Announcement

Collapse
No announcement yet.

IP range almost full, need a new IP range

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • IP range almost full, need a new IP range

    Hi guys,

    Been a long time since I didn't work with linking 2 subnet (since school xD) and I need some help. We have a Class A IP, 10.1.10.* and it is almost full ( Computers, laptop, Printer, wireless device etc..). I was thinking about setting up a new IP range, like 10.1.11.* (Any this will be usefull has we have an IPSec with Toronto company that will soon need to switch the domain name to the same we have) , the subnet mask is 255.255.255.0

    I need those 2 different ranges to be able to communicate, accessing server, etc..

    DHCP is on a Windows 2003 server, 2 DNS 2003, we have 3 switch (2x Dell PC 2848, 1 Dlink DES-1226G) and 1 firewall (Cyberoam CR50ing).

    Any help is appreciate, this is really far in my mind

    Thanks!

  • #2
    Re: IP range almost full, need a new IP range

    Create your new scope. Create your layer 3 interfaces/vlan for your new subnet. Setup your filtering between subnets. Assign the new layer 3 interface as the default gateway for your clients. Configure nat/pat for the new subnet etc. If doing dynamic routing then add that subnet to your route advertisements. Also remember to to setup dhcp relay (ip helper) for your dhcp server on your new layer 3 interface.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: IP range almost full, need a new IP range

      An easier solution might be to change your subnet mask. For every bit you add to the host portion from the network portion you'll double your host address space (changing the subnet mask from /24 to /23 would give you 512-2 ip addresses). This will save you from having to change your routing, firewalls, etc. You'll need to change the subnet mask on all of your devices and you'll need to reconfigure your DHCP scope with the new subnet mask but that should be about it.

      Comment


      • #4
        Re: IP range almost full, need a new IP range

        Thanks for those fast answers.

        Changing this to /23, That would mean there would be:

        Network: 10.1.10.0/23 00001010.00000001.0000101 0.00000000 (Class A)
        Broadcast: 10.1.11.255 00001010.00000001.0000101 1.11111111
        HostMin: 10.1.10.1 00001010.00000001.0000101 0.00000001
        HostMax: 10.1.11.254 00001010.00000001.0000101 1.11111110

        Right?
        Last edited by ChristTheGreat; 6th June 2013, 14:58.

        Comment


        • #5
          Re: IP range almost full, need a new IP range

          You could expand the current subnet but then that gives you a larger broadcast domain as now all hosts are part of that same network. Any broadcast on that network will be heard by all hosts/devices, even hosts that don't necessarily need it. Its up to you but my approach would be to segment those broadcast domains with vlans instead of having one flat layer 2 network.
          CCNA, CCNA-Security, CCNP
          CCIE Security (In Progress)

          Comment


          • #6
            Re: IP range almost full, need a new IP range

            You would have a larger broadcast domain, but I don't personally think 510 hosts is too large a broadcast domain. Broadcasting is a perfectly normal and accepted part of network communication, it's when the volume of broadcasts interferes with other network communication that it becomes a problem. Having a larger broadcast domain doesn't automatically mean that you're going to have network problems due to broadcast traffic.

            Comment


            • #7
              Re: IP range almost full, need a new IP range

              Even some microsoft and cisco documentation recommend about 200 hosts per subnet.


              Having a larger broadcast domain doesn't automatically mean that you're going to have network problems due to broadcast traffic.
              No but it is a waste of bandwidth and not to mention the resources on the switch. Say you have 3 MDF's in your building. If a pc sends a broadcast out then everyone in that vlan will receive it. Does it make sense if a pc on 1st floor sends a broadcast and a pc on the 3rd floor receives it even though it will be discarded? It's a matter of good design practices.

              In this case vlans will segment that broadcast domain. An alternative method would be to route between your switch stacks.
              Last edited by auglan; 6th June 2013, 17:37.
              CCNA, CCNA-Security, CCNP
              CCIE Security (In Progress)

              Comment


              • #8
                Re: IP range almost full, need a new IP range

                I respect your networking expertise and I'm not trying to be argumentative, I just happen to disagree. I see far too many VLAN's implemented solely because people think they need to implement them because someone else said they should. I don't happen to think that creating a separate VLAN for each floor is particularly good network design.

                Good network design needs to include an analysis of current network traffic and activity, security needs and objectives, as well as an understanding of the need and reason to implement VLAN's. Good network design isn't simply about creating small broadcast domains.

                Comment


                • #9
                  Re: IP range almost full, need a new IP range

                  Well in this case I stated why network segmentation is important. There are many reasons and a quick google search will show you the benefits. Vlan's have no adverse affects on the network and configuration is minimal so in reality there is no real reason to not implement them from the get go. As your network grows it will scale much better with this "hierarchal" design. It makes troubleshooting much easier as well. Large, flat layer 2 networks can be difficult to troubleshoot. Security and access control is also another benefit.

                  Good network design isn't simply about creating small broadcast domains.
                  Of course there are other variables but this happens to be one of many.
                  Last edited by auglan; 6th June 2013, 18:32.
                  CCNA, CCNA-Security, CCNP
                  CCIE Security (In Progress)

                  Comment


                  • #10
                    Re: IP range almost full, need a new IP range

                    I was going to quote the original poster, then thought "nah, 7 or 8 other posts, someone would have pointed this out"

                    I'm sorry OP - you don't have a Class A subnet.
                    You have Class C subnet (based on the /24 subnet mask) from the "class A" range 10.x.x.x subnet.

                    I know the other guys have expanded at length on their personal theories on the matter. I'm not going to say either are right or wrong - for this scenario, or any scenario.

                    What I AM going to say is, the easiest way to acheive outcome is to just expand your subnet from 255.255.255.0 to 255.255.0.0 - or somewhere in between..
                    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                    Comment


                    • #11
                      Re: IP range almost full, need a new IP range

                      Thanks for all our informations guys. I really appreciate. I will look at the 2 solutions.


                      I really appreciate

                      Comment


                      • #12
                        Re: IP range almost full, need a new IP range

                        Originally posted by tehcamel View Post
                        I was going to quote the original poster, then thought "nah, 7 or 8 other posts, someone would have pointed this out"

                        I'm sorry OP - you don't have a Class A subnet.
                        You have Class C subnet (based on the /24 subnet mask) from the "class A" range 10.x.x.x subnet.

                        I know the other guys have expanded at length on their personal theories on the matter. I'm not going to say either are right or wrong - for this scenario, or any scenario.

                        What I AM going to say is, the easiest way to acheive outcome is to just expand your subnet from 255.255.255.0 to 255.255.0.0 - or somewhere in between..
                        Yes, my mistake, Subnet C with a CIDR /24, thanks for the correction.

                        Comment

                        Working...
                        X