11-06-2024 05:19 PM
I was helping a friend with a small business network setup, less than 40 employees.
He had an IP setup of...
10.2.2.1 router
10.2.2.254 switch
10.2.2.248 switch
10.2.2.247 switch
10.2.2.8 VMware server
10.1.1.1 Firewall
10.2.3.1 Default Gateway & DHCP
10.1.1.225 DNS
10.1.1.226 DNS
and most of the user IP's were in the 10.2.3.x IP range but everything was using a 255.255.255.0 subnet mask.
Is this considered bad form? A 255.255.255.0 subnet mask in what I assume is considered a class C network.
Thanks.
11-06-2024 05:49 PM - edited 11-07-2024 01:40 AM
10.x.x.x was a Class A private network address block.
255.255.255.0 mask was used for Class C network address block, or now any /24.
It's not bad form using a /24, although if actually doing Classful addressing, using a /24 with a Class A address is actual subnetting, and there are "rules" for how that's done, if also using a Classful dynamic routing protocol, like RIP.
As it's (to me) unclear, how you're using your 3 /24s (10.1.1.0/24, 10.2.2.0/24 and 10.2.3.0/24 [BTW, this allocation does use two /16s]), cannot comment further on how you're assign network and IPs makes sense or not.
11-06-2024 05:58 PM
@Jerrit1 wrote:
10.2.3.1 Default Gateway & DHCP
The 10.0.0.0/8 is pretty much a very huge private subnet. Why be stingy and chop it into small subnets for a "small business"?
10.2.3.1 is the default gateway & the DHCP server IP address? Interesting!
11-06-2024 06:33 PM
I don't know why his network scheme was so complicated. I do know he is having issues with it. Like, very long Windows login times for PC's on the domain. Dropping Wi-Fi connections and randomly inaccessible network printers.
11-07-2024 06:29 AM
....Which I guess brings me to another question. Is a complicated, and separated by multiple subnets with multiple gateways, network design advantageous for a small business network or is it unnecessarily complicated and just one subnet and one IP address range works just fine? Maybe just segregating network data using a few VLAN's would be easier and more efficient? Like maybe just a VLAN to segregate the VOIP traffic.
11-07-2024 06:50 AM - edited 11-07-2024 09:29 AM
It depends on your goals.
From a strictly performance standpoint we use multiple subnets because of (usually) L2 scalability issues. The classic /24 usually works well in most cases. Rarely do you need to go smaller than a /25, and conversely, up to a /22 may be fine in a switch environment.
The above noted, for security purposes, we often align security needs with subnets so that we can use ACLs to filter traffic in and/or out of a subnet. For this purpose we may have possibly many more subnets, and to conserve (IPv4) address space usage, subnets are often sized to number of IPs needed within a subnet.
As a general design guide, as with much else, starting with the KISS principle is good. Only add complexity when it's (truly) warranted.
11-07-2024 07:33 AM
Having multiple subnets would not relate to any of the issues you described unless there is a high resources usage on the device that is doing the inter-VLAN routing that would cause the packets to be dropped, but tbh for such a small size environment I would not expect this to happen. As already mentioned, having one single subnet for data traffic or multiple is usually tied with the security requirements. For instance if you have guests connected to your network then defo you would need to have a separate subnet (or use TrustSec) for them and make their traffic pass through the firewall so it will be denied access to your internal resources and allow it only to the internet. Another use case would be if you have services or applications that need to be accessed from the internet, in that case you would need a DMZ segment with a separate subnet. However, if you don't have these requirements then having a single subnet will simplify the whole design. Now from the voice traffic perspective, yes you would need a separate subnet/VLAN that will be dedicated for voice.
11-07-2024 02:12 PM
"Now from the voice traffic perspective, yes you would need a separate subnet/VLAN that will be dedicated for voice."
Not necessarily, IMO. The principle reason to have VoIP phones in their own VLAN is to avoid the VoIP phones from having to deal with broadcasts (and possibly multicast and/or flooded unicast), not relevant to them. (It's usually not a bandwidth issue, as often VoIP phones and PCs share the same physical port.)
Don't misunderstand, it's not a question whether having VoIP phones in their own VLAN is "better" but that's not the same as (true) "need". (Real need I consider based on whether it can, or cannot, function without the "needed" item.)
Laugh, as is often the case in the real-world, the actual answer to whether something is needed is: "it depends".
11-08-2024 01:46 AM
If you don't put the IP phones in their own voice VLAN, could you still apply the same voice QoS policies and guarantee the voice traffic prioritization?
11-08-2024 03:24 AM
"If you don't put the IP phones in their own voice VLAN, could you still apply the same voice QoS policies and guarantee the voice traffic prioritization?"
For L3/packet based QoS, shouldn't be a problem.
For L2/frame based QoS, it can be, but QoS at L2 is "iffy".
If you need VLANs for effective QoS, you're at the level where you might also need dedicated hardware. For example, how would you provide QoS on totally dumb L2 switches? If you have VLAN capable switches that have no L3/packet level QoS, then you may "need" to use VLANs to mimic similarly dumb physical switches.
Generally, on my smart/enhanced switches that host VoIP phones and PCs on the same port, even using dual VLANs, my egress port QoS is based on packet's ToS, not VLAN. My ingress QoS ignores L2 CoS tags. Ditto for VoIP phones without a PC.
Again, I'm not recommending to not use voice VLANs, but their usage is for other factors. Somewhat like, if a switch has a management IP, does that IP have a requirement "need" to be in a management VLAN?
BTW, yours is a good question.
11-08-2024 03:39 AM
"Having multiple subnets would not relate to any of the issues you described unless there is a high resources usage on the device that is doing the inter-VLAN routing that would cause the packets to be dropped, but tbh for such a small size environment I would not expect this to happen."
Oh, a point I overlooked on my original reply to the Aref's reply was, many small Cisco routers are NOT (sustained) Ethernet wire-rate capable. I.e. they can be a huge performance bottleneck for LAN subnet<>subnet traffic.
Such a performance bottleneck can be an issue for even a network of just two Ethernet hosts on different VLAN subnets.
L3 switches are usually needed for inter-VLAN performance.
Laugh, in fact before L3 switches, one recommendation was "switch when you can, route when you must".
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide