ndidomenico
asked on
Need explanation on a subnet mask issue
Here's the scenario:
Small network home made of 3 PC's and 1 Linksys router for Internet access.
Linksys router IP: 192.168.1.1
PC1 IP address: 192.168.1.10 (mine)
PC2 IP address: 192.168.1.11 (my wife)
PC3 IP address: 192.168.1.150 (my kid)
I've assigned all 3 PC's with: Subnet mask = 255.255.255.128 / Gateway: 192.168.1.1
I've used subnet mask 255.255.255.128 in order to create 2 subnets. PC1 and PC2 are part of the 1st subnet (192.168.1.1-127) while PC3 is on the second subnet (192.168.1.128-255). I'm doing this so that I can somehow isolate a little bit more my son's pc from our 2 machines (I actually got that suggestion from another post in EE earlier this week). So by doing this, he cannot ping our computers from his. Makes me feel a "little" more secure - we are also running Symantec firewall on our PC's.
Now here's the part I don't understand: while PC3 (my kid) is not able to ping adresses 192.168.1.2 to 127 (works as expected), he IS ABLE to ping the router at 192.168.1.1 (not expected), and his Internet access works too. Shouldn't 192.168.1.1 not be reachable from his machine, like for adresses 2-127 ? Or is it because the Gateway IP address defined in his TCPIP properties takes precedence over the subnet mask ?
BTW, I'm quit happy that his Internet works in this scenario, but my understanding of this subnet configuration made me believe initially when I setup this up that he would not have access to the router / Internet.
Small network home made of 3 PC's and 1 Linksys router for Internet access.
Linksys router IP: 192.168.1.1
PC1 IP address: 192.168.1.10 (mine)
PC2 IP address: 192.168.1.11 (my wife)
PC3 IP address: 192.168.1.150 (my kid)
I've assigned all 3 PC's with: Subnet mask = 255.255.255.128 / Gateway: 192.168.1.1
I've used subnet mask 255.255.255.128 in order to create 2 subnets. PC1 and PC2 are part of the 1st subnet (192.168.1.1-127) while PC3 is on the second subnet (192.168.1.128-255). I'm doing this so that I can somehow isolate a little bit more my son's pc from our 2 machines (I actually got that suggestion from another post in EE earlier this week). So by doing this, he cannot ping our computers from his. Makes me feel a "little" more secure - we are also running Symantec firewall on our PC's.
Now here's the part I don't understand: while PC3 (my kid) is not able to ping adresses 192.168.1.2 to 127 (works as expected), he IS ABLE to ping the router at 192.168.1.1 (not expected), and his Internet access works too. Shouldn't 192.168.1.1 not be reachable from his machine, like for adresses 2-127 ? Or is it because the Gateway IP address defined in his TCPIP properties takes precedence over the subnet mask ?
BTW, I'm quit happy that his Internet works in this scenario, but my understanding of this subnet configuration made me believe initially when I setup this up that he would not have access to the router / Internet.
What is subnet for router?
ASKER
255.255.255.0
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Are you sure his PC is getting a subnet mask of .128? If so, he should not be able to use the router as his gateway at all, as 192.168.1.1 won't be in his subnet. The fact that he can reach the router (and the Internet) tells me that his subnet mask is really 255.255.255.0. Subnet mask will always take precedence over gateways, as SM defines who is local to you (and a gateway MUST be local to you). Best way to check is to run "ipconfig-all" at a command prompt on PC3, and see what the subnet mask says.
The only other way PC3 could reach the router would be if you had two ip addresses on the router- one in the PC1 and PC2 subet, and one in the PC3 subnet.
If all is setup correctly (as you said), PC3 will not be able to see anyone but himself, as there's no one else on his subnet (not even the gateway).
The only other way PC3 could reach the router would be if you had two ip addresses on the router- one in the PC1 and PC2 subet, and one in the PC3 subnet.
If all is setup correctly (as you said), PC3 will not be able to see anyone but himself, as there's no one else on his subnet (not even the gateway).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do you want to read GREAT article about subnetting?
http://www.cisco.com/warp/public/701/3.html
And one more thing your going to love;
http://www.telusplanet.net/public/sparkman/netcalc.htm
Enjoy and earn
Cyber
http://www.cisco.com/warp/public/701/3.html
And one more thing your going to love;
http://www.telusplanet.net/public/sparkman/netcalc.htm
Enjoy and earn
Cyber
ASKER
Thanks for the help. I'm splitting the points between 1) xrok for having given first the answer, and 2) Genexen for confirming the answer with an excellent explanation that helped me understand more what was happening.
One comment if I may add:
How much protection am I getting from having my kid's computer on a different network in regards to viruses/worms ? Can they easily infect computers that are on a different network on my lan ? (like: "If i can't ping it, i can't infect it")
One comment if I may add:
How much protection am I getting from having my kid's computer on a different network in regards to viruses/worms ? Can they easily infect computers that are on a different network on my lan ? (like: "If i can't ping it, i can't infect it")
ASKER
Oops - I forgot to mention when I closed this question, that by changing the subnet mask to 255.255.255.128 on the router (192.168.10.1), as suggested, my kid's PC did not have access to that address anymore. Thanks