Solved

IP and Subnet Question

Posted on 2004-08-24
18
1,537 Views
Last Modified: 2010-04-11
I am running a cisco router with a IP of xxx.248.206.1
and I have a Cisco Firewall that is connected to it at xxx.248.206.143, then my actual work network is connected to the firewall through the firewall internal port of 172.16.1.1

My IP assignments for the Internal Office systems are:
IP: 172.16.1.110
Subnet: 255.255.0.0
Gateway: 172.16.1.1


I would like to know if my internal office pc network is supposed to be a subnet mask of
255.255.255.0

I am wondering because it seems I screwed up a few places and used 255.255.255.0 for some and 255.255.0.0 for others.

Can someone tell me what the right subnet would be and why?
(Don't post a link, just explain it please.. )
0
Comment
Question by:gormly
  • 4
  • 3
  • 3
  • +5
18 Comments
 
LVL 1

Expert Comment

by:irjeffb
ID: 11881991
It should be 255.255.0.0.

However, the systems with 255.255.255.0 will still work, with some exceptions.  Where you will have a problem is when you need to connect to IP Addresses that will be out of this subnet, but shouldn't be.

For example, if your IP Address is 172.16.1.200 and your Subnet is set to 255.255.255.0, you will connect to everything that starts with 172.16.1 just fine.  You will NOT be able to connect to 172.16.2.x-172.16.254.x (or 172.16.0.x) because since your Subnet SHOULD BE 255.255.0.0, these would be LOCAL addresses.  Since you set the Subnet to 255.255.255.0, they will be viewed as non-local, and the traffic will attempt to go through the default gateway.

Unless you have any of those other systems with 172.16.(something other than 1).x, you will be fine.

-Jeff
0
 
LVL 1

Expert Comment

by:pjargon
ID: 11882019
255.255.255.0 should work
What this means is that your computer can communicate directly to everything on the network with an ip starting with 172.16.1.*, anything else needs to go through the firewall first.

If you use 255.255.0.0 as a subnet mask, everything will probably still work fine, just means that your computer can communicate directly with anything 172.16.*.*

It depends upon what else you have on your network though.  If you have machines with an ip of 172.16.2.* (or any other not-1 number for the 3rd group), you'll need 255.255.0.0
If all you have is 172.16.1.* machines, 255.255.255.0 is what you're after.

0
 
LVL 3

Expert Comment

by:CountRugen
ID: 11882031
What it really boils down to is how big do you need it to be?  Since your're using the 172.16.x.x range, as long as you have it at least as 255.255.0.0 (which is huge) you'll be fine.  Judging by the numbers you've assigned already, unless you have some unusually large setup with thousands of computers, 255.255.255.0 will be fine also.  What's most important in this scenario is that A) they are all the same and B) all of the addresses you use fit within that range.

Basically what it boils down to for these two masks is this-

255.255.0.0 = All IP addresses must start with 172.16.x.x
255.255.255.0 = All IP addresses must start with 172.16.1.x

You can go larger or smaller as need be, but that would unnecessarily complicate things.

HTH
0
 
LVL 7

Expert Comment

by:EmpKent
ID: 11882054
If you have a relatively small network, you would want to use the class C mask of 255.255.255.0. Your range would then be 172.16.1.1 - 172.16.1.254 for hosts.

If your network were larger and you were not too worried about flooding it with broadcast traffic, you could use the class B range of 255.255.0.0 and have a much larger range of 172.16.0.1 - 172.16.254.254.

The difference is 254 hosts on the class C and way more on the other. In your case, it would be prudent to use 255.255.255.0.

Kent
0
 
LVL 9

Expert Comment

by:fixnix
ID: 11882101
As long as all your internal addresses fit in the address space of 172.16.1.x then you can use a subnet of 255.255.255.0.  Otherwise, set all netmasks to 255.255.0.0.  If they're all on the same subnet, they should all have the same subnet mask.  It might still work with a mixmatch of subnet masks, however your firewall would wind up routing packets internally that it really doesn't need to be if everything was on the same subnet.  

Technically, if you're using 172.16.x.x address space, RFC 1918 says subnets in the range 172.16.0.0-172.31.255.255 should be "20 bit blocks" meaning they should have a netmask of 255.255.0.0.

It will work either way, but to stay true to the RFC, I'd change them all to 255.255.0.0.
0
 
LVL 1

Author Comment

by:gormly
ID: 11882107
Um.. two conflicting responses.. not encoraging at all.


My reason for this question is I have network issues sometimes and I want to figure out why.
I just recently added a MAC to the network (uggg) and I can't get the thing to work with the network, sometimes it see's things, sometimes it does not.  Sometimes it connects.. sometimes it does not.

Anyway, to really help me out could you go through this list and tell me what the subnets should be on these devices?


Cisco Router should have:
IP: xxx.248.206.1
Subnet:

Firewall
Outside IP: xxx.248.206.143
Subnet:

Inside IP:
172.16.1.1
Subnet:

Office PC
IP: 172.16.1.101
Subnet:

Printer attached to network but outside the firewall:
IP: xxx.248.206.90
Subnet:
0
 
LVL 7

Expert Comment

by:EmpKent
ID: 11882154
All of the m should be 255.255.255.0
0
 
LVL 9

Expert Comment

by:fixnix
ID: 11882400
" All of the m should be 255.255.255.0"  depends how you define "should".  It'll work if all are 255.255.255.0, but again, according to RFC1918 the 172.16.x.x networks should have a netmask of 255.255.0.0.  Either way will work, you don't need a 255.255.0.0 subnet with less than 253 IP devices on that subnet, but it would be "cleaner" to stick with the RFC.  Either netmask will work.  Just make sure they're all the same on all the 172.16.1.x machines.  Some admins would think it was silly to use 20 bit address space, others would think it's silly to break RFC, others would change the 172.16.x.x's to 192.168.x.x's and use a 255.255.255.0 netmask, others wouldn't care as long as it worked.  Decide what category you fit in and make the appropriate change.  
0
 
LVL 1

Author Comment

by:gormly
ID: 11882631
I really don't know now...

It should be 255.255.255.0 but then again it should be 255.255.0.0 but it can be 255.255.255.0 even though this says it can be 255.255.0.0

I mean come on...
I know you guys are trying to help but geese louise....

Should I stay or should I go now...

Which One should I use?

255.255.255.0
OR
255.255.0.0
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 7

Expert Comment

by:EmpKent
ID: 11882668
You can use either. If all internal hosts have the same one, you will not have a problem. (your ISP will determine the subnet of the Cisco gear and the printer)

255.255.255.0 is a standard small network subnet.

It is the preferable one.
0
 
LVL 3

Expert Comment

by:CountRugen
ID: 11883559
Use 255.255.255.0 on all internal (172.16.1.x) systems.  You should have been given a netmask to use for your public IP's by your ISP.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 11883906
Rule of thumb. Use the mask that fits your network. If less than 253 hosts, use 255.255.255.0
2nd rule of thumb. ALL devices, including and especially the gateway, must have the same mask.

0
 
LVL 1

Expert Comment

by:irjeffb
ID: 11883998
Maybe this will help...

To understand which subnet you need to use means you must understand subnetting.

An IP Address contains two parts, a NETWORK identification, and a HOST identification.  The network part of the address must be the same for all devices that will be on the same network segment.  The host part of the address must be unique for each device on the network.

The Subnet Mask is used to separate the NETWORK part and HOST part of the IP Address.  To see where the split is, you need to convert it to binary.

An IP Address and a Subnet Mask are each made up of 4 octets.  They are named this because each octet is 8 binary digits.

For example, 255.255.0.0 is the decimal equivalent of 11111111.11111111.00000000.00000000 binary.

A Subnet Mask will always begin with 1s and then switch to 0s (It will never switch back and forth).  The place where the 1s change to 0s is the split between the NETWORK part and the HOST part of the IP Address.

___
For example, if your IP Address was 172.16.2.1 and your Subnet Mask was 255.255.0.0, you would convert the Subnet Mask to binary (11111111.11111111.00000000.00000000).  This tells you that the first two octets of the IP Address identify the NETWORK and the last two octets identify the HOST.

So, in this example, 172.16.x.x is the NETWORK (the system will see everything that begins with this as local), and the .2.1 is the HOST (the part that is unique to this system on the network).

If the IP Address was 172.16.3.1 and the Subnet Mask was 255.255.255.0, you would again convert the Subnet Mask to binary (11111111.11111111.11111111.00000000).  This tells you that the first three octets of the IP Address identify the NETWORK and the last ONE octet identifies the HOST>

In this example, 172.16.3.x is the NETWORK (the system will see everything that begins with this as local), and the .1 is the HOST (the part that is unique to this system on the network).


It gets more complex with other subnets (i.e. IP Address 172.16.0.1 with a Subnet Mask of 255.240.0.0 is 11111111.11110000.00000000.00000000 and would mean that 172.16.x.x-172.31.x.x are on the same network).  I can explain this in greater detail if necessary.

The main question I usually get is "why does it matter".  The quick answer is this...

The further the 1s move the the right, the more NETWORKS you can have, but there will be less HOSTS on each network.  The further the 1s end to the left, the more HOSTS you can have per network, but there are fewer networks available. (255.255.255.0 has roughly 16 million available networks, but only 254 hosts on each one, 255.0.0.0 has only 254 available networks, but each one can have roughly 16 million hosts).

Hope that helps.

0
 
LVL 11

Expert Comment

by:PennGwyn
ID: 11884331
The 172.16.x.x-172.31.x.x blocks are private addresses in what was once the "Class B" range of addresses.

You need to decide whether you're using the 172.16.0.0/16 (255.255.0.0) subnet, or the 172.16.1.0/24 (255.255.255.0) subnet.  EITHER WILL WORK JUST FINE.  But you'll avoid problems by consistently using one or the other.  (Here's an example where DHCP can save you a lot of work -- you set it once in one place, and almost everything on the network can get it from there.)

There are two basic advantages to using the 172.16.0.0/16 (255.255.0.0) network in this situation:

1.  Can handle more than 253 client devices on the same subnet.  (Might not be a factor for you.)

2.  Works with classful devices/protocols that recognize 172 as a class B prefix, instead of using the mask.  (Again, might not be a factor for you.)

0
 
LVL 1

Author Comment

by:gormly
ID: 11885428
Thanks all for your help

lrmoore, once again, you have helped by getting to the point with a reason
.
to all others, thank you.. I gave the points to lrmoore because he has help tremedously in the past and has always been right.

Although you have given a great effort and more info than I could ever need, I know I can completely trust lrmoore's answer based on my past experiences.
No offense meant to anyone, and I thank you all.

0
 
LVL 1

Expert Comment

by:irjeffb
ID: 11885463
...but you asked for a reason, then awarded the points to a response that didn't have an explanation...

Quote from your question:  "Can someone tell me what the right subnet would be and why?"

...just seems like a tremendous waste of time for those of us who actually put the effort into explaining the reasoning...
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 11887911
The reason is simple - it's whatever fits gormly's network best. I didn't think he needed a lesson is subnet masking or a review of the RFC's.
Either way will work - of course, but what weight should gormly give one over the other?
The true answer is "it depends".
It depends on the number of hosts on the network
It depends on the plans to breakup the hosts into vlans
It depends on the potential growth of the network
It depends on connections to external networks
It depends on requirements for route summarization
It depends on external connections or connecting devices that may only understand classful masks
It depends on personal preferences - some people like to experiment with VLSM and learn to subnet much more precisely than just on classful masks
It depends most on the boss and what he/she wants to do. I've had clients insist on using class A network with class B masks at every location, even though each location only had a maximum of 10 users.
Bottom line - it depends on a multitude of things.

My personal recommendation, as a network designer/consultant designing and building global networks, is to use the most-bits-matching classful mask that fits your network. <253 hosts use class C mask. >253 hosts, use class C mask with VLAN's and L3 routing. There is no good reason to have a flat network consisting of more than 500 hosts - ever. 500 is the maximum industry-standard "rule-of-thumb" number of hosts on any single vlan or network, so why would you need to use a mask that permits umpteen gazillion hosts on one network? The only logical reason is if you have a legacy device on the network that ONLY recognizes classful boundaries and won't work with subnet masks. Then, why not just start with a Class C network?






0
 
LVL 1

Expert Comment

by:irjeffb
ID: 11888812
lrmoore, I agree with your recommendations 100%, that wasn't my issue...but anyway...

One possible reason to use a subnet that allows a larger than "necessary" number of hosts...

We use a Class B mask (16 bit) at most of our offices for keeping things organized.

Example:  if the network were 172.16.0.0 / 255.255.0.0...

We use:

172.16.1.x for routers
172.16.2.x for switches
172.16.3.x for servers
172.16.4.x for network printers
172.16.5.x for management devices
172.16.6.x for DHCP
172.16.7.x for wireless access points
etc., etc.

While we have few enough hosts at each location to use a class C address, I have found that using a class B and splitting up the addresses makes things a lot easier to identify.

Do I need a Class B network?  No.  But, it makes it a lot easier to administer and troubleshoot.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

What is IRC? IRC (Internet Relay Chat) is a form of communication between multiple users. It is available freely to anyone with inernet access. IRC is a great way to communicate with others e.g. There is an IRC channel for Ubuntu Linux, which is fo…
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now