Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
722
Views
0
Helpful
3
Replies

IP Ranges

Go to solution
kevin.crookes
Level 1
Level 1

‎07-13-2011 12:23 AM - edited ‎03-07-2019 01:11 AM

Morning All,

I am about to start installing two new (and very nice) Cisco 2960-S switches into a network as explained below:

6 - Servers

10 - Network Printers

10 - Wireless access Points

1 - WatchGuard Firewall (x750e)

80 - 120 client PC's and Devices.

Currently the network is split into 10.10.10.x/23 for all non client PC's and devices and 10.10.11.x/23 is for all the client PC's and devices.

Now I have had lots of discussions if this is the correct way to setup the network or weather it should be changed to have two subnets 10.10.10.x/24 and 10.10.11.x/24 and use the WatchGuard to route between the two.

Please could i have your thoughts and ideas.

Many thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Latchum Naidu
VIP Alumni
VIP Alumni

‎07-13-2011 12:34 AM

Hi Kevin,

You may continue with the 10.10.10.0/23 but it will be a flat network you can not restrict between them. Like all your management network and client devices will be in same network as long as it is not recommended.


I would suggest you to split (VLAN's) your network and do inter vlan routing on your Firewall if it support. You must have an L3 device to make inter-vlan routing. If you dont have any L3 device which support inter-vlan routing then you have to continue with the flat network that is 10.10.10.0/23 only.


HTH
Please click on the correct answer if this answered your question.
Regards,
Naidu.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Latchum Naidu
VIP Alumni
VIP Alumni

‎07-13-2011 12:34 AM

Hi Kevin,

You may continue with the 10.10.10.0/23 but it will be a flat network you can not restrict between them. Like all your management network and client devices will be in same network as long as it is not recommended.


I would suggest you to split (VLAN's) your network and do inter vlan routing on your Firewall if it support. You must have an L3 device to make inter-vlan routing. If you dont have any L3 device which support inter-vlan routing then you have to continue with the flat network that is 10.10.10.0/23 only.


HTH
Please click on the correct answer if this answered your question.
Regards,
Naidu.

0 Helpful

Go to solution
marcinwojcik
Level 1
Level 1

‎07-13-2011 12:53 AM

Hi Kevin,

I've been thinking for a while about your setup and couldn't say without hesitation "you have to change it". As Naidu mentioned you have a flat network - that definitely restricts flexibility regarding some changes in the future, and I think the Future is what you have to think about in order to carry on with current config or change it.

If you know that your network will not grow considerably in next 2 years you may leave it as it is - it works, don't break it. You will configure two switches and everything will run smoothly. No problems.

If you know that you're going to add more PCs and servers soon, then it's worth of considering an additional work to change the config. You may not only split into 2 VLANs but maybe 3 or 4 ? How many departments you have in your company, how many PCs per each department, how many floors? It would make sense to have a management VLAN for Switches ans APs (you can use native VLAN for that) and put servers on VLAN2 and PCs on VLAN3 - I think that make sense. Definitely it all depends on the future growth of your network.

I am not sure about the WatchGuard capabilities - I used to use it in the past but only as a firewall. If you have money in your budget, go for L3 switch and split you network into VLANs. That will make your life easier...

I hope it hleps rather than blur the view of your options.

Regards,

Marcin.

0 Helpful

Go to solution
kevin.crookes
Level 1
Level 1
In response to marcinwojcik

‎07-13-2011 04:33 AM

Thanks for the information Marcin.

We didn't have enough money in our budget to go for the L3 switches as we needed gigabit across all ports, so we went for the 2960-S. At our other site we have the older 3550's which run perfectly, just a shame I couldn't get the L3 switches for our head office. :-(

Anyway, I know we will be expending so to give you a little more information about our site(s).

Head Office contains two floors. Ground Floor contains 5 departments and the first floor contains another.

PC's per department range from 3 - 18.

I know our WatchGuard can be used for VLAN routing (tested it this morning), so hopefully this should help things.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card