I doubt though that IPv6 alone would fix the problem though. It may have been tongue in check but it is a valid thought. How valid would depend on the hardware involved.
Jon On Fri, Jan 13, 2012 at 7:04 PM, Jon Harris <[email protected]> wrote: > You are just having way too much fun today Don. > > Jon > > On Fri, Jan 13, 2012 at 6:58 PM, Don Ely <[email protected]> wrote: > >> Pshaw! Just implement IPv6 and be done with it!! hehehe >> >> >> On Fri, Jan 13, 2012 at 3:55 PM, Jon Harris <[email protected]> wrote: >> >>> I with Ben on this go the option 2 and get it done now rather than wait >>> until it bites you again with other issues. Segregation would have the >>> added benefit of reducing the attack surface for the servers if nothing >>> else comes out of it. >>> >>> Jon >>> >>> On Fri, Jan 13, 2012 at 7:47 AM, Ben Scott <[email protected]> wrote: >>> >>>> I'll second everything ASB said, and add one more remark: If one >>>> *is* going to reorganize the network topology -- say, by putting >>>> servers in one net, wireless in another, or what-have-you -- this >>>> would be the time to do it. >>>> >>>> On Fri, Jan 13, 2012 at 7:35 AM, Andrew S. Baker <[email protected]> >>>> wrote: >>>> > >>>> > It is possible to implement larger subnets than /24 without leaping >>>> all the way to /16 >>>> > >>>> > "Best" is always subjective, but without telling us how many IPs you >>>> foresee needing, and other key details, you'll be the only person capable >>>> of determining it. >>>> > >>>> > You have to ensure that all your edge and near-edge devices >>>> (firewalls, VPN concentrators, load-balancers) are updated accordingly. >>>> Also, the larger your subnet, the greater the chance of overlap with a >>>> subnet on the other side of a VPN. >>>> > >>>> > Beyond that, all the advice dispensed on subnetting this week should >>>> prove helpful. >>>> > >>>> > ASB >>>> > http://XeeMe.com/AndrewBaker >>>> > Harnessing the Advantages of Technology for the SMB market… >>>> > >>>> > >>>> > >>>> > >>>> > On Fri, Jan 13, 2012 at 4:33 AM, Oliver Marshall < >>>> [email protected]> wrote: >>>> >> >>>> >> We’ve hit the limit of internal IP range and need to extend it. >>>> >> >>>> >> >>>> >> >>>> >> There’s a couple of options and I’m trying to gauge which is the >>>> “best”. >>>> >> >>>> >> >>>> >> >>>> >> Option 1 would be the easiest which is to extend our current range ( >>>> 10.1.37.0/24) to a /16 (10.1.0.0/16) to give us a whopping 65k IPs. >>>> This seems easy enough, change the IP settings in DHCP and on the servers >>>> and firewall and reboot it all. However we then have a myriad of VPN >>>> connections which will also need adjusting and a stack of old kit which >>>> hasn’t been touched since the animals went in two by two. >>>> >> >>>> >> >>>> >> >>>> >> Option 2 is to segregate the non-important stuff. Everyone here has >>>> a desktop, most also have a laptop. Everyone has a smart phone as well and >>>> most also have a tablet of some kind. Add to that the IP based webcams, >>>> printers, internet Tellys and the like and you can see why we’ve hit the >>>> limit. Really only the laptops and the desktops need internal access (to >>>> servers and the like). Everything else only needs external internet access. >>>> So we set up a separate wifi for external access on its own IP plumbed in >>>> to its own port on the firewall. That way we reduce the need for internal >>>> IPs. >>>> >> >>>> >> >>>> >> >>>> >> Any other options or any issues you may see? >>>> >> >>>> >> >>>> >> >>>> >> Anyone know what the real world impact will be of changing the IP >>>> subnet in a small to medium size network ? >>>> >> >>>> >> >>>> >> >>>> >> >>>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>> > >>>> > --- >>>> > To manage subscriptions click here: >>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>> > or send an email to [email protected] >>>> > with the body: unsubscribe ntsysadmin >>>> >>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>> >>>> --- >>>> To manage subscriptions click here: >>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>> or send an email to [email protected] >>>> with the body: unsubscribe ntsysadmin >>>> >>>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to [email protected] >>> with the body: unsubscribe ntsysadmin >>> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
