VLSM in Class B

Unanswered Question
Sep 9th, 2007

HAi all,

can anybody explain me how to do VLSM in Class B 172.20.0.0/23?

thanks in advance

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
paul.matthews Mon, 09/10/2007 - 04:51

172.20.0.0/23 is not a class B! a "class B" would be a /16.

We need to know what you are trying to do.

mohammedmahmoud Mon, 09/10/2007 - 07:34

Hi Sakthi,

As Paul has pointed out "172.20.0.0/23" is not a class B address, it might be one of the subnets out of "172.20.0.0/16" Class B address according to your subnetting.

VLSM means that you can use a long mask on networks with few hosts and a short mask on subnets with many hosts, by subnetting a classfull IP address space to classless shorter mask subnets.

As a small example, "172.20.0.0/16" contains 65534 hosts, we can subnet it into 2 subnets each having 32766 hosts ("172.20.0.0/17" and "172.20.1.0/17") and more over we can do whatever subnetting is optimum for us according to the hosts density.

In general VLSM was introduces as a means of allocating IP addressing resources to subnets according to their individual need rather than some general network-wide rule, in order for good utilization of the address space.

HTH,

Mohammed Mahmoud.

sakthicisco Mon, 09/10/2007 - 22:03

Thank u for all who replied me back.....

My senario is as follows..

In honeywell automation,we have fault tolerant ethernet(FTE) where we have 3 levels and each level has its own devices(each device is connected to the lan twice) and the communication between them as follows...

1 FTE community consists of:

level 1 - critical datas

leve 2 - divided to 2 groups....1 server group; others grouped in second

level 3 - router to connect between FTE communities.

now level 1 devices r allowed to servers and not to secnd group in level 2.

no one at level 3 r allowed to acces level 1.

1 FTE community is under one subnet.....

I understand 172.20.0.0/16 a class B

If iam not wrong wen 172.20.0.0/16 is subnetted to have 2 subnets using /17,then 1 and 128 are the subnets.172.20.0.0/17 and 172.20.128.0/17 are the subnets right??

If i want to again divide a single subnet into 3 groups (each 64 hosts)&allow access between 2 groups and deny one group communication...wat sud i do then?

hope it is clear enough to proceed...

thank u in advance

ohassairi Wed, 09/12/2007 - 22:20

if 62 hosts per group is enough , then you can use these subnets:

subnet1:172.20.0.0/26

subnet2:172.20.0.64/26

subnet3:172.20.0.128/26

if you really need 64 hosts/group, then you can use these subnets (but you will not have exactely 64/grp):

subnet1:172.20.0.0/25 (172.20.0.1 to 172.20.0.126)

subnet2:172.20.0.128/25 (172.20.0.129 to 172.20.0.254)

subnet3:172.20.1.0/25 (172.20.1.1 to 172.20.1.126)

to manage access between groups, use access-lists

sakthicisco Wed, 09/12/2007 - 22:35

Thank u Hassairi....

Wen u Connect to layer 3 switiches through fiber optic ....do we need to set ip address...

sometimes i get confusion while connecting layer 2 switch to layer 3 switch and inbetween layer 3 switches...If iam not wrong,default gateway will b set to the interface (as ip address)connecting layeer3 to layer 2 switch ...

plz do explpain me...

paul.matthews Wed, 09/12/2007 - 23:51

It is a good idea to have an IP address on all the switches so that you can manage them. Ideally these addresses should be in another VLAN s that you can more easily secure the management against end user access.

paul.matthews Wed, 09/12/2007 - 23:48

I am going to take your numbers a little flexibly. 64 addresses in a subnet means 59-61 usable addresses - remember each subnet needs the following if it is going to be routed

.0 - network ID

.1 - router address (exact number not fixed)

.2 - primary router physical if using HSRP/GLBP

.3 -secondary router physical if using HSRP/GLBP

all ones - broadcast

If 59-61 is OK, I would use /26 masts - that will give you (out of your original 172.20.0.0/23)

172.20.0.0

172.20.0.64

172.20.0.128

172.20.0.192

172.20.1.0

172.20.1.64

172.20.1.128

172.20.1.192

(all /26)

which gives you qute a bit of flexibility. you can then use access lists on the router to allow/restrict whatever you want.

It is nigh on impossible to restrict access within a subnet. to do that you will probably need to be looking at 1100 series (mac address) access lists on switch ports, or controls on the systems themselves.

sakthicisco Thu, 09/13/2007 - 00:33

thank u paul...

hostA-->L3switch--(Fiber optic,12km)------------>L2switch-->hostB

CAN i have the above connection?Or i need to have another L3switch instead of L2switch?

Can an ethernet port b coverted for fiber connection using GBIC /SPF module?

Thank u in advance..

paul.matthews Thu, 09/13/2007 - 00:48

You can make do with one L3 switch to do all the routing, but it does mean all broadcast traffic from the remote site will be traversing your link. I am more comfortable with inter-site links being routed, as the inter site links are the most vulnerable, and using L3 is less likely to cause SPT issues if there are problems.

I am not sure what you mean by the second bit - if the port you want to use is an SFP port, you can select an approriate SFP module for your fiber, similarly a GBIC port needs an appropriate GBIC. If the port is an RJ45 UTP port then SFPs, GBICs are of no use. If you *need* to use the RJ45 port for fibre, you will need media convertors. Thse are separate freestanding boxes that have fibre one side, UTP the other and they simply convert.

sakthicisco Thu, 09/13/2007 - 23:08

Thank u paul once again..

this is wat i was lookin for.....

right answer with explanation...

Actions

This Discussion