Daryl's TCP/IP Primer

Addressing and Subnetting on the Near Side of the 'Net

[<--Prev] 1. Overview and Scope 2. Intro to Ethernet 3. The Bottom of the OSI Model 4. Why is IP so much more difficult than IPX? 5. IP Addresses, Subnet Masks, and Subnetting 6. Subnetting, Bit by Bit 7. Daryl's Subnet Calculator 8. Routing and Static Routes 9. Troubleshooting 10. TCP and UDP Communication 11. Network Address Translation (NAT) 12. The Domain Name System (DNS) 13. Tips for Building an IP LAN 14. Packet Analysis 15. WAN Connectivity 16. Questions and Answers 17. Update Notifications/Comment Form 18. Other Sources 19. Glossary [Next-->] [Printable Version] [Daryl's ColdFusion Primer] [About Daryl]

Enter your search terms Submit search form   Web ipprimer.com

13. Tips for Building an IP LAN

• First, if you skipped ahead to this section, go back and read the previous sections. A collection of tips will not replace knowing what the heck you're doing.
• If you're not connected to the Internet, and don't already have one or more IP networks assigned to you, use the addresses reserved for this purpose. They are, 10.x.x.x, 172.16.x.x-172.31.x.x, and 192.168.x.x (see RFC 1597)
• Create a subnet address policy (e.g., .1-.5 reserved for routers, .1 always the default route, .6-.30 reserved for static IP's such as servers, .50-.254 dynamic through bootp/dhcp.)
• Use DHCP or BOOTP to assign workstation addresses. When it comes time to change (after your network has grown a bit), you'll thank me.
• Meticulously track static IP assignments. Create a central database or document listing all static IP's and their associated devices.
• Label router interfaces with their addresses.
• Keep a current diagram of your subnets and router connections (include detail on router interface addresses.) If you get into trouble, it'll save you two hours of onsite time if you have to call someone in to help. Personally, I use SmartDraw for this purpose (http://www.smartdraw.com/.) Although Visio also works well, SmartDraw (IMHO) is easier to use and the price is right.
• If you have IP-enabled servers, use a firewall. If you are using Windows-based file sharing and have no firewall, use a non-IP protocol to do it (IPX or NetBEUI). You will then need to set either IPX or NetBEUI as your default protocol. Or, get a firewall. IPRoute from Dave Mischler (http://www.mischler.com, $50US) can be used as an effective, low cost firewall, and it'll run on any '386 or better PC with two NICs; or, if you want to experiment with putting your LAN on the Internet, a low cost and very secure way to do this is with IPRoute and an old '386 PC with a good serial port chip and modem.
• [Windows Only] If a firewall is not an option, look at BlackICE Defender http://www.networkice.com/html/blackice_defender.html, which I use and recommend highly for servers. For personal use, look at ZoneAlarm (http://www.zonealarm.com/), which is effective bidirectionally, but requires too much user intervention to be used for servers in a lights-out environment. And you can't beat the price. :-)
  
• Check out my drawing of an example LAN here.
• If you want to see your network working, packet by packet, check out Ethereal, an Open Source packet sniffer: http://www.ethereal.com/.
• More to come / Your Tip Here.