subnets 2

[jono261970]

Hello,

I have 3 computers (win98/win2k/winxp) and a router. So far I have a class C IP structure.

gateway 192.168.1.1
comp1:192.168.1.2
comp2:192.168.1.3
comp3:192.168.1.4

subnet mask 255:255:255

Now if somebody else hooked up there computer to my small network they could easily see me if they used the same generic structure as approx another 200 computers can be part of this subnet.

Is it possible to have a custom subnet for just 5 hosts?

I am just experimenting with TCP and subnets. Give me a better understanding of how it works. I am sure I read an arcticle once about borrowing bits etc to do this.

cheers,

jono

A good fortune may forbode a bad luck, which may in turn disguise a good fortune.

 

[Accessdabbler]

5 hosts? Well, sort of. Actually, you can set up a subnet for 8 hosts but since you can't use two of them, you get 6.

In a nutshell, here's how you do it:

Set your subnet mask to 255.255.255.248
Change your addresses to this:

Gateway - 192.168.1.9
Comp1 - 192.168.1.10
Comp2 - 192.168.1.11
Comp3 - 192.168.1.12
Comp4 - 192.168.1.13

You may wonder why I didn't start the numbering at 192.168.1.1? On some systems you cannot unless they comply with RFC 1812 (I think that's the right RFC). I'd explain it to you but then I'd have to shoot you soon thereafter.

Go to

http://www.learntosubnet.com

to learn how subnetting works.

 

[GrnEyedLdy]

Clap, clap, clap...Well said Accessdabbler!

Patty

 

[jono261970]

Thanks for the help access dude.

jono
A good fortune may forbode a bad luck, which may in turn disguise a good fortune.

 

[jono261970]

heyup,

I am trying to work out how you came up with 248 in the 4th octet of the SM. isn't 248 + 8 256?

I thought 255 was the max and then 255 would be set for broadcast. what would happen if you used 192.168.1.20.

ok, i am out of here before you shoot me!

jono



A good fortune may forbode a bad luck, which may in turn disguise a good fortune.

 

[Morsing]

The subnet mask has nothing to do with broadcasts. The 248 is because you need three bits for the hosts (gives six hosts plus subnet address and broadcast). 248 is the first five bits set (128+64+32+16+8).

192.168.1.20 is okay with that subnet mask but would be in a different subnet than 192.168.1.10.

The network Accessdabler suggested has the address 192.168.1.8 and broadcast 192.168.1.15.
192.168.1.20 would be on the subnet 192.168.1.16 with broadcast 192.168.1.23.

Clear??

Cheers Henrik Morsing
Certified AIX 4.3 Systems Administration
& p690 Technical Support

 

[Accessdabbler]

Just to add to what Morsing said:

The reason we call it a "subnet" is because that's what it is. A "sub-network", a network within a network ID.

In the case above, your network ID is 192.168.1. However, when you "subnet" you are breaking this network up into pieces. Think of a pie. The pie represents the network ID. If you cut it into equal sized pieces, each piece is a "subpie". The more "subpies" you make, the smaller each "subpie" becomes since they all must be the same size (if they weren't, everybody would fight for the bigger pieces and whoever is holding the knife would be tempted to stab everybody...)

Putting a computer at 192.168.1.20 keeps the computer in the same Network ID but it exists in a different subnet. This computer cannot "talk" to the other computers directly. It is sitting on a different piece of pie. In order to communicate with the others, it needs something to act as a connection point (router or gateway). Without this, it will just sit there and grow old, eventually dying of loneliness.

Now, in the real world, we don't bake pies when connecting computers (but wouldn't that be a better way? I digress...). Instead we run cables from computers to things like hubs and switches, etc. So, let's assume we have a 12-port hub. We run a cable from all the computers to the hub. The computer at 192.168.2.20 is connected to the same hub as all the other computers. Looking at this setup, we ask ourselves, why can't this computer communicate with the others? After all, IT'S RIGHT THERE! They all share the SAME HUB!

Essentially, computers have 2 methods of communicating with other computers. Directly (by sending a message to a specific MAC address) or "Fundamentalistic Evangelism" (screaming at the top of their lungs to everyone in earshot, also called broadcasting in network-speak).

The problem is that one of the reasons for the existance of IP is to organize addressing of computers. This is a "logical" organization as opposed to a "physical" one. Even though this rogue computer is physically connected to the others, the logics of IP mean that this computer may as well be on the other side of the world. It's invisible to the others.

(However, because a physical connection exists, you can "cheat" the logical IP addressing by simply going to this computer and finding its MAC address. You can then covertly communicate with this computer by making packets that contain that computer's MAC address. I've never tried it but you MIGHT be able to add this computer's address to the ARP table manually which would allow communication. If you don't know what I'm talking about, that's good, you won't be shot.)

Finally, why would you want to have separate subnets anyway? A bigger question may also be, why do I have so much time to type all this drivel? (I'm afraid to answer that one)

Breaking up your network into different subnets can serve many purposes but probably the biggest is to logically separate each department. The finance department would be one subnet, the engineering department another. A third subnet could be for the pimply-faced nerds in the company to play online games among each other without those stupid "executive-types" knowing what is going on.

 

[jono261970]

Well, your words are far from drivel. I thoroughly enjoyed your explanation. Thanks to everyone - the picture is becoming clearer.

well the four computers are test comps at home where I experiment. At work I have one network with over 400 computers, 4 nt 4.0 servers and 12 Hp laserjet printers.

Currently they are all on the same subnet. 172.16.1.x -172.16.2.x :255.255.0.0. one proxy with 2 nics as the gateway to the net.

I am just looking at ways to make the network more effient/secure. I though that if I were to use subnets it would maybe cut down on broadcasts etc.

Also I know some students are hooking up laptops to data points to mess about. all workstations are heavly locked down using local software - so when they use there laptops they bypass this feature to unleash any nasties they have.

So I though if I were to create subnets I could pinpoint the locations the laptops were being used or just go back to static. Ideally it would be neat to only allow computers I want to access the network - maybe have a mac address list or something.

again thanks for your input.

cheers,

jono
A good fortune may forbode a bad luck, which may in turn disguise a good fortune.

 

[jimbopalmer]

Yes, there are switches that allow you to define the MAC address at each port and only talk to that MAC address, it is a whale of a lot of setup, but quite secure.

Step one would be to ban anyone in your company (but you) from ever moving a PC, however. I tried to remain child-like, all I acheived was childish.