Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

200 Subnets

I'm building the network for a retirement community that may eventually provide internet access to each of the 200 resident suites. To ensure that one resident cannot see any other resident's LAN, I was thinking of breaking each room into a separate subnet but I’m not too versed in ‘supernetting’ and would love an example of how it could be used here.

Also, could a single DHCP server (PIX or Windows Server) be configured to provide addresses to that many subnets? Is that wise?

Currently the system is 100 % catalyst switches with a PIX 515e providing PAT internet for both the staff subnet (inside interface) and the future resident subnet (dmz interface).

Any suggestions?

Thanks,

Tom

3 REPLIES
VIP Purple

Re: 200 Subnets

Hello Tom,

200+ subnets does not sound really scalable, an easier solution would be to configure all the user ports on the switches as protected ports, and hence keep them from accessing each other. Check if the command 'switchport protected' is supported on your Catalyst switches...

Regards,

GP

Community Member

Re: 200 Subnets

So...

If I enable the switchport protected on all ports on the 'resident' vlan, they won't be able to see each other but still be able to get an IP address from the PIX DHCP service, right?

That's COOL!!

Will this work across several switches (same VLAN)?

Thank you very much,

Tom

VIP Purple

Re: 200 Subnets

Hello,

sorry for my late response...the protected port feature limits traffic between ports on the same switch only. I guess that is still better than one separate network per user; you would only need 1 subnet per switch. If you want to use that feature, just make sure that no trunk ports connecting the switches are configured as protected ports, and also not the ports where the DHCP server is connected to...

Regards,

GP

143
Views
0
Helpful
3
Replies
CreatePlease to create content