Announcement

Collapse
No announcement yet.

Change of IP Subnet for 2008 Domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Change of IP Subnet for 2008 Domain

    Afternoon,
    As a bit of background, the IP range in use here is shocking, no separation of clients and servers, very strange DHCP scopes and exclusions, etc;
    Basically, its all over the place.
    Ive persuaded my boss to let me correct this BEFORE we do anything like MS Exchange 2010 migration.

    The range in use at the moment:
    192.168.0.x for clients and servers at the main site.
    192.168.1.x for second domain (on seperate infrastructure)
    192.168.2.x for clients and servers at remote site (connected via ISA Site-to-Site)
    192.168.3.x for clients and servers at remote site (connected via Cisco IPSec VPN)
    192.168.4.x for VPN Remote Workers.

    All on a subnet of 255.255.255.0
    All domain controllers/DNS's/DHCPs are Server 2008.

    Now, ideally, id like to be able to say, right, new DHCP ranges, 192.168.0.x for servers, 1x for printers & devices, 2x for switches and APs, 5x for main site, 6x for remote 1, 7x for remote 2, 8x for remote workers.

    But, and correct me if I'm wrong here as I'm not well up on subnetting frankly, short of having ISA or some other device do internal routing between these subnets, its not going to be possible.
    Correct?

    So, what I'm asking is, dependant on the above answer, is what effect will it have on the domain and what would i need to change on the AD/DNS?
    I'm fortunate that 99% of things on the network uses host names rather than IPs, and that bizzarely, at least half of the servers are on DHCPs rather than static.
    But Im unsure, frankly, what I need to do server side to ensure the most minimal amount of disruption/downtime.
    Would it literally be as simple as changing the IPs/subnets of the AD/DNS servers and letting the DNS do its thing after I've made a new primary zone?
    Or is there more too it than that?

    Any thoughts and suggestions?

    Thanks in advance all.

  • #2
    Re: Change of IP Subnet for 2008 Domain

    At first sight the current network doesn't look me really weird.
    How large is your network, eg how many devices do you have?

    If all fits in one /24 subnet it could be fine.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Change of IP Subnet for 2008 Domain

      what you've got looks perfectly fine already tbh - why mess with it if it's not broken ?
      Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

      Comment


      • #4
        Re: Change of IP Subnet for 2008 Domain

        Why don't you do your seperation at the site level rather than using IP that are going to be scattered across VPN's.

        We have a setup similar to yours and it works perfectly for us.

        Comment


        • #5
          Re: Change of IP Subnet for 2008 Domain

          Thanks for the replys everyone.

          Basically were running out of addresses.
          At our main site, we have 4% of our scope left.
          Things are separated at site level, but even with that, were running short.

          I've been doing some research, and apparently, it SHOULD be very easy to do.
          Most servers/services reference others via hosts names, so it should be a case of changing the ips on the DCs, setting up the new DHCPs, then moving everything over manually where required, as when each server joins, it'll update it's entry in the DNS, meaning no need to faff with the DNS.
          All that sound about right?

          Comment


          • #6
            Re: Change of IP Subnet for 2008 Domain

            Sounds about right. Make sure you have scavenging set on your DNS servers to remove old records.

            What are the plans for growth at the main site??? Is this the only site having the issue???

            Comment


            • #7
              Re: Change of IP Subnet for 2008 Domain

              Originally posted by wullieb1 View Post
              Sounds about right. Make sure you have scavenging set on your DNS servers to remove old records.
              So the process sounds about right?

              What are the plans for growth at the main site??? Is this the only site having the issue???
              Yes, however I want to move the other two sites onto the same range.
              So hypothetically:
              172.16.254.x - Switches & Access Points at main site.
              172.16.253.x - Switches & Access Points at second site.
              172.16.252.x - Switches & Access Points at third site.
              172.16.251.x - Servers at main site.
              172.16.250.x - Servers at second site.
              172.16.249.x - Printers and devices at main site.
              172.16.248.x - Printers and devices at second site.
              172.16.247.x - Printers and devices at third site.
              172.16.200.x - Management Devices (ILOs, SANs, etc; )
              172.16.10.x - DHCP Scope 1 at main site.
              172.16.11.x - DHCP Scope 2 at main site.
              172.16.12.x - DHCP Scope 1 at second site.
              172.16.13.x - DHCP Scope 2 at second site.
              172.16.14.x - DHCP Scope at third site.

              The problem is going to be having it all act as one large LAN without having ISA mess things up.

              Comment


              • #8
                Re: Change of IP Subnet for 2008 Domain

                It looks about right. I would advise doing it on a weekend and making sure that you work on ensure that its all working as you expect for the Monday morning.

                You need to remember how you are connecting to the offices.

                Is it a site to site VPN???

                Problem you have is that you won't route any traffic across your router because they will all think they are on the same LAN subnet.

                Comment


                • #9
                  Re: Change of IP Subnet for 2008 Domain

                  Originally posted by boomam View Post
                  Thanks for the replys everyone.

                  Basically were running out of addresses.
                  At our main site, we have 4% of our scope left.
                  Things are separated at site level, but even with that, were running short.

                  I've been doing some research, and apparently, it SHOULD be very easy to do.
                  Most servers/services reference others via hosts names, so it should be a case of changing the ips on the DCs, setting up the new DHCPs, then moving everything over manually where required, as when each server joins, it'll update it's entry in the DNS, meaning no need to faff with the DNS.
                  All that sound about right?
                  just add additional subnets for the main site.
                  It's a bit annoying because you can't make the sequential and supernet them, but thems the breaks.
                  Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                  Comment


                  • #10
                    Re: Change of IP Subnet for 2008 Domain

                    Originally posted by boomam View Post
                    So the process sounds about right?


                    Yes, however I want to move the other two sites onto the same range.
                    So hypothetically:
                    172.16.254.x - Switches & Access Points at main site.
                    172.16.253.x - Switches & Access Points at second site.
                    172.16.252.x - Switches & Access Points at third site.
                    172.16.251.x - Servers at main site.
                    172.16.250.x - Servers at second site.
                    172.16.249.x - Printers and devices at main site.
                    172.16.248.x - Printers and devices at second site.
                    172.16.247.x - Printers and devices at third site.
                    172.16.200.x - Management Devices (ILOs, SANs, etc; )
                    172.16.10.x - DHCP Scope 1 at main site.
                    172.16.11.x - DHCP Scope 2 at main site.
                    172.16.12.x - DHCP Scope 1 at second site.
                    172.16.13.x - DHCP Scope 2 at second site.
                    172.16.14.x - DHCP Scope at third site.

                    The problem is going to be having it all act as one large LAN without having ISA mess things up.
                    use a Class A subnet ? sure' maybe it' using a pnuematic hammer to push in a thumbtack..
                    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                    Comment


                    • #11
                      Re: Change of IP Subnet for 2008 Domain

                      Would it not be better to group by site so you can supernet if necessary?
                      Tom Jones
                      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                      PhD, MSc, FIAP, MIITT
                      IT Trainer / Consultant
                      Ossian Ltd
                      Scotland

                      ** Remember to give credit where credit is due and leave reputation points where appropriate **

                      Comment


                      • #12
                        Re: Change of IP Subnet for 2008 Domain

                        Originally posted by wullieb1 View Post
                        Is it a site to site VPN???
                        Between our main and secondary sites yes, however, that may change depending on other factors.

                        Problem you have is that you won't route any traffic across your router because they will all think they are on the same LAN subnet.
                        Would having our second site on a different range than the rest and ISA set accordingly not work?

                        Originally posted by tehcamel View Post
                        use a Class A subnet ? sure' maybe it' using a pnuematic hammer to push in a thumbtack..


                        Originally posted by Ossian View Post
                        Would it not be better to group by site so you can supernet if necessary?
                        Because supernetting doesn't really get around the problem, more side steps it.

                        Comment


                        • #13
                          Re: Change of IP Subnet for 2008 Domain

                          If you setup routing correctly ISA won't give you any issues.
                          That's where I'm sure about.

                          However, if you are running out of addresses on the main location why not just adding an additional scope?
                          Marcel
                          Technical Consultant
                          Netherlands
                          http://www.phetios.com
                          http://blog.nessus.nl

                          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                          "No matter how secure, there is always the human factor."

                          "Enjoy life today, tomorrow may never come."
                          "If you're going through hell, keep going. ~Winston Churchill"

                          Comment


                          • #14
                            Re: Change of IP Subnet for 2008 Domain

                            Originally posted by boomam View Post
                            Between our main and secondary sites yes, however, that may change depending on other factors.
                            You'll need to make sure that the netowrks are on a different subnet and that you update your VPN tunnels accordingly.

                            Comment


                            • #15
                              Re: Change of IP Subnet for 2008 Domain

                              Originally posted by Dumber View Post
                              If you setup routing correctly ISA won't give you any issues.
                              That's where I'm sure about.

                              However, if you are running out of addresses on the main location why not just adding an additional scope?
                              Because then that scope wont be able to see the rest of the network as there are no scopes left to use.
                              Becides, everythings a mess how it is, so it'd be a good opportunity to tidy things up.

                              Originally posted by wullieb1 View Post
                              You'll need to make sure that the netowrks are on a different subnet and that you update your VPN tunnels accordingly.
                              Im not 100% familer with ISA...so the remote site would HAVE to be on a seperate subnet to work?
                              Surely then its just a case of leaving the remote site on the IP range its on then...?

                              Comment

                              Working...
                              X