أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.
IP addressing must be born flexiable and able to grow , we had to take this in consideration so it must start smsmallall VLAN , I had seen some people using /16 vlan for samll networks not more thn 2K hosts implication of this on network performance is very bad . flexiability here means we use network technics to gather small VLANS to introduce a small attack network surface helping to decrease broadcast and spaning trees value
our Mangment VLAN is the most crucial one for controling all network equipment under control
rigt now we had IoT which in way or another exists in out networks we must be upfron and keep them isolated in separate VLAN
I feel like I am trying to herd cats at work - I would really like to standardize how we assign IP addresses within DHCP and the subnets, but each administrator has his or her own "Best Practices" ideas about IP Address schemes - one person uses x.x.x.1 as the gateway/router, while another uses x.x.x., and yet another will use x.x.x.2. One administrator will use x.x.x. through x.x.x. as the DHCP range, while another will use x.x.x. through x.x.x. and so on. One administrator even used a range in the middle of his DHCP scope for switches, routers, and servers!I want to do something like this:
x.x.x.1 = default gateway (assuming /)
2- = network access devices
- = server devices
- = network peripherals (printers, etc.)
- = reserved for special devices
- = static addressed workstations
- = standard DHCP pool of addresses
- = VOIP devices (switch, adapters, etc.)
BUT I can't convince everyone to do it the same way. It depends on above mentioned is only for small network you can say only for users and for / if you have more you can carry1 bit by using subneting make it / or more.
above mentioned scenario is only for example.
You can optimize the size of your routing tables by aggregating/summarizing multiple routes in one larger route. To achieve that you need to assign contiguous networks to your locations that you regroup in a larger, summarized route.
For example, starting with the 10.0.0.0/8 and 172.16.0.0/20 private networks, you could reserve ranges for specific usages, then break those down in more specific assignement. Hierarchically, from the least to the most specific :
NAT
The best practices of ip address design is subnetting process to design the different class ip address subnetting
NAT, Classless ip address these process to design the ip address.
Although security considerations for L2 are important, the attacks require local access to be successful. When designing your L3 layout, the ramifications of your decisions are much more important. This section outlines overall best practices for IP addressing, including basic addressing, routing, filtering, and Network Address Translation (NAT).
The basic best practices for IP addressing should be familiar to you. At a high level in your design, you first must decide whether the IP address of the user on your network will have any significance from a security standpoint. For example, if you are an organization with three sites, are you just going to assign a subnet to each of the three sites, even though there are individuals at each site with different levels of security access?
This approach is fine if your security system depends mostly on application layer security controls (AAA, intrusion detection). I've seen many designs that do this successfully, but it does take away a simple control that many find useful: L3 access control. Here, users are put into group-specific subnets that provide an additional layer of access control between the user and the resources