Subnetting and benefits of network segmentation
I’m not going to deep dive into subnetting because there are plenty of resources for that.
But… it helps to have some basic understanding of network when configuring DHCP scopes.
You don’t want to have just one big DHCP pool for all your devices, you should segment devices into separate networks. This also depends on the size of your network, if you have a small network then network segmentation is not as important.
Benefits of network segmentation
Security
By keeping devices on separate networks you have better control of the network. Do your printers need access to the internet? Probably not. Do computers in the finance department need to talk directly to computers in HR, absolutely NOT. By separating devices into their own network you have much better control of their access.
Limiting lateral movement in the network can really slow down attackers and viruses. It is important to enable firewalls or access control lists at the network level to limit lateral movement in your network.
Network performance
Putting everything on one big network will create a giant broadcast domain. This can lead to all sorts of issues, like spanning tree loops, broadcast and multicast storms. Segmenting your networks will break up the broadcast domains and reduce possible performance issues.
Control visitor/guest access
You don’t want your guest network to have access to your secure network. Separating this traffic to its own network allows you to filter this traffic and block access to your internal network. I also use the guest network for IOT type devices that just need an internet connection.
Below is an example of how I segment network traffic.
- Computers = 10.2.10.0/24 VLAN 110
- Printers = 10.2.8.0/24 VLAN 108
- Voice = 10.2.6.0/24 VLAN 106
- Video Surveillance = 10.2.4.0/24 VLAN 104
- Server = 10.2.2.0/24 = VLAN 102
- Guest = 10.16.0.0/23 = VLAN 116
In addition to network segmentation try and keep your IP scheme simple, it really simplifies managing DHCP scopes.