IP address for LAN devices?

thanks for your valuable replies...

@Cooker85 :
So basically Can I use:
1. Is DMZ  = 10.90.1.0- 254 /24
2. IP Range for Fortigate firewall = 10.90.1.0- 254 /24
3. IP Range for Edge & Core Switches = 10.90.1.0- 254 /24
4. IP Range for Cisco Call manager & Phones? = 10.90.5.0- 254 /24
5. IP Range for Client PCs  = 10.90.1.0- 254 /24
6. IP Range for some POS machines (Win7) (12 nos POS) = 10.90.2.0- 254 /24
7. IP Range for some WAP devices (For Internal Network) = 10.90.1.0- 254 /24
8. IP Range for some WAP devices (For Guest Network) = 10.90.4.0- 254 /24
8. IP range for Symantec backup device 3600  = 10.90.1.0- 254 /24
9. IP range for Netapp SAN device (on firber) = 10.90.1.0- 254 /24
Am I correct here as per the best practice?
Normally for a DMZ you would use publically rouatable…….I will do the NATing in Firewall ..
Having more smaller subnets can help performance ….. I am sorry I don’t understand your point=pls explain?
Another reason you may wish to use a separate vlan or subnet is for security, = Yes…I want to keep the separate for security reasons…...
Any suggestion/advice….to improve security by dividing / isolating network subnets?
--------------------------------------------------------------------------------------------------_--------------------
@ fmarshall:
Don't forget to provide for spare addresses in each of the "groups" = WHICH GROUP?

Splitting them up will possibly cost more and will result in higher maintenance costs = If it can improve the security I am ready to bear the maintenance cost (by the way how the cost will be more by splitting it)
You want "better isolation/management" but it's not clear what that really means to you = Reason is Security/securing the network with best practice & improving the performance as well,

That all looks OK.  You may want to prevent the Guest WLAN range from routing to the other ranges or use a different device as a gateway.  Depends on your specific requirements and security concerns.

I would try and stick to say 10.90 as you have for this site, then should you need to add another they can be 10.80 and it should simplify routing later on.

My comment on subnets helping performance is that during normal use some devices will have to broadcast. DHCP requests are an example of this.  If you have a single huge subnet with thousands of devices these broadcasts can become a problem and impact on performance as all devices will receive a broadcast and switches have to by design forward a broadcast.  Keeping subnets to 254 hosts or less helps to keep the number of broadcasts down so they aren't such an issue.  With only 50-60 hosts it isn't something to worry about.

I think what fmarshall is saying is that you should make sure the subnets are correctly sized with a view to growth.  If you only have 50-60 users a single /24 is fine but it would be prudent to watch the DHCP leases and prepare to add another if required.

Did all that make sense?  Was there anything else you wanted me to explain?

I would provide for spares in all the "groups".  You can decide how many for each group of course.  Zero is not a good option.  Maybe 10% and not less than 8?  I wouldn't go lower than that.  20% and not less than 8 would be better.  But it's a judgment call.

The cost of splitting things up would be in whatever hardware you're going to use and in the configuration and maintenance.  If the people are full-time employees then it may seem like less than if the people are contractors on time and materials.

thanks for your reply...

Kindly hold with me for 2-3 days..i will keep you posted soon

thanks