Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
998
Views
0
Helpful
4
Replies

VLSM or Private Subnetting

bigger_gabriel
Level 1
Level 1

‎06-26-2013 04:46 PM - edited ‎03-07-2019 02:06 PM

Hello All,

Currently our company is implementing new security appliances.

Our WAN facing firewall is a Ciscoasa 5510. 

I would like to implement a cisco switch (catalyst 3560g) with ip routing turned on and break the network into vlan's, and one of our clients is demanding a firewall infront of our database server.

The network admin before me used 10.10.x.x /16 for the network.  Now I need to break it down and I was wondering if VLSM or use a new private address would be recommended for this senario?

And which routing protocol would you use EIGRP or OSPF?

And are there any recomendations on which cisco firewall to use infront of the database server?

There are about 250 employees accessing the database server on a daily basis.

Yours Truly,

gabriel

Labels:
0 Helpful
4 Replies 4

Ken Moore
Level 1
Level 1

‎06-27-2013 07:56 PM

First, I am not CCNA or even CCENT certified.  However, I am in the process of studying the ICND1, and wouldn’t you guess it, I am on a chapter on VLSM.  In my opinion only, if you don’t have to worry about the amount of host/users, I would think that just using the private subnet would be easier to use.  I am understanding the concept of VLSM, and can do most of it, but I still have a small problem with it.  Let me know what you end of doing.  Thanks, Ken

0 Helpful

stephen.ehlas
Level 1
Level 1

‎06-28-2013 02:35 AM

Hi Gabriel

The use of private subnets inside organisation the  will sure make your life easier, in terms of manageability for the future. You can then subnet the private range so that you end up with one subnet per function (e.g. database, web server etc). This way you will allow you to know eactly what is where within the organisation.

So for example, you take the 192.168.0.0/16 range and assign 192.168.10.0/24 to the database servers, 192.168.20.0/24 to the web servers etc etc. This will give you lots of space for expansion as well.

With regards to the routing protocol - OSPF all the way . Its far easier to manage if you carve up the area's in a logical manor. Alot of comapnies are moving away from EIGRP due to its limitations (8000 node is the max as far as I can remember). Also, OSPF will localise your routing table, and give you faster convergence in an 'out of the box' configuration

HTH

Steve

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to stephen.ehlas

‎06-28-2013 06:01 AM

Hi,

EIGRP with feasible successor is by far more quick to converge than OSPF but indeed it is a distance  vector protocol compared to OSPF so it has some features to take into account like max number of Hops or split-horizon for example but you can summarize everywhere whereas OSPF can only summarize at ABR or ASBR, the filtering capabilities are better in my opinion in EIGRP compared to OSPF at least on Cisco devices.

I doubt the OP has 8000 nodes but I maybe wrong so I would opt for EIGRP if all devices are Cisco.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

bigger_gabriel
Level 1
Level 1
In response to cadet alain

‎06-28-2013 06:16 PM

What about the firewall infront of the database server?  a cisco 5505 you think?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card