Can you please help me understand when it makes sense to move to a network structure with a managed core switch and managed access level switches. Currently, our network is made up of all unmanaged switches (8 of them) that are either home run back to one main switch or in the case of our factory floor network, the switches are daisy chained together and then feed back to the main switch. The current structure is working for us, but I can quickly see where we are going to run out of ip addresses on our current class c subnet. I realize I could address this by changing to a different subnet mask with a class A or B address, but I believe breaking the network into logical segments probably makes more sense. For instance, 192.168.1.x for office, 192.168.2.x for controls, 192.168.3.x for security and dvr, 192.168.4.x for engineering, etc. We are at a point where I need to plan for future growth and also consider if the current design is optimal for network throughput. I've done some initial research and to invest in a core switch and managed access level switches is a fair sized investment. At what point or more specifically, at what size does it make sense to adopt this technology? I've attached a drawing of our current network structure and I would appreciate any thoughts.
Best Answer
You could certainly look at splitting your network into multiple virtual LANs (VLANs) addressed with multiple IP subnets. I've already bloviated about this on Server Fault before, and there other good answers on here, too that will give you some food for thought.
If your current batch of switches support 802.1q VLANs you could easily begin to segment your network into multiple VLANs simply by purchasing a router or layer 3 switch to route between the VLANs. The level of control and specificity you want in the access control lists (ACLs) to control inter-VLAN traffic will determine what kind of device you need to purchase. (If you're going to do this you should really take the time to define ACLs, rather than just putting in a dumb router that forwards all IP traffic between the VLANs. Odds are you aren't seeing too much broadcast traffic or flooding of frames to unknown destinations, so the Ethernet infrastructure itself isn't melting-down. Your gains are going to be more on the security and administrative side than anything else.)
If you're not seeing a large amount of broadcast traffic and flooding of frames to unknown destinations you could simply bump the subnet mask on all your devices back from a /24 (255.255.255.0) to a /23 (255.255.254.0) and start using the 192.168.0.1 to 192.168.0.255 addresses (and the 192.168.1.0 address, too). There are probably very good security reasons why you should consider breaking your network up into multiple VLANs and IP subnets, but dropping a bit of your subnet mask would be a quick fix if you find yourself running out of addresses and in a rush to do something. (Since you're talking about "classful" IP subnets it would probably be worth your time to about how IPv4 subnetting works.)