Tips for IP with CIDR Summarization
-
I am in trouble using the CIDR Summarization which I have never used before.
I have read all the pfSense documentation and several articles on the Internet, but I would not want to confuse or create problems.
(I am doing some experiments in a virtual test network).Until now I had used the classic / 24 notation, so for example
192.168.0.0/24 WAN network
192.168.1.0/24 LAN network
192.168.2.0/24 OPT1 / DMZ1 network
192.168.3.0/24 OPT2 / DMZ2 network
...
This is for each office, both central and remote.Instead, I was thinking of using a configuration with now
192.168.0.0/20
In this way I would have:
192.168.16 - 31.x for the head office
192.168.32 - 47.x for the first remote office
...
192.168.240 - 255.x for the last remote officeIn this way, in each location I could use 16 independent network segments, each with 254 available addresses.
Eg
192.168.16.0 WAN network
192.168.17.0 LAN network
192.168.18.0 OPT1 / DMZ1 network
192.168.19.0 OPT2 / DMZ2 network
...
192.168.26.0 VPN Admin
192.168.27.0 VPN Users
192.168.28.0 VPN Guests
192.168.29.0 LAN Guest
192.168.30.0 LAN Service PC
192.168.31.0 VoIP NetworkIt perplexes me what broadcasting would be in this case
192.168.31.255, common to all network segments.Above all, I did not understand where to put the / 20 because if I want to see only the 254 addresses for each segment I should always use the / 24.
192.168.16.0/24 WAN
192.168.17.0/24 LAN
192.168.18.0/24 OPT1
...But in this way I find myself in the same current situation, I only change the address in the third block.
What do you think?
-
@darkcorner said in Tips for IP with CIDR Summarization:
It perplexes me what broadcasting would be in this case
Where are you seeing that? Also, what broadcasting? Are you talking about the broadcast address? Perhaps a routing protocol announcing what a router knows about? You talk about summarizing the networks, which means you're combining several address blocks into one, so that anything within that range is routed to that box, where it gets sorted out.
-
@darkcorner said in Tips for IP with CIDR Summarization:
This is for each office, both central and remote.
Instead, I was thinking of using a configuration with now
192.168.0.0/20
In this way I would have:
192.168.16 - 31.x for the head office
192.168.32 - 47.x for the first remote office
...The broadcast address is the last IP address in the subnet and the network the first.
I'd leave spare subnets at the top of each range unused incase you have any extra requirements at each site, i.e:-
Site 1
192.168.0.0/20
192.168.0.0/24 WAN network
192.168.1.0/24 LAN network
192.168.2.0/24 OPT1 / DMZ1 network
192.168.3.0/24 OPT2 / DMZ2 network
192.168.4.0/24 Spare
192.168.5.0/24 Spare
192.168.6.0/24 Spare
192.168.7.0/24 Spare
192.168.8.0/24 Spare
192.168.9.0/24 Spare
192.168.10.0/24 Spare
192.168.11.0/24 Spare
192.168.12.0/24 Spare
192.168.13.0/24 Spare
192.168.14.0/24 Spare
192.168.15.0/24 SpareSite 2
192.168.16.0/20
192.168.16.0/24 WAN network
192.168.17.0/24 LAN network
192.168.18.0/24 OPT1 / DMZ1 network
192.168.19.0/24 OPT2 / DMZ2 network
192.168.20.0/24 Spare
192.168.21.0/24 Spare
192.168.22.0/24 Spare
192.168.23.0/24 Spare
192.168.24.0/24 Spare
192.168.25.0/24 Spare
192.168.26.0/24 Spare
192.168.27.0/24 Spare
192.168.28.0/24 Spare
192.168.29.0/24 Spare
192.168.30.0/24 Spare
192.168.31.0/24 SpareYou could even split a /24 into a /25:-
192.168.31.0/24 Spare split into /25 would give you:-
192.168.31.0/25
192.168.31.128/25https://packetlife.net/media/library/15/IPv4_Subnetting.pdf