Just a bit... ;-)
> The reason that we have the constraint is because of the unusual
> circumstance with our upstream provider. They control the class
> B, and have allocated us only two class C blocks as of now, so
> as you surely know 254.0 subnet is appropriate for our circumstance.
254.0 is a supernet, not a subnet. Furthermore, it is *not* necessarily
correct, you should first check with them whether you are crossing bit
boundaries. It is possible (although very unlikely unless your upstream is
clueless) that their addressing scheme would place your 2 x /24's one at the
last block of a larger supernet, and the next as the first block of the next
supernet... two consecutive /24's do not necessarily mean a /23... ;-)
That aside, let's assume that the ARE routing you a /23, which seems the
most likely. First of all that does NOT place any restraints on how YOU
split it up. With a VLSM capable IOS in your Cisco, and using subnet zero,
you should be able to make reasonably efficient use of the 512 addresses
with subnetting, which is really the only way to do it other than, as you
suggest, allocating all your 'spare' IP to a machine and removing them as
and when you use them. Very messy.
In addition, if you're subnetting them you can *at least* afford them some
security. If they are all on one subnet and they're, for instance, W95
workstations with shares, then ANYONE on that supernet will be able to 'see'
them. By subnetting, and with the appropriate use of access lists, you
should be able to separate them somewhat.
With subnetting, you could assign 1, 5, 13, 29, 61, 125 etc. addresses to a
customer. I know it's a pain when a customer needs 6 addresses and you have
to allocate a /28, but at least it allows for growth. You *could* give them
a /29 and a /30 but the routing hassles, access list hassles aren't worth
it, for the sake of a couple of addresses.
Once you've filled it up efficiently, simply show your upstream you
allocations, and ask them for more addresses!
The only alternative to subnetting, would be to set up a scheme whereby IP
addresses had to match Ethernet MAC addresses in order to work - but that's
even more of a pain to administer than either 'using up' the spare
addresses, or subnetting.
The only other thing I can think of, would be to route unused chunks of your
/23 to NULL0 in your router, allowing only allocated addresses to be routed.
Again, a major pain.
All this is in theory, of course... can't say I've tried it because I
wouldn't even consider doing it any way other than subnetting...
For more information about this list (including removal) go to: