trying to expand subnet 2

[xmario2013]

Hi All:
We are running out IP addresses, our subnet is 255.255.255.0 which means it can give 254 hosts, can we some how expand the number of hosts available quickly without change everyone's static IP setting and without using DHCP ?

Thanks
XM

 

[wdoellefeld]

You can do what is known as supernetting, but you still have to go around and change the subnet mask. For all the efort might just want to switch to a class B.

See

http://www.red.net/support/resourcecentre/leasedline/intro.php

Nifty chart here

http://www.murchison.net/techno/tcpip/super-chart.html

Got me curious.. why static?


FRCP

http://www.frcp.net

 

[xmario2013]

we are static just because we start out small like 30 PCs, now its almost 200, any way we can better plan for the DHCP ? and security for the end-point ? (ie we dont want people to be able to plug in a laptop from home into his or her network jack and get an IP address for our network)

and we still have some NT, will they be able to handle all the DHCP feature offer in the AD ?

Thanks
XM

 

[TravisM]

There are a couple of things that could happen I guess - depending on your environment and what you want to do.

The first thing to examine would be your switches. If you have Layer 3 or "routing" switches, then all you need to do is configure a new logical subnet and start adding people to a switch or VLAN attached to the subnet. This would be the "best" thing to do in my opinion.

If they cannot do it you could always carve out a new logical subnet with a router, and Vlan existing switches or just add a new switch, and add all new clients to the new logical subnet.

You can supernet like wdoellefeld, I guess technically you could write a script to change the subnet mask and reboot the PC's, but if you grow this too much your network will be brought down with broadcasts.

You could go DHCP and start handling the blocking at the switch level if that is supported. Most modern managed switches will allow you pass only specific MAC addresses and this is MUCH more powerfull than just denying DHCP - you can even link it to a RADIUS server. OF you could create DHCP pools with all static reservations for specific MAC's, but there is a lot of overhead there.

You have a lot of options here.

 

[wdoellefeld]

I can relate to your concerns about rogue laptops, etc. As long as you keep an eye on your network and have a good handle on your virus updates for the enterprise you'll be fine. I rarely seem to have any issues and when I do I take care of it quickly. Unless they sign your paycheck telling someone to get off your network with their home machine is A-OK.

I highly recommend moving to DHCP. The overhead of running static with that many PCs is going to become a huge burden and potentially unmanageable. I moved my network from a class B to a class C about a year ago for the same issue of getting low on address, except that we are running DHCP. DHCP buys you flexability and is part of a proper redundancy plan. The ability to change, add, or delete DNS, WINS, namesevers, time, and other servers in a few clicks over multitudes of PCs is the right thing to do. I would suggest switching to a subnetted down class B. As long as you plan out, and by that I mean step by step write it down in order, your migration to DHCP will go smoothly.

Travis brings up some good points of advise. Doing multiple VLANs is a good thing and pretty easy once you learn about them. If your not running any now and don't have any issues than you should be fine.



FRCP

http://www.frcp.net

 

[xmario2013]

thanks guys ! I will keep a copy on what you all mentioned

XM

 

[Castor66]

wdoellefeld is right to suggest supernetting. It will give you the flexibility to do what you want. You can also phase it in over time WITHOUT having to do a mass change overnight. Here's the simple solution:

Assume IP of 192.168.0.0/255.255.255.0 (i.e. /24) You have IP's from 192.168.0.1 to 192.168.0.254 available. Not enough. You want to expand it out to, say, 1024 addresses. So you want a 192.168.0.0/22 (255.255.252.0) = 192.168.0.1 to 192.168.3.254. Plenty.

Change all server's, router's, switches AND printer's subnet masks to 255.255.252.0.

If you want to stick with static IP's then any new PC's you should add from a static pool starting at 192.168.1.1 upwards. Try and stay away from giving out the 0 or 255 addresses as some systems get very confused.

Now, all that you are restricted on is that any of your old PC's will not be able to talk to your new PC's. Change their subnet masks at your leisure. Generall 200 pc's in about a week or so.

Now, for DHCP. This is an area which is fraught with difficulty. I love DHCP as I can add options and change things at my leisure. My laptop users also can go to different offices and not have a problem. So how to protect against rogue lappies? The best way is to source all your laptops from the same manufacturer and restrict IP provision to their MAC address prefix only. But, users tend to like the laptops they get at work so will get the same for home. Problem comes back. Add in the switch port security and you are laughing. Here all ports are disabled. You enable a port as it is connected to for the first time. Then you immediately lock down the port so that ONLY that MAC Address can appear there. This is network nazi time but it is secure.