11-23-2004 06:43 AM - edited 03-05-2019 11:20 AM
We are considering using private IP addresses on our LAN switches. Is there any issues we need to consider while doing this, like preventing other users from using these address? Or any other suggestions?
11-23-2004 06:56 AM
You can use private addresses just the same way you use non-private addresses. The advantage is they are not routable on the Internet, so security is better. The disadvantage is that they are not routable on the Internet, so you will have to use NAT if you want to go outside your site.
If you have partner sites to which you are directly connected, you may have to come to some agreement with them over who uses which range of addresses, and how to resolve eventual conflicts. In this case, the political issues outweigh the technical issues.
Kevin Dorrell
Luxembourg
11-23-2004 07:52 AM
Thanks, Kevin. What we are trying to do is we use private address on switches only, for security reasons. But we still want to use our class B address for end users. Will that cause any problems, potentially?
11-23-2004 08:22 AM
The mixture of private addresses on management interfaces and public addresses on end stations is commonly done. There are not many issues involved in this. One that does come to mind is that when you mix public and private addresses like this it will produce discontiguous networks. It can complicate doing summarization and you need to be especially careful with protocols that default to automatic summarization (like EIGRP) and be sure to disable automatic summarization.
HTH
Rick
11-23-2004 08:43 AM
That is exactly what I do. I use 192.168.n.0/24 for the Network Management, making sure that it is not routable anywhere that I would not want it routed, and I keep the production network on its own address range.
Some people also put their Network Management on a separate VLAN, but this does carry some risks - like cutting yourself off from the management if the trunks stop trunking.
Kevin Dorrell
Luxembourg
12-04-2004 06:07 AM
put a DHCP server in your private network and keep static ip for all your switches and let all the other users be configured to use dynamic ip.
12-07-2004 12:20 AM
If you insist on using private ip on the LAN, fine but this is not routable on the internet and it gives a false sense of security, unlike when you are using public ip, you know you are prepared to really handle security issues.It's quite difficult trying to prevent other users of that private ip from using it. The way out is to obtain a public ip from RIPE NCC and you will be sure nobody else uses the ip with you, since you now have a legal right on the ip address. If you are insisting on using that private ip, try to also secure your network, also you can use NAT to get them routabe on the internet. I wish you all the best.
Gabriel Oyeyemi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide