1

Hi,

Quite new to subnetting just need a little info.

We currently have 150 devices , 50 workstations ,50 phones, 6 servers and the rest…

The business is expanding very fast and is likely to see 300-400 devices in the near future.

The current set up is 192.168.0/24 subnet mask 255.255.255.0, so i’ve got 254 available ips.

I want to separate it like this,

servers + networking - 192.168.0.0-255

peripherals - 192.168.1.0-255

workstations - 192.168.2.0-255

phones - 192.168.3.0-255

Thanks for your help

5 Spice ups
2

Your projected number of devices put you on the edge of where subnetting would be a benefit to you. You can do this but you are adding complexity to your environment with little benefit right now. You could just as easily change the subnet mask to /22 to gain additional address space with only a little time involved.

If you are really set on implementing subnetting, I might first suggest that you move away from the default subnet range of 192.168.0.x, this is a common range for home networks. If one day you have people connecting via VPN it will cause a conflict. I might suggest that you start at 192.168.54.X or something less common. Also I would suggest that you NOT pack or stack your subnets so close. Make your first subnet at 192.168.54.x, the second at 192.168.58.x and so on this will leave room for expansion by just changing your subnet mask for the range.

3

Ok, I just think to compartmentalize all devices would be a lot easier to manage, I’d rather do the complicated stuff whilst were small?

I want to separate our dev team from our sales guys as well, so id put them on different sub nets, just not sure what hardware/config is involved?

How can all my subnets talk to my server subnet?

4

continuing…

Subnetting requires a router to pass the traffic between the subnets. You can use a traditional router like a cisco or a layer 3 switch to do the routing, or you could use one of the “router on a stick” software routers like pfSense, Zeroshell, Untangle, m0n0wall, etc and a desktop PC with multiple nic cards. You will also need to setup additional scopes in your DHCP server to service these additional subnets. On your router you will also need to configure the dhcp-helper agent to forward the dhcp requests from the other subnets to your main dhcp server. As for your network design you need to decide if you need data isolation. If this is the case then you will need to use VLANs to isolate the network traffic. If isolation isn’t necessary you can then just run in a multinetted design (all subnets running on the same physical network segment).

If you really want to do this you can, but for now it is much easier to just change your subnet mask. When you get around 800-1000 hosts then consider subnetting. Just be aware subnetting (as with VLANs) is for segregation not performance.

As a counter point here, if you are in a highly regulated industry typically the regulations require data isolation between users, servers, and infrastructure. if this is the case then subnetting with VLANs is the preferred path.

1 Spice up
5

Subnetting is always good practice to seperate devices for security.

In your case I would chose an 10.x.x.x or 172.16-32.x.x. address space, because that will provide the scalability you seem to need in the near future. Dont use subnet mask /22 on a class C network (192.168.x.x), because some hosts like printers, peripherals and older computers cant handle this. I also suggest to assign the servers and network management to separate subnets for security purposes.

6

liamspelman wrote:

How can all my subnets talk to my server subnet?

Sorry it is late here and my fingers are not behaving right now, so I’m typing slow.

7

Subnetting (for a valid reason) is always good practice. Implementing it because it sounds good is not. There are administrative overhead with every additional subnet you create.

SpicyLabrat wrote:

Dont use subnet mask /22 on a class C network (192.168.x.x), because some hosts like printers, peripherals and older computers cant handle this.

FWIW: Classes less networking (Class A, B, C, D) as been a standard for the last 10 years. There is really not Class C networks any more. The actual IP range you select is up to you, as long as it is from the private groups (10.X.X.X, 172.16-32.X.X, 192.168.X.X)

1 Spice up
8

Thanks, I already use a pfsense box as the main router. I will definately go with subnetting then, do I need a seperate router per subnet then?

9

George1421 wrote:

I’ll go with 172.16.x.x to avoid vpn issues with home networks

10

liamspelman wrote:

Thanks, I already use a pfsense box as the main router. I will definately go with subnetting then, do I need a seperate router per subnet then?

If you use pfsense for your internet router, I would us a different box. There will be different policies for your internal router than your internet router. And no you don’t need a router per subnet, you will add additional nic cards to your internal router one for each subnet, or virtual network interfaces if you use vlans, one for each subnet.

You need to come to a decision about VLANs or multinetting. Pretty soon. This decision will dictate your next steps.

In the FWIW bucket, renumbering your site(s) is a real pain. If you have a choice only do this once in a lifetime.

11

Would definately go with multinetting,

How does that work with two routers? one for internet and one for interal routing? whats the typical physical layout?

12

liamspelman wrote:

Would definately go with multinetting,

How does that work with two routers? one for internet and one for interal routing? whats the typical physical layout?

The easiest thing to do is put your internal router between all of your subnets, then run a crossover cable between your internal router and your internet router. You will burn a subnet this way. For all of your subnets your internal router will be the default route. And your internal routers default route will be your internet router.

OK, now you are using multinetting you will need to get a few nic cards with multiple ethernet ports (one for each subnet). Run all of these ports (except your internet one) into a single switch. You will configure each nic card with the ip address and subnet mask for each subnet.

Crud… multinetting only allows for one dhcp server scope, so most of your devices will need to be statically defined. If you want multiple dhcp scopes you will need to consider VLANs or a separate physical network for each subnet.

13

Darn, your last points the biggest problem there, what hardware is involved with VLAN’s.

Physical networks would be difficult with the phones and workstations all mixed up.

14

liamspelman wrote:

Darn, your last points the biggest problem there, what hardware is involved with VLAN’s.

Yeah, I was on a roll until I remembered dhcp generates a multicast (all subnets) when discovering a dhcp server.

Any current L2 or L3 managed switch. If you purchased a business class switch in the last 10 years and it is a managed switch it probably supports vlans. Adding VLANs to the picture does add another layer of complexity, hence my original post.

Basic rules for vlans, switch to switch are tagged (marked as a vlan packet). And switch to device are untagged, with the port PVID set to the targeted vlan. Some phones have a built in switch, where if you have vlans enabled you can plug the phone into the wall and the computer into the phone and still have an isolated network. I personally would only use one jack per device, but the mentioned way is also possible.

15

liamspelman wrote:

Ok, I just think to compartmentalize all devices would be a lot easier to manage, I’d rather do the complicated stuff whilst were small?

I’d say not to do this. Don’t use IP addresses as a management tool - think of them as an “under the hood” construct and treat them that way. Use DNS to give simple, human readable names that mean something instead. Work with, not against, the technology.

16

liamspelman wrote:

Darn, your last points the biggest problem there, what hardware is involved with VLAN’s.

Physical networks would be difficult with the phones and workstations all mixed up.

Avoid VLANs. You don’t want these!!! VLANs are for security and large scale management. You are way, way too small to be looking at them for management. You would have tens of thousands of devices before you would use them for that purpose.

17

George1421 wrote:

Your projected number of devices put you on the edge of where subnetting would be a benefit to you. You can do this but you are adding complexity to your environment with little benefit right now. You could just as easily change the subnet mask to /22 to gain additional address space with only a little time involved.

George is correct. /22 is the best answer unless you have a very specific “out of the ordinary” technical need that we don’t know about from the description (like crazy amounts of specialized broadcast traffic.)

You are looking to break up much smaller than Fortune 1000 firms with big networking engineering budgets would do. Stick with /22 to make life easier.

18

liamspelman wrote:

I want to separate our dev team from our sales guys as well, so id put them on different sub nets, just not sure what hardware/config is involved?

Why? Unless you are expecting to hit many thousands of users AND expect that the traffic for those users will be peer to peer and not via a server. Once you use servers, this subnetting theory breaks down.

19

liamspelman wrote:

How can all my subnets talk to my server subnet?

You need routers to tie your subnets together (this can be traditional routing or what people call Layer 3 switching, which is just a multi-port router.) This is where it is obvious how bad subnetting will be for you. You leave the world of easy to manage high speed Ethernet switching and move into managing internal routes that are slow. You lose performance while making your life as the IT person much more complicated.

20

liamspelman wrote:

Physical networks would be difficult with the phones and workstations all mixed up.

Why would that be hard? That would be the easiest, I would think.