Suppose you are assigned to design a LAN for an office having 8 departments. Each department will have 28 computers located in different rooms. Perform subnetting assuming class B private IP address.
I suggest using VLAN for each department, you can use this documentation
how to configure VLAN network and also you can view here example architecture.
Once the VLAN configured you can now use the Class B IP addresses depending on your network setup, you can also use this link IP Address and Subnetting Guide.
The question wants you to understand the Class B allocation of private addressing within RFC1918. RFC1918 allocated a single class A, 16 class Bs and an entire block of 256 class Cs. To answer this question (i'm not doing what is clearly your homework for you) You need to seach for all of the address space set aside in RFC1918 and figure out which is class B.
Then, using some of that address space, create subnets sufficient for networks containing 28 hosts on each network. I'm not sure if your professor/instructor is expecting you to make subnets that are just big enough to support that many users or if you are expected to allow for a resonable amount of growth. You might want to clarify.
Related
I have some questions about vlan's. I know that this forum is more for programming than for networking but this is the best forum that I could think of.
So all my questions are about vlan's. Here they come:
Can one vlan have a different beginning of a ip adress as the other one's (e.g. vlan 1=192.168.2.xx, vlan 2=10.0.0.x)?
Can devices have the same ipadress when they're in different vlan's?
Can you make a "hole" between the vlan's so that a few devices (chosen by you, for example using static ip adresses) can still talk with each other (e.g. a file server on vlan 1 can still talk to the printer on vlan 2)?
Can you have different dns servers for different vlan's?
Can you have different firewall settings for different vlan's? How do you "choose" which firewall you want to change as an admin?
Can you have wifi vlan's (like a vlan for your home wifi and a vlan for your guest wifi)
Can you access the routers settings (192.168.1.1) from every vlan?
When I connect to a network, how do I get assigned to a vlan? Is there like a "If someone connects to the network, it automatically goes to vlan 1 until the admin moves them to a different vlan"?
Can you put a password on a vlan so that you have to put in a password to change vlan's?
Can a user (so not a network admin) choose to change from vlan's (because then question 8 would be relevant)?
How does portforwarding work with vlan's?
If you access the network from outside (e.g. a hacker or just someone else), do you automatically get "redirected" to the standard vlan (1) or do you end up in a "intersection" where you first have to choose the vlan you want to go to?
Can you make a port on a switch that has special access to every vlan at the same time (Only for the network admin)(So for that ethernet port, the network is just one big network instead of divided vlan's)(This would contradict question 2 as then you would have two devices with the same ip adress)?
Can you have a network port with a device attached to it, that will be accessable to every vlan (e.g. a printer)? Is that dangerous because than a hacker could probably access that device and use it to jump between vlan's?
That's it. I know that there are alot of questions but I hope you can help with a few at least. The thing is, youtube video's always just explain that vlan's are separate networks, but I want to know: "How separate are they?" You see that almost every question is about "How separate are they exactly?"
I hope you can help!
Thanks
hopefully this will answer your questions
VLANs are like separated cables inside cable and they do not mix or intefer between themselfs
Answers:
Yes. As mentioned above
Yes but it's not good practice because you can make mistake durring VLANs settings causing sec flaws or IP collisions
Not directly but this can be done via gateway/router between VLANs and all traffic have to go thru GW (easy way)
Yes and usually you do. For example you have:
VLAN 10: Subnet 192.168.10.0/24; GW 192.168.10.1; DNS 192.168.10.1
VLAN 20: Subnet 192.168.20.0/24; GW 192.168.20.1; DNS 192.168.20.1
Yes it is common/required behavior. It is done by filtering firewall rule by incoming interface (eg vnet7), incoming subnet or incoming IP
Yes. But there are two ways setting VLANs:
ACCESS (untag): VLAN is ended at output interface thus client device dont have to support/setup VLAN. Actualy client device even don't know that there is some VLAN
TRUNK (tag): VLAN (or multiple VLANs) are routed thru access point and client device has to be configured same way on incoming interface
Access is what you need in this case
Yes if you setup firewall that way (routing between subnes)
As explained in point 6
No. VLAN is just number. To protect your vlans you have to setup network devices in way that every port (unless needed - eg switches bond interconnection) is set in ACCESS mode so only admin with access to network device can change VLAN for client device. Or implement NAC such as packetfence
As points 6. and 8. Only when your setup allows
Inside VLAN no portforward is needed because all devices in same VLAN are at same L2 network
No simple answer here, it all depends on your VLAN and firewall settings
Can not be done with VLANs only. Common practice is to setup specific VLAN (lets call it management VLAN) which is ended in ACCESS mode on some physicaly secured switch ethernet port and then using firewall and routings on GW to setup access across all VLANS (well .. not all but required ones)
Yes you can as mentioned above but again using firewall and routing settings on gateway
This one is long :) ... fell free to continue in chat
I know that each IP class has a default network mask (class A: 255.0.0.0, class B: 255.255.0.0 and class C: 255.255.255.0).
I have been reading the subnetting.net tutorial and they use the default (classful) network mask for subnetting (Question Type 2 Written Example), but on the other hand I read all the time that IP classes are obsolete.
What is exactly a default network mask?
Is it needed for subnetting?
Am I confusing concepts? (I suspect I am)
Please help, this is burning my head.
The IP address can never become obsolete a similar anology can be your home address becoming obsolete. The fact that IPv4 addresses are drying up Because there are that many devices in the globe now which is greater than the number of ip's available. That's why we are moving to IPv6...
A subnet mask is a number that defines a range of IP addresses available within a network. A single subnet mask limits the number of valid IPs for a specific network. Multiple subnet masks can organize a single network into smaller networks (called subnetworks or subnets).
For exp a subnet mask of 255.255.255.0 allows for close to 256 unique hosts within the network (since not all 256 IP addresses can be used).see Why do we need subnet mask?
An ISP has provided your company with the Class C network 192.111.2.0. Divide this into four (4) subnets.
Complete the following table; both Network addresses and Broadcast addresses should be in dotted-decimal notation.
Assume the all zero's and all one's subnets are usable.
There are a lot of material on subnetting - just google it and you'll get the result pretty easily. You can start with this subnet calculator.
As for your question:
In order to get 4 subnets from 192.111.2.0/24 you should go for the following configuration:
The subnet mask for all subnets are 255.255.255.192 (or /26) and the networks are divided as follows:
192.111.2.0-192.111.2.63
192.111.2.64-192.111.2.127
192.111.2.128-192.111.2.191
192.111.2.192-192.111.2.255
Notice that the first address is the network address and the last is the broadcast address
I've been told that it is bad practice to have two interfaces on the same device on the same subnet. i.e. two Ethernet ports on a switch should be on different subnets. Could somebody explain why this is the case? (preferably simply as possible as I'm new to networking)
Because routing in your OS normally sets one of Ethernet card as out gate to specified subnet and all traffic to this subnet will have only 1 output. Second route to same subnet will have bigger Metrik value and will use to send some data if first interface is down. Even if somebody will send request to second interface answer can have first Ip as sender.
If you try to increase throughput to subnet you must use aggregation of Ethernet link. you`ll have 2 physically link and 1 IP.
subnet is the logical division of the IP network based on the subnet-mask/netmask. So unless you plan to have two different separate networks, you need not to have two different subnets. This link explains most of the possible cases to explain what it means by subnetworks on a switch.
Whether two interfaces on the same subnet is good or bad depends entirely of what you're trying to accomplish.
If you need link redundancy or a simple way of load sharing (L2 or L3) it may the right way to go.
If you need network/uplink redundancy or a more complex way of load sharing (L3 only) you connect to two different networks (multi-homing). This is also the setup for a router connecting the two networks.
So I understand that there used to be classful addresses allocated depending on the first octet of an IP a long time ago. Of those classes, private IP address ranges were given in each.
Class A 10.*.*.*
Class B 172.16-31.*.*
Class C 192.168.0-255.*
I understand that according the RFC 1918, because 192.168 technically starts in the class C range, it should be considered 256 class C networks. However, because there are 256 available class C networks in 192.168.xxx.xxx, would it be incorrect to refer to this as 1 class B network?
A 'network' or 'subnet' is a set of ip-numbers that can connect to each other without the use of a router. A class C network has a maximum of 256 such ip-addresses. To get from one subnet to another subnet, a router is required. You can not call the 192.168.xxx.yyy block a single class B subnet, because the hosts at 192.168.1.xxx cannot directly connect to hosts in 192.168.2.xxx. The hosts are in different subnets.
192.168.xxx.yyy is an ip-block of 256 private class C networks. Classed networks assume fixed network masks for particular ip-ranges. So, for the networks in block 192.168.xxx.yyy, classed-only network software will set the network mask to be equivalent to 255.255.255.0 (or /24).
Today most network software ignores the class of the network and will require a network mask for all ip number blocks. For instance, you can use 192.168.0.0 to 192.168.3.255 as a single classless subnet containing 1024 ip-addresses if you use network mask 255.255.252.0
If you get the gateway as the following:
192.168.0.1
255.255.0.0
And a client at
192.168.10.1
255.255.0.0
They will communicate fine.
I ask this same question myself.
Its considered a C class network but can be configured as a B Class while staying in the private range. We need some educated answers to elaborate on this.