As Paul has pointed out "172.20.0.0/23" is not a class B address, it might be one of the subnets out of "172.20.0.0/16" Class B address according to your subnetting.
VLSM means that you can use a long mask on networks with few hosts and a short mask on subnets with many hosts, by subnetting a classfull IP address space to classless shorter mask subnets.
As a small example, "172.20.0.0/16" contains 65534 hosts, we can subnet it into 2 subnets each having 32766 hosts ("172.20.0.0/17" and "172.20.1.0/17") and more over we can do whatever subnetting is optimum for us according to the hosts density.
In general VLSM was introduces as a means of allocating IP addressing resources to subnets according to their individual need rather than some general network-wide rule, in order for good utilization of the address space.
Thank u for all who replied me back.....
My senario is as follows..
In honeywell automation,we have fault tolerant ethernet(FTE) where we have 3 levels and each level has its own devices(each device is connected to the lan twice) and the communication between them as follows...
1 FTE community consists of:
level 1 - critical datas
leve 2 - divided to 2 groups....1 server group; others grouped in second
level 3 - router to connect between FTE communities.
now level 1 devices r allowed to servers and not to secnd group in level 2.
no one at level 3 r allowed to acces level 1.
1 FTE community is under one subnet.....
I understand 172.20.0.0/16 a class B
If iam not wrong wen 172.20.0.0/16 is subnetted to have 2 subnets using /17,then 1 and 128 are the subnets.172.20.0.0/17 and 172.20.128.0/17 are the subnets right??
If i want to again divide a single subnet into 3 groups (each 64 hosts)&allow access between 2 groups and deny one group communication...wat sud i do then?
hope it is clear enough to proceed...
thank u in advance
if 62 hosts per group is enough , then you can use these subnets:
if you really need 64 hosts/group, then you can use these subnets (but you will not have exactely 64/grp):
subnet1:172.20.0.0/25 (172.20.0.1 to 172.20.0.126)
subnet2:172.20.0.128/25 (172.20.0.129 to 172.20.0.254)
subnet3:172.20.1.0/25 (172.20.1.1 to 172.20.1.126)
to manage access between groups, use access-lists
Thank u Hassairi....
Wen u Connect to layer 3 switiches through fiber optic ....do we need to set ip address...
sometimes i get confusion while connecting layer 2 switch to layer 3 switch and inbetween layer 3 switches...If iam not wrong,default gateway will b set to the interface (as ip address)connecting layeer3 to layer 2 switch ...
plz do explpain me...
It is a good idea to have an IP address on all the switches so that you can manage them. Ideally these addresses should be in another VLAN s that you can more easily secure the management against end user access.
I am going to take your numbers a little flexibly. 64 addresses in a subnet means 59-61 usable addresses - remember each subnet needs the following if it is going to be routed
.0 - network ID
.1 - router address (exact number not fixed)
.2 - primary router physical if using HSRP/GLBP
.3 -secondary router physical if using HSRP/GLBP
all ones - broadcast
If 59-61 is OK, I would use /26 masts - that will give you (out of your original 172.20.0.0/23)
which gives you qute a bit of flexibility. you can then use access lists on the router to allow/restrict whatever you want.
It is nigh on impossible to restrict access within a subnet. to do that you will probably need to be looking at 1100 series (mac address) access lists on switch ports, or controls on the systems themselves.
thank u paul...
CAN i have the above connection?Or i need to have another L3switch instead of L2switch?
Can an ethernet port b coverted for fiber connection using GBIC /SPF module?
Thank u in advance..
You can make do with one L3 switch to do all the routing, but it does mean all broadcast traffic from the remote site will be traversing your link. I am more comfortable with inter-site links being routed, as the inter site links are the most vulnerable, and using L3 is less likely to cause SPT issues if there are problems.
I am not sure what you mean by the second bit - if the port you want to use is an SFP port, you can select an approriate SFP module for your fiber, similarly a GBIC port needs an appropriate GBIC. If the port is an RJ45 UTP port then SFPs, GBICs are of no use. If you *need* to use the RJ45 port for fibre, you will need media convertors. Thse are separate freestanding boxes that have fibre one side, UTP the other and they simply convert.