Solved

Subnet Question

Posted on 2003-12-06
8
447 Views
Last Modified: 2011-09-20
Please Help!

My network currently uses a Cisco PIX 515E with an internal layer 3 switch and we are going to be implementing NAT on the PIX. Our inside network will be 192.168.0.0 that will translate to a pool consisting of 5-6 class C networks.

I would like to use more than 1 subnet mask to chunk up the 192.168.0.0

255.255.255.0 will be used for my smaller vlans and I would also like to use 255.255.248.0 for two of my large vlans.

So my question is, Can I use both subnet masks as long as they do not overlap?
0
Comment
Question by:mikesparker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 35

Accepted Solution

by:
ShineOn earned 25 total points
ID: 9891456
192.168.x.x is class C.  The 255.255.248.0 mask is a class B subnet.  You might want to do supernetting, where using CIDR subnetting, you can aggregate networks.

How big is your network in number of nodes, number of sites, and number of vlans you want to establish?

You may want to use a class B network or even a class A network, and subnet it according to its class.

VLANs, IIRC, are supposed to be classless - in other words, a VLAN is not equivalent to a subnet.

I'm sure some other Experts will chime in with either contradictory statements or more detailed explanations.  This is just to get you started...
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9891618
192.168.0.0 255.255.248.0 would yield you up to 32 subnets in 192.168.0.0/16 with 2048 addresses including network and broadcast
i.e.
network         from                to                broadcast
192.168.0.0 192.168.0.1 192.168.7.254 192.168.7.255
etc. Note your want to exclude .0 and .255 node addresses within that range to accomodate windoze

the 255.255.255.0 will obviosly net you 256 subnets of 256 addresses

>Can I use both subnet masks as long as they do not overlap?
If your routing protocols understand VLSM, yes

using 10.0.0.0 255.255.0.0 might simplify things, help desks and techs sometimes have a hard time getting their head around vlms's and having a consistent mask throughout the organization has it's merits from the standpoint of simplicity.







0
 

Author Comment

by:mikesparker
ID: 9892061
I was considering the following setup. It's for a small University with about 1000-1200 machines. I will be using a Catalyst 6513 with Sup2/MSFC2. So will this work? Do I just enable ip classles in the MSFC2?

VLAN1:  PIX to 6513            192.168.1.0 255.255.255.0

VLAN2: Servers                  192.168.2.0 255.255.255.0

VLAN3: Printers                  192.168.3.0 255.25.255.0

VLAN4: Switch/Router         192.168.4.0 255.255.255.0
           Management

DMZ:                                 192.168.5.0 255.255.255.0

Faculty/Staff                      192.168.16.0 255.255.248.0

Student Labs                      192.168.20.0 255.255.248.0
0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 
LVL 18

Assisted Solution

by:chicagoan
chicagoan earned 100 total points
ID: 9892081
as long as you're not using RIP ;)

Is this thing completely flat?
No routers outside of the cat?
0
 

Author Comment

by:mikesparker
ID: 9892107
Thanks. Yes, we just have 1 L3 switch (and many L2 switches). I think I will use EIGRP.
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9892124
EIGRP or OSPF will do fine

You're creating some fairly large VLANs, I'd consider breaking things down at your L2 switch levels for comparmentalization of problems, but I don't know the history or purpose of the idea, so buona fortuna!
0
 

Author Comment

by:mikesparker
ID: 9892496
I agree. However, right now we have 1 VLAN for EVERYTHING... hehe. I am new on the job and my jaw hit the floor when I saw the campus setup. I think 7-8 VLANS should eliminate our broadcast storms. I'm a bit nervous though because I am going to implement DHCP, NAT, EIGRP (currently RIP), and the VLANs all at the same time. We are just waiting for the new 6513 to arrive...
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9892497
sounds like fun

just remember:
You're NEVER done!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month10 days, 13 hours left to enroll

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question