Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Need Your Suggestions: About Sub-netting (Which Subnet to use)
  •  
KerioControl

Messages: 28
Karma: 0
Send a private message to this user
Hello dear friends, I 'm new in this field and doing my best, but I need some suggestions ...

which ip to use for a large network (about 5-6 servers, 50 network printers, 10 smart manageable switches, 250 desktop PC, about 50-60 VPN Users)
If I use standard C class IP 192.168.1.1-254 255.255.255.0 there is only 254 hosts.....
What if I use other Class of IP which may give me more hosts....
Please suggest me which IP and subnet to use for my network.

I thought and I can attach one additional LAN card to a kerio (Totally I'll have 1 Wan port and two LAN ports) and configure it as 192.168.2.1-254 It will also give me 254 hosts, but i think to use one subnet which will gave me more hosts then 254..

Please Help, I'm confused, I need to configure and plan the network professionally. (I just need your advice and suggestions, then I'll fulfill it without any problem)

Thank you in Advanced
  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
With 250+ desktops I'd suggest to use managed L3 switch and segment network into several VLANs. And each VLAN would have own IP range.

If you need professional help, you may contact one of our partners http://www.kerio.com/partners/locator/search to help you setup your network.

Petr Dobry
Product Development Manager | Kerio
  •  
KerioControl

Messages: 28
Karma: 0
Send a private message to this user
Hello, Thanks for your reply...
There is no support for my country to the given link...

Ok VLAN, my switch supports it
If my router will be 192.168.1.1, DNS 192.168.1.1, GW 192.168.1.1
then I have to give one IP address to the switch (192.168.1.20) then router DNS and Gateway and then I will configure the wlans.. it's ok but if i use 10 switches and if vlans are different in subnets, how the computers will see each other?
  •  
silars

Messages: 429
Karma: 59
Send a private message to this user
I find it very hard to not use the 10.x.x.x private subnet for my IP addressing needs. 16 million IPs are hard to argue against.

The only potential issue is VPN'ing. If you are VPN'ing from a 10.x.x.x network to a 10.x.x.x network, you could have some reachability issues. The 172.16.x.x is the least commonly used of the private networks.

Remember, the 192.168.x.x network is bigger than just the 192.168.1.x (most common). You get 64k addresses in that range. You can just keep adding in /24 networks out of that space as you need. Using Petr's advice, this is as simple as just adding VLANs.
  •  
silars

Messages: 429
Karma: 59
Send a private message to this user
To communicate between VLANs, you'll need a router/firewall. It will have an interface into each VLAN (192.168.1.1/24, 192.168.2.1/24, 192.168.3.1/24, etc.). If it can't be in all VLANs, you'll need multiple routers and then run a routing protocol or setup static routing.

To be honest, I've seen networks have 1000s of devices in a single VLAN. It does require careful planning, and you need to be knowledgeable of what you are doing.

For simplicity, I'd suggest you looking into using a larger subnet and staying with a single VLAN (e.g. 192.168.1.x/23 = 510 IPs per subnet/VLAN). As long as you don't have a lot of broadcast based traffic, you should be fine. If these are Apple/Mac's using Bonjour, you may need to reconsider your options.
  •  
KerioControl

Messages: 28
Karma: 0
Send a private message to this user
thank you very much for your reply......
I liket that idea to use one subnet for 510 hosts...
I'll Use: 192.168.1.1 Subn: 255.255.254.0 and this will give me 510 ip.....

What do you mean 1. "broadcast based traffic" (I have fiber optic connection: 100 mb/s UP $ Down)
2. "If these are Apple/Mac's using Bonjour, you may need to reconsider your options"
you want to say that apple/Mac computers, iphones couldn't work in the network?


and what do you think if i use: 192.168.1.1/16 it will give me 65534 usable ips

for my company 500 ips are ideal.... I don't need more (I just needed 300 IPs)
  •  
silars

Messages: 429
Karma: 59
Send a private message to this user
There should be no difference in using 192.168.1.0/16 or 192.168.1.0/23 for 300 devices. It would only become an issue if you wanted to subnet/route later. You can still do that, but you need to plan your IP addressing ahead of time.

Almost all ethernet based protocols use some sort of broadcast or multicast mechanism to communicate or learn. These frames are typically flooded out all active ports. IP Multicast can rely on IP Multicast Reduction (IGMP Snooping) to minimize where traffic has to be replicated. Unfortunately, about the only thing you can do to stop true broadcasts (FF:FF:FF:FF:FF:FF) is MAC filters or broadcast suppression features in your switch.

These are important because some protocols use broadcasting/multicasting extensively. Bonjour is a known bad guy (as was Appletalk) in the ethernet world. While this is fine for smaller networks, it doesn't scale well when considered in corporate environments. It's even worse when you consider Wi-Fi networks and their limited bandwidth. iPhones and iPads are increasingly a problem, obviously.

In any case, your user count is not likely to be an issue. If you expect growth, plan accordingly and do your due diligence. No need to be surprised.
  •  
KerioControl

Messages: 28
Karma: 0
Send a private message to this user
I Understood...... Sailars
First of all greatest thanks for your advices and suggestions, it is really helping me

So I have 2 main options:
1. To Reduce the 3rd digit of the subnet mask to allow more IP addresses to be available for
devices on my network. (192.168.1.1/16, 22 or 23).
2. Have 2 internal network cards in Router (1. 192.168.1.1/24, 2. 192.168.2.1/24)

I Think
The problem with Option 1 is that too many devices on the same network can reduce performance. In my case 250 PCs, 50 Network Printers, Switches, Access Points, Servers) are they many? will they reduce performance of my network?

I can do any of them Which option you would recommend....
  •  
silars

Messages: 429
Karma: 59
Send a private message to this user
Yes, those are essentially your two choices.

If you don't plan to grow a lot, Option 1 is preferred. It is simpler to configure, debug, and maintain.

If you plan a lot of growth, just be careful with your IP addressing so you can add subnets/VLANs later (i.e. align your IP space on subnet boundaries). If you align on boundaries, you can easily change the mask later with minimal impact to operations. If you spray your addresses all over, you won't be able to change the mask without significant re-addressing. DHCP alleviates some of the issues, but servers and network resources could be problematic.

300-500 simple IP devices should not be an issue for a single subnet. If you come back to me and say you are doing lots of of high speed IP multicasting, I'd probably change my recommendation.
  •  
KerioControl

Messages: 28
Karma: 0
Send a private message to this user
Thanks Silaris....

First of all I'll explain my network main missions, as I mentiones above we will have maximim about 300 working hosts, but from 300 hosts about 20-50 host will be unlimited with internet or intranet access, but all the rest will be limited with downloads and filtered from chat, social sites, video and audio streaming sites.. it is corporate network and users are prohibited.

If i use 192.168.1.0/23 - 510 host (from DHCP) It will solve my problems... and lately if I notice something wrong in the network (I mean network performance) then I can add leyer3 switch and configure vlans... But I think this option will work without any problem......
It is really easy to maintain and deploy the network (With one subnet) Smile
Previous Topic: Blocking, Skype
Next Topic: Automatic user validation on Kerio Control Software Appliance
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Oct 19 18:17:41 CEST 2017

Total time taken to generate the page: 0.00496 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.