Chapter 3

Before You Begin

Configuring an ANG-3000/7000

 

Figure 12 shows a sample corporate network that employs two virtual subnets. Each virtual subnet provides up to 255 client IP addresses depending upon the subnet mask used. By assigning different virtual subnets to each group, you can control what devices members of the group can access once they are connected.

Aurorean Remote Clients

 

INTERNET

 

 

 

Virtual Subnet #1

 

 

192.168.1.0

Firewall

Aurorean

 

Network

 

 

Gateway

Virtual Subnet #2

 

 

 

200.100.200.0

192.168.2.0

 

 

Server #1

Router

 

 

 

 

200.100.201.0

 

 

Server #2

 

Figure 12 Remote Client Virtual Subnet Usage

For example, because Server #1 resides on the same network segment as the ANG, all remote clients can access this server regardless of the virtual subnet that provided their address. If you enable RIP or OSPF on the ANG Trusted interface, the router in this diagram will learn about both virtual subnets. However, if you enable only static routing on the ANG Trusted interface, you can limit access to the 200.100.201.0 subnet to users that receive address from Virtual Subnet #1. To accomplish this, you must create two static routes:

RiverMaster Administrator’s Guide

29

Page 41
Image 41
Enterasys Networks Network Card manual Remote Client Virtual Subnet Usage