On Fri, Aug 26, 2016 at 12:43:30PM +0200, Pol Hallen wrote:
> Hi all, I'm helping a friend to create a small network on his office (4
> floors)
>
> I suggests him to separate each networks:
>
> floor1 - 192.168.1.0/24
> floor2 - 192.168.2.0/24
> floor3 - 192.168.3.0/24
> floor4 - 192.168.4.0/24
>
> DSL <--> SERVER <--> WAN - 192.168.10.0/24
> NIC1 - 192.168.1.0/24 <--> switch
> NIC2 - 192.168.2.0/24 <--> switch
> NIC3 - 192.168.3.0/24 <--> switch
> NIC4 - 192.168.4.0/24 <--> switch
>
> what is better? A linux server with 5 NICS (for all floors) or a dedicated
> and cheapest router with 5 NICS? (DSL <--> SERVER <--> ROUTER)
As others have noted, there is not enough information here to decide
what is best...
However...
You may want to for different networks to allow for future
expansion. Your current scheme will only allow for max ~ 250 clients
per floor. And you have the IP ranges rubbing against each other
without gaps...
It is usually a good idea to leave "space" between the IP ranges to
allow them to expand without too much trouble. And avoid making the IP
range too narrow - running out of IP addresses is nasty.
For example:
floor1 - 192.168.128.0/20 [ 192.168.128.0 ... 192.168.143.255 ]
floor2 - 192.168.160.0/20 [ 192.168.160.0 ... 192.168.175.255 ]
floor3 - 192.168.192.0/20 [ 192.168.192.0 ... 192.168.207.255 ]
floor4 - 192.168.224.0/20 [ 192.168.224.0 ... 192.168.239.255 ]
With /20 it allows for ~4000 devices per floor. And there are "gaps"
in the IP ranges to allow for expansion, so if the population of a
floor grows, it can grow to a /19 without clashing with the next
floor.
In each IP range you need to allow IP addresses for:
default gateway (traditionally the first IP in the range. Or
the last. Convention differs.)
broadcast address
network address (not sure this is needed nowadays, but I tend do...)
and you may also want to reserve a block (16 or 32 IPs) at the
beginning/end of each network range for devices with fixed IP
addresses - e.g. your dhcp server (unless you let the router forward
DHCP/BOOTP), DNS server (which may or may not be on the same network)
and other stuff that crops up.
Of course, here we seem to be talking about wired access. Wireless
access probably should have its own IP range (and allow for a sizeable
number of devices) as it will probably not be specific to a floor...
You could treat this as a different (less trusted) floor....
Hope this helps
--
Karl
