On Fri, Aug 26, 2016 at 12:43:30PM +0200, Pol Hallen wrote: > Hi all, I'm helping a friend to create a small network on his office (4 > floors) > > I suggests him to separate each networks: > > floor1 - 192.168.1.0/24 > floor2 - 192.168.2.0/24 > floor3 - 192.168.3.0/24 > floor4 - 192.168.4.0/24 > > DSL <--> SERVER <--> WAN - 192.168.10.0/24 > NIC1 - 192.168.1.0/24 <--> switch > NIC2 - 192.168.2.0/24 <--> switch > NIC3 - 192.168.3.0/24 <--> switch > NIC4 - 192.168.4.0/24 <--> switch > > what is better? A linux server with 5 NICS (for all floors) or a dedicated > and cheapest router with 5 NICS? (DSL <--> SERVER <--> ROUTER)
As others have noted, there is not enough information here to decide what is best... However... You may want to for different networks to allow for future expansion. Your current scheme will only allow for max ~ 250 clients per floor. And you have the IP ranges rubbing against each other without gaps... It is usually a good idea to leave "space" between the IP ranges to allow them to expand without too much trouble. And avoid making the IP range too narrow - running out of IP addresses is nasty. For example: floor1 - 192.168.128.0/20 [ 192.168.128.0 ... 192.168.143.255 ] floor2 - 192.168.160.0/20 [ 192.168.160.0 ... 192.168.175.255 ] floor3 - 192.168.192.0/20 [ 192.168.192.0 ... 192.168.207.255 ] floor4 - 192.168.224.0/20 [ 192.168.224.0 ... 192.168.239.255 ] With /20 it allows for ~4000 devices per floor. And there are "gaps" in the IP ranges to allow for expansion, so if the population of a floor grows, it can grow to a /19 without clashing with the next floor. In each IP range you need to allow IP addresses for: default gateway (traditionally the first IP in the range. Or the last. Convention differs.) broadcast address network address (not sure this is needed nowadays, but I tend do...) and you may also want to reserve a block (16 or 32 IPs) at the beginning/end of each network range for devices with fixed IP addresses - e.g. your dhcp server (unless you let the router forward DHCP/BOOTP), DNS server (which may or may not be on the same network) and other stuff that crops up. Of course, here we seem to be talking about wired access. Wireless access probably should have its own IP range (and allow for a sizeable number of devices) as it will probably not be specific to a floor... You could treat this as a different (less trusted) floor.... Hope this helps -- Karl