Is there anything wrong with having a dedicated guest network inside the same IP scope as your private network? What's best practice - same scope or entirely separate scope?
For example, your company uses 10.1.0.0/16. 10.1.0.0 to 10.1.199.255 is on the LAN zone and 10.1.200.0-10.1.255.255 is on the guest DMZ zone. Is there anything wrong with placing guests inside the same /16 scope? They are obviously in a different zone (LAN vs DMZ) and also different VLANs. There are no firewall rules to allow LAN to DMZ or DMZ to LAN and the default policy is DENY ALL.
Or do you guys prefer to use 172.16.x.x or 192.168.x.x?
No comments:
Post a Comment