cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
780
Views
0
Helpful
3
Replies

Which subnet to choose for my company network?

Nabaruma
Level 1
Level 1

I joined a company recently and observered  their subnets use wouldn't go beyond two subnets (10.1.0.0/25 and 10.1.0.128/25) and wanted to change it now for a more robust network that can accomodate the company expansion drive (the company plan to have more branch network in the near future).

I had wanted to use a class B subnet of 172.23.0.0/24 but some experts here advised that I go with a class A subnet because its far more usefull especially when one want to use other vlans in the subnet for a particular branch. Therefore I finally setttled for class A 10.1.0.0/24 where the 2nd octed stand for a branch while the 3rd octed can be use a subnet of the 2nd octed in any particular branch.

You would notice a 3rd party company CardTech that connect to my network on the design

Find attached the network diagram of the company and kindly advise me on the pros and cons of the designs.

I would appreciate any commend and advise on this design.

Thank You.

Usman Musa

3 Replies 3

shillings
Level 4
Level 4

Which device will act as default gateway for the head office VLANs (i.e. 3750 or ASA5550)?

Ref IP addressing, you could consider splitting the 3rd octet in half between the HQ and branches, rather than just numbering in sequence. This would be useful if you ever want to easily aggregate all the head office prefixes or branch offices.

For example,

10.1.1.0/17 to aggregate all the head office prefixes (i.e. 10.1.1.0/24 through to 10.1.127.0/24)

and,

10.1.128.0/17 to aggregate all the branch office prefixes (i.e. 10.1.128.0/24 through to 10.1.255.0/24)

shillings,

I noticed there was mistake in the design and the reason why you asked the question (which is the gateway for d vlans).

The Cisco 3750 is the gateway for all the H/O Vlans! And routing is also enable on the switch so that the branch router too connect to it. We intentionally did not connect the branches on the Cisco ASA so as to only allow it do traffic filtering for internet and other 3rd party.

On the splitting issue we may have issue with that because the branches may be few (127) than our requirement. Any othere suggestion?

Meanwhile, find attached the new design for your infor.

Thank you for the commend.

Usman

The Cisco 3750 is the gateway for all the H/O Vlans! And routing is also enable on the switch so that the branch router too connect to it. We intentionally did not connect the branches on the Cisco ASA so as to only allow it do traffic filtering for internet and other 3rd party.

OK, good. I would have expected to see a routed link between 3750 and ASA though. Are you trunking the VLANs up there for any particular reason?

On the splitting issue we may have issue with that because the branches may be few (127) than our requirement. Any othere suggestion?

You don't need to utilise all 128 subnets, although I realise route summarisation can lead to black holing traffic. However, it might prove handy in the future, especially as the business grows. There is no obvious down-side in simply preparing the address space for summarisation, other than asthetics, so doesn't hurt to leave the door open just in case. Very hard to implement the change later on.

There would be no practical impact at this stage. You're simply moving the proposed 10.1.11.0/24 and 10.1.12.0/24 branch office prefixes up to 10.1.128.0/24 and 10.1.129.0/24. That's it for now. But later on, you can use this to your advantage and apply route summarisation, because the branches reside is a different /17 to the head office prefixes.

You don't have to use a /17 either. It's just the most obvious choice. For example, you might prefer to plan for a /19 and move the branches up to 10.1.32.0/24 and 10.1.33.0/24

Review Cisco Networking for a $25 gift card