Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1659
Views
5
Helpful
6
Replies

Using private IP addresses on switches

Cynthia2004
Level 1
Level 1

‎11-23-2004 06:43 AM - edited ‎03-05-2019 11:20 AM

We are considering using private IP addresses on our LAN switches. Is there any issues we need to consider while doing this, like preventing other users from using these address? Or any other suggestions?

Labels:
0 Helpful
6 Replies 6

Kevin Dorrell
Level 10
Level 10

‎11-23-2004 06:56 AM

You can use private addresses just the same way you use non-private addresses. The advantage is they are not routable on the Internet, so security is better. The disadvantage is that they are not routable on the Internet, so you will have to use NAT if you want to go outside your site.

If you have partner sites to which you are directly connected, you may have to come to some agreement with them over who uses which range of addresses, and how to resolve eventual conflicts. In this case, the political issues outweigh the technical issues.

Kevin Dorrell

Luxembourg

0 Helpful

Cynthia2004
Level 1
Level 1
In response to Kevin Dorrell

‎11-23-2004 07:52 AM

Thanks, Kevin. What we are trying to do is we use private address on switches only, for security reasons. But we still want to use our class B address for end users. Will that cause any problems, potentially?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Cynthia2004

‎11-23-2004 08:22 AM

The mixture of private addresses on management interfaces and public addresses on end stations is commonly done. There are not many issues involved in this. One that does come to mind is that when you mix public and private addresses like this it will produce discontiguous networks. It can complicate doing summarization and you need to be especially careful with protocols that default to automatic summarization (like EIGRP) and be sure to disable automatic summarization.

HTH

Rick

HTH

Rick
0 Helpful

Kevin Dorrell
Level 10
Level 10
In response to Cynthia2004

‎11-23-2004 08:43 AM

That is exactly what I do. I use 192.168.n.0/24 for the Network Management, making sure that it is not routable anywhere that I would not want it routed, and I keep the production network on its own address range.

Some people also put their Network Management on a separate VLAN, but this does carry some risks - like cutting yourself off from the management if the trunks stop trunking.

Kevin Dorrell

Luxembourg

Jerril Vergis Kurian
Level 1
Level 1

‎12-04-2004 06:07 AM

put a DHCP server in your private network and keep static ip for all your switches and let all the other users be configured to use dynamic ip.

0 Helpful

gabrieloyeyemi
Level 1
Level 1

‎12-07-2004 12:20 AM

If you insist on using private ip on the LAN, fine but this is not routable on the internet and it gives a false sense of security, unlike when you are using public ip, you know you are prepared to really handle security issues.It's quite difficult trying to prevent other users of that private ip from using it. The way out is to obtain a public ip from RIPE NCC and you will be sure nobody else uses the ip with you, since you now have a legal right on the ip address. If you are insisting on using that private ip, try to also secure your network, also you can use NAT to get them routabe on the internet. I wish you all the best.

Gabriel Oyeyemi

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card