2 Subnets on 1 Lan -- subnet classes -- OT

Les Mikesell lesmikesell at gmail.com
Fri Jul 13 15:43:03 UTC 2007 

Tony Crouch wrote:
> Hi All, 
> Seeing as though this query is not 100% Fedora related it may be better
> if someone is able to help me with this query if they reply to me
> personally off-list.
> 
> On reading the post made recently by Thom, it got me thinking ...
> 
> At the school I work out we have a setup where we have 2 computer
> laboratories (primary-lab & secondary-lab -- each lab contains about 40
> machines) and a rather large number of computers scattered throughout
> classrooms.
> 
> Everything runs from a DHCP router which supplies each machine with its
> required network details.
> 
> The machines scattered throughout the school (non-lab machines) has the
> following details:
> 
> IP-Address: 	10.10.?.* 	-- ? starts at 2
> subnet-mask: 	255.255.0.0
> 
> The machines in the computer labs have the following details
> 
> IP-Address:	10.10.2.*
> subnet-mask:	255.255.255.0
> 
> The discretion of whether a machine receives the B or C-class subnet
> mask is based on MAC addresses. 
> 
> What has confused in the fact these two networks can talk to one
> another. Is it because the admin has freed up the firewall between the
> two, but I can't really see the point of specifying two seperate masks
> and then opening up the firewall to additional traffic.
> 
> Was wondering if someone might be able to shed some light into either
> why this happens (or shouldn't happen :P  ) in the world of networking.

It shouldn't happen and its kind of accidental that it works with some 
equipment.   The 10.10.2.x machines will bounce things outside their 
netmask range through a router.  That part is OK and the router may 
apply some firewall restrictions.  The problem comes when a machine in 
the larger range tries to send or respond to the ones with the smaller 
netmaks.  They'll see it as part of their own subnet and arp for the 
address instead of sending to the router - and they should send the arp 
with a broadcast address of 10.10.255.255 while the 10.10.2.x boxes 
should only respond to a broadcast address of 10.10.2.255.

-- 
   Les Mikesell
    lesmikesell at gmail.com

More information about the fedora-list mailing list