Tech Support Guy banner
Status
Not open for further replies.

Building a Mask

638 views 2 replies 3 participants last post by  Pookie 
#1 ·
I know that in every other game in town, there's nothing worse than knowing enough to be dangerous. That's me. I've spent a gazillion hours on the www learning about subnet masks and I think I know enough about bits,bytes,and the like to make a mask for my small network. And that there's only a handfull of possible ones. My network is an ASA firewall, 3 servers, and a couple dozen workstations and devices. It was always a 10.0.0.0 network with a 255.255.255.0 mask. My goal is to split it, and restrict the available ip's. (I have only ever used static ip's. No DCHP. I have always lived that way and like the control of static ip's). - I came up with 10.157.1.16 to 10.157.1.31 with a mask of 255.255.255.240. (half the network will be 10.157.2.16 to 10.157.2.31 and 255.255.255.240. My understanding is that 16 is the network address, 17 the lowest ip available, 30 the highest, and 31 the broadcast ip. So the questions are.. 1.)Am I right with the ip's and the mask? 2.) Is it true that 10.157.1.16 and 10.157.1.31 can not be used for a host, the firewall or other device? 3.) If someone programs a static ip on their laptop of 10.157.1.10 or 40 or any other number with a mask of 255.255.255.0, what will happen? Can they use the gateway I'm assigning as 10.157.1.30? Are they locked out of browsing the lan?

I thank you in advance for your patience and answers. I'm about to implement and hope I didn't just become an educated meathead.

-Greg
 
See less See more
#2 ·
You are correct on (1) and (2) unless I missed something.

For (3) in theory the computer with the different mask won't be on the same network, but I think that you can't count on no networking being successful.
 
#3 ·
(1) and (2) look good. As far as solving issue 3, why don't you set a domain policy that will not allow changing of the networking properties- ie ip address,sm, dg. That will fix the normal pcs and you can set port security on your switches to make it so someone doesn't just plug a laptop in and try to bypass your security policy. Although there are ways around port security, its a start.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top