I'll second everything ASB said, and add one more remark: If one *is* going to reorganize the network topology -- say, by putting servers in one net, wireless in another, or what-have-you -- this would be the time to do it.
On Fri, Jan 13, 2012 at 7:35 AM, Andrew S. Baker <[email protected]> wrote: > > It is possible to implement larger subnets than /24 without leaping all the > way to /16 > > "Best" is always subjective, but without telling us how many IPs you foresee > needing, and other key details, you'll be the only person capable of > determining it. > > You have to ensure that all your edge and near-edge devices (firewalls, VPN > concentrators, load-balancers) are updated accordingly. Also, the larger > your subnet, the greater the chance of overlap with a subnet on the other > side of a VPN. > > Beyond that, all the advice dispensed on subnetting this week should prove > helpful. > > ASB > http://XeeMe.com/AndrewBaker > Harnessing the Advantages of Technology for the SMB market… > > > > > On Fri, Jan 13, 2012 at 4:33 AM, Oliver Marshall > <[email protected]> wrote: >> >> We’ve hit the limit of internal IP range and need to extend it. >> >> >> >> There’s a couple of options and I’m trying to gauge which is the “best”. >> >> >> >> Option 1 would be the easiest which is to extend our current range >> (10.1.37.0/24) to a /16 (10.1.0.0/16) to give us a whopping 65k IPs. This >> seems easy enough, change the IP settings in DHCP and on the servers and >> firewall and reboot it all. However we then have a myriad of VPN connections >> which will also need adjusting and a stack of old kit which hasn’t been >> touched since the animals went in two by two. >> >> >> >> Option 2 is to segregate the non-important stuff. Everyone here has a >> desktop, most also have a laptop. Everyone has a smart phone as well and >> most also have a tablet of some kind. Add to that the IP based webcams, >> printers, internet Tellys and the like and you can see why we’ve hit the >> limit. Really only the laptops and the desktops need internal access (to >> servers and the like). Everything else only needs external internet access. >> So we set up a separate wifi for external access on its own IP plumbed in to >> its own port on the firewall. That way we reduce the need for internal IPs. >> >> >> >> Any other options or any issues you may see? >> >> >> >> Anyone know what the real world impact will be of changing the IP subnet in >> a small to medium size network ? >> >> >> >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
