- Joined
- May 19, 2017
- Messages
- 1,829
I apologize in advance, as I have yet to find a good answer with the search function...
Subnetting has been advocated by some for as a means of allowing greater network security - i.e. have one subnet for private use (ex: 192.168.1.0/24), and another for the guest network (192.168.2.0/24), for example. Assets on the private network that are supposed to reach both networks then can be given a /23 netmask.
That all seems well and good but how does this improve network security unless the devices in question are behaving nicely per the instructions sent out by the DHCP server or as pre-set on a fixed basis? That is, would there be anything that prevents a device from giving itself a rogue IP address / netmask and hence reaching anything and everything attached to the gateway / switch?
Or is subnetting is mostly beneficial at limiting impacts of broadcasts and other network traffic to smaller segments and not so much security. Hence the suggestion to combine VLANs with subnets - VLANs for security, and well-thought-out subnets to manage traffic and IP address allocation?
Subnetting has been advocated by some for as a means of allowing greater network security - i.e. have one subnet for private use (ex: 192.168.1.0/24), and another for the guest network (192.168.2.0/24), for example. Assets on the private network that are supposed to reach both networks then can be given a /23 netmask.
That all seems well and good but how does this improve network security unless the devices in question are behaving nicely per the instructions sent out by the DHCP server or as pre-set on a fixed basis? That is, would there be anything that prevents a device from giving itself a rogue IP address / netmask and hence reaching anything and everything attached to the gateway / switch?
Or is subnetting is mostly beneficial at limiting impacts of broadcasts and other network traffic to smaller segments and not so much security. Hence the suggestion to combine VLANs with subnets - VLANs for security, and well-thought-out subnets to manage traffic and IP address allocation?