on here with the worst attitudes. I dont need your help. I can find it myself.

ErikD · Post by **ErikD** » Sat May 24, 2008 8:32 am

isukatdancing wrote:Did you read the previous post by me? I said that I know I could use that, but I wanted to learn how to do it by using VPN. Now I remember why I never use these forums. its because there are some people who come on here with the worst attitudes. I dont need your help. I can find it myself.

Worst attitude? You came asking for help, and got some suggestions. There is a big difference between doing something the easiest and best way from a technical/business perspective and just doing something in a certain way because you want to learn.

Since you are set on creating a VPN tunnel what type of equipment is in the office that has the T1? We need specific models and configurations of the router that the T1 connects to. It needs to support remote access VPN connections from either a software client or using Windows PPTP.

Then we need to think about:
Does the application need to be installed on the remote computer to work?
How will the additional delay of using a remote computer, encryption, and a slower WAN link affect operation of the application? Some programs just won't work over a slow VPN link to a server (especially anything with a database) if it has a timeout period for response.

evan · Post by **evan** » Fri Jun 06, 2008 2:01 pm

just need a router or windows 2003 server connect which has two network adapters as a router server connect to your T1 router.and there will be static ip address if you have a DSL connection.,make ur server stayed at DMZ and run the VPN or Ipsec VPN services..surely,.you need to creat account & user for the users who want to connect to company network while at home.
then..the end user could use their username and password to connect.