When to split up a LAN? And IP Addressing schemes

We've got a mid-sized office using a standard 192.168.150.xxx class C network all running on gigabit switches. It has about 80 PC's & Macs. Plus another 40 wireless devices like phones, tablets etc, that connect to the network. Add to that VPN users, servers etc and we are approaching 200 devices needing IP's and need to plan for growth.

We will shortly be moving to a new building and it seems like a good time to think about at least changing IP ranges to something with more room to grow, like a class B network.

My first question is how many PC's is too many on a network? At what point should we start thinking about splitting the LAN up into VLANs? At this point it’s a pretty small network and I'd just assume not add the complexity.

Next, any recommendations on IP address schemes? I’m thinking of something like a class B 10.1.X.X. Then just for organization doing something like network gear gets 10.1.10.x, workstations / DHCP get 10.1.20.x, VPN gets 10.1.30.x etc. Again all class B on the same network, just using that third octet to sort different types of devices. Any thoughts?

Thanks for any comments.
LVL 1
willp2Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

colonytireDirector of TechnologyCommented:
I recently had the same issue.  I elected to go with a Full Class A 10.0.0.0 network but breaking it down into multiple subnets based on groups of computers so I would never have to worry about it again.

Example group 10.0.0.0 /255.255.240.0 = 10.0.0.1 thru 10.0.15.254 and could be broken down/seperated again using VLans easily if needed.

You could use Bitcricket IP Calculator to help see the different subnet and grouping options easier.
0
Ken BooneNetwork ConsultantCommented:
First of all your plan is a good plan.  Break a class B up into multiple class C segments and assign each subnet to a vlan.

As far as when to split it up it really varies depending on the environment.

I like to always have a management network (network gear) even on small networks.
I typically like to have an IT network - this simplifies ACLs - i.e. to allow IT to access network gear things like that.

As a general rule, you can plan on splitting as you start to approach the class C limit.  In some cases, due to heavy traffic we have split them way before that point.  Sometimes we split for separation of traffic, sometimes we split because we have too many devices, - large broadcast domain.

With today's gigabit switches we don't see a lot of "real" problems  with  too many users on a segment that approaches the class C size, but remember the larger the amount of devices on a network, the more broadcasts that all of those devices will see.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
awaggonerCommented:
I think you are at the point of splitting up the LAN into multiple VLANs.  You have a good plan for your addressing scheme, just make them VLANs.

This will reduce the size of your broadcast domains and help increase security of your LAN.

http://www.techrepublic.com/article/scaling-your-network-with-vlans/5779489
http://bandwidth.com/wiki/article/Benefits_of_VLANs
0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

pwnbasketzCommented:
I would steer clear of using 10.0.0.0/8 (a lot of ISPs use that for their own internal numbering schemes).   You can even stay with 192.168.150.0/24 if you'd like and just expand more network segments as you see fit.

Splitting the networks into VLANs is a very good idea and you're definitely thinking in a good way, especially with the wireless traffic.  While the security of the wireless network is dependent on the encryption, it's still crackable and then opens you up to a whole host of DOS/snoop possibilities.  It does increase the time to configure everything with the inter-vlan routing, but it's worth it in the end.

With regards to how many computers are too many.  That's a hard one to quantify, I would use wireshark to sniff your traffic, filter for only broadcast traffic, and see how much broadcast traffic you have going around your network.  With gigabit switches, the performance pickup is, honestly, not going to be insanely high, but there are other reasons for splitting your workstations/laptops/servers into their own subnets/vlans (ie. you don't want to open your servers up to arp cache poisoning attacks, etc).
0
Ken BooneNetwork ConsultantCommented:
People use all of the rfc 1918 addresses.  10. is no exception.  You can feel safe using the 10 and breaking up as you see fit.  If you don't like that you can go with a class b in the 172.16.0.0 through 172.31.0.0 range otherwise use multiple 192.168.x. addresses.  Most home equipment is by default on 192.168.x.x addresses, so sometimes VPNs have some issues there that need to be dealt with.
0
willp2Author Commented:
Thanks for all the comments. I agree it sounds like VLAN's are the way to go, however one problem. I'm a bit of a VLAN noob and I don't have a good handle on routing between VLAN's.

Probably a pretty basic question, but if I have workstations on one VLAN and servers on another, so I need a router or a layer 3 switch for them to talk?

Also, when I am using something like wireshark to look at broadcast traffic, how even then can I tell when I have too much?

Thanks
0
awaggonerCommented:
Yes, you will need to route between the VLANs

http://www.techrepublic.com/article/scaling-your-network-with-vlans/5779489

Here is a link to a Tutorial for configuring layer 3 switch for VLAN routing.
http://www.net130.com/tutorial/cisco-pdf/howto_L3_intervlanrouting.pdf
0
pwnbasketzCommented:
Not to hijack the thread, but I am a naturally curious soul.  Did they just recently change intervlan routing config?  I'm used to having to do subinterfaces on the inside interface.
0
willp2Author Commented:
OK, that's what I thought. I guess I was hoping that there was something I was missing that would allow me to do this without a layer 3 switch as we just don't have the budget for that at the moment.

Thanks
0
awaggonerCommented:
I don't know how much money you have available, but you could look into purchasing a router.
0
willp2Author Commented:
Apparently there are going to be a couple of Dell 5524 switches in the mix. While not sold as a layer 3 switch, looking at the specs and the user guide, it does look to me like it may well be be one.

If that's true, that certainly opens up a lot of possibilities.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Architecture

From novice to tech pro — start learning today.