Hi Sakthi,

As Paul has pointed out "172.20.0.0/23" is not a class B address, it might be one of the subnets out of "172.20.0.0/16" Class B address according to your subnetting.

VLSM means that you can use a long mask on networks with few hosts and a short mask on subnets with many hosts, by subnetting a classfull IP address space to classless shorter mask subnets.

As a small example, "172.20.0.0/16" contains 65534 hosts, we can subnet it into 2 subnets each having 32766 hosts ("172.20.0.0/17" and "172.20.1.0/17") and more over we can do whatever subnetting is optimum for us according to the hosts density.

In general VLSM was introduces as a means of allocating IP addressing resources to subnets according to their individual need rather than some general network-wide rule, in order for good utilization of the address space.

HTH,

Mohammed Mahmoud.

Thank u for all who replied me back.....

My senario is as follows..

In honeywell automation,we have fault tolerant ethernet(FTE) where we have 3 levels and each level has its own devices(each device is connected to the lan twice) and the communication between them as follows...

1 FTE community consists of:

level 1 - critical datas

leve 2 - divided to 2 groups....1 server group; others grouped in second

level 3 - router to connect between FTE communities.

now level 1 devices r allowed to servers and not to secnd group in level 2.

no one at level 3 r allowed to acces level 1.

1 FTE community is under one subnet.....

I understand 172.20.0.0/16 a class B

If iam not wrong wen 172.20.0.0/16 is subnetted to have 2 subnets using /17,then 1 and 128 are the subnets.172.20.0.0/17 and 172.20.128.0/17 are the subnets right??

If i want to again divide a single subnet into 3 groups (each 64 hosts)&allow access between 2 groups and deny one group communication...wat sud i do then?

hope it is clear enough to proceed...

thank u in advance

if 62 hosts per group is enough , then you can use these subnets:

subnet1:172.20.0.0/26

subnet2:172.20.0.64/26

subnet3:172.20.0.128/26

if you really need 64 hosts/group, then you can use these subnets (but you will not have exactely 64/grp):

subnet1:172.20.0.0/25 (172.20.0.1 to 172.20.0.126)

subnet2:172.20.0.128/25 (172.20.0.129 to 172.20.0.254)

subnet3:172.20.1.0/25 (172.20.1.1 to 172.20.1.126)

to manage access between groups, use access-lists

Thank u Hassairi....

Wen u Connect to layer 3 switiches through fiber optic ....do we need to set ip address...

sometimes i get confusion while connecting layer 2 switch to layer 3 switch and inbetween layer 3 switches...If iam not wrong,default gateway will b set to the interface (as ip address)connecting layeer3 to layer 2 switch ...

plz do explpain me...

It is a good idea to have an IP address on all the switches so that you can manage them. Ideally these addresses should be in another VLAN s that you can more easily secure the management against end user access.

I am going to take your numbers a little flexibly. 64 addresses in a subnet means 59-61 usable addresses - remember each subnet needs the following if it is going to be routed

.0 - network ID

.1 - router address (exact number not fixed)

.2 - primary router physical if using HSRP/GLBP

.3 -secondary router physical if using HSRP/GLBP

all ones - broadcast

If 59-61 is OK, I would use /26 masts - that will give you (out of your original 172.20.0.0/23)

172.20.0.0

172.20.0.64

172.20.0.128

172.20.0.192

172.20.1.0

172.20.1.64

172.20.1.128

172.20.1.192

(all /26)

which gives you qute a bit of flexibility. you can then use access lists on the router to allow/restrict whatever you want.

It is nigh on impossible to restrict access within a subnet. to do that you will probably need to be looking at 1100 series (mac address) access lists on switch ports, or controls on the systems themselves.

thank u paul...

hostA-->L3switch--(Fiber optic,12km)------------>L2switch-->hostB

CAN i have the above connection?Or i need to have another L3switch instead of L2switch?

Can an ethernet port b coverted for fiber connection using GBIC /SPF module?

Thank u in advance..

You can make do with one L3 switch to do all the routing, but it does mean all broadcast traffic from the remote site will be traversing your link. I am more comfortable with inter-site links being routed, as the inter site links are the most vulnerable, and using L3 is less likely to cause SPT issues if there are problems.

I am not sure what you mean by the second bit - if the port you want to use is an SFP port, you can select an approriate SFP module for your fiber, similarly a GBIC port needs an appropriate GBIC. If the port is an RJ45 UTP port then SFPs, GBICs are of no use. If you *need* to use the RJ45 port for fibre, you will need media convertors. Thse are separate freestanding boxes that have fibre one side, UTP the other and they simply convert.

Thank u paul once again..

this is wat i was lookin for.....

right answer with explanation...

You are welcome.

P.