Use public IPv4 addresses on external-facing devices that require connectivity to the Internet and external organizations. Examples include the following:
- Internet connectivity module, such as publicly accessible web and DNS servers
- E-commerce or cloud module
- Remote access and virtual private network (VPN) module, where public IP addresses are used for selected connections
The following are some public/private IP addressing best practices:
- Use private IP addresses throughout the internal enterprise network.
- Use NAT and PAT as needed to translate between private internal IP addresses and public external addresses.
- Use one private address to one public address NAT when servers on the internal network need to be visible from the public network. In firewalls, this is a static NAT configuration.
- Use PAT for many private address translations to one public address translation for end systems that need to access the public network.
Table 1-27 provides examples of where public or private IP addresses should be used in the Cisco network architecture.
Table 1-27 Public Versus Private IP Addresses
| Network Location | Public or Private Address |
| E-commerce module | Public |
| Intranet website | Private |
| External DNS servers | Public |
| Remote-access/VPN module | Public |
| Inside global address | Public |
| Real IP address of a web server located in internal network | Private |
Steps for Creating an IPv4 Address Plan
A CCNP enterprise design candidate needs to know how to create an IPv4 address plan. These are the basic steps:
Step 1. Define addressing standards.
Step 2. Plan the IPv4 range and allocate it.
Step 3. Document the IPv4 addressing plan.
Addressing standards vary from company to company and in different situations. Define the standards that you want to use for your network, use them, and document them. Using standards will make it easier for operations to troubleshoot any network issue. Here are some examples of standards:
- Use .1 or .254 (in the last octet) as the default gateway of the subnet.
- Match the VLAN ID number with the third octet of an IP address. (For example, the IP subnet 10.10.150.0/25 is assigned to VLAN 150.)
- Reserve .1 to .15 of a subnet for static assignments and .16 to .239 for the DHCP pool.
For the allocation of IPv4 subnets, stick to the following best practices:
- Use private addresses for internal networks.
- Allocate /24 subnets for user devices (such as laptops and PCs).
- Allocate a parallel /24 subset for VoIP devices (IP phones).
- Allocate subnets for access control systems and video conferencing systems.
- Reserve subnets for future use.
- Use /30 subnets for point-to-point links.
- Use /32 for loopback addresses.
- Allocate subnets for remote access and network management.
- Use public addresses for the public-facing network.
