Re: [pfSense-discussion] extending LAN private network
Yes, altough you could move to 192.168.0.0/23 first, already doubling the number of usable addresses... -Aarno On Fri, Apr 3, 2009 at 13:25, Eugen Leitl eu...@leitl.org wrote: It seems I'll be running out of LAN addresses on the local 192.168.0.0/24soon. Is boosting it as easy as moving to 192.168.0.0/16 on the LAN tab, and adjusting the netmask for all the hosts? Or am I overlooking something? -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Aarno Aukia ETH Zurich / Atrila GmbH +41764000464
RE: [pfSense-discussion] extending LAN private network
What he said :-). Using a /16 is guaranteed to come back and bite you in the posterior at some later stage. Go to a /22 if you're worried about running out. Greg From: Aarno Aukia [aarnoau...@gmail.com] Sent: 03 April 2009 13:33 To: discussion@pfsense.com; eu...@leitl.org Subject: Re: [pfSense-discussion] extending LAN private network Yes, altough you could move to 192.168.0.0/23http://192.168.0.0/23 first, already doubling the number of usable addresses... -Aarno On Fri, Apr 3, 2009 at 13:25, Eugen Leitl eu...@leitl.orgmailto:eu...@leitl.org wrote: It seems I'll be running out of LAN addresses on the local 192.168.0.0/24http://192.168.0.0/24 soon. Is boosting it as easy as moving to 192.168.0.0/16http://192.168.0.0/16 on the LAN tab, and adjusting the netmask for all the hosts? Or am I overlooking something? -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.commailto:discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.commailto:discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Aarno Aukia ETH Zurich / Atrila GmbH +41764000464
Re: [pfSense-discussion] extending LAN private network
On Fri, Apr 03, 2009 at 01:52:46PM +0100, Greg Hennessy wrote: What he said :-). Using a /16 is guaranteed to come back and bite you in the posterior I can use 192.168.x.0 with x coding for specific things, like storeys, or admin addresses. at some later stage. Go to a /22 if you're worried about running out. What can be some of the problems with a private /16 address space? -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] extending LAN private network
On Fri, Apr 03, 2009 at 03:48:33PM +0100, Paul Mansfield wrote: use vlans, a managed switch, and use 192.168.x.0/24 for each vlan. for bonus points, use NAC and dynamic vlans to allow only approved devices and put them on the right network. I like this suggestion. Looks like the way to go. (we do something similar, vlan N is 192.168.N/24. it's bad practise to use vlan1 so we start at 2) -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] extending LAN private network
On Fri, Apr 3, 2009 at 3:34 PM, David Rees dree...@gmail.com wrote: On Fri, Apr 3, 2009 at 7:48 AM, Paul Mansfield it-admin-pfse...@taptu.com wrote: use vlans, a managed switch, and use 192.168.x.0/24 for each vlan. for bonus points, use NAC and dynamic vlans to allow only approved devices and put them on the right network. (we do something similar, vlan N is 192.168.N/24. it's bad practise to use vlan1 so we start at 2) I'm fairly new to VLANs - why is it bad practice to use vlan1? Security reasons. Vulnerable to VLAN hopping/dropping in some circumstances. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] extending LAN private network
On Fri, Apr 03, 2009 at 12:34:26PM -0700, David Rees wrote: (we do something similar, vlan N is 192.168.N/24. it's bad practise to use vlan1 so we start at 2) I'm fairly new to VLANs - why is it bad practice to use vlan1? Because VLAN ID 1 is the default VLAN? -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense-discussion] extending LAN private network
Vlan 1 is usually the default and management VLAN. http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml#wp39009 explains it in a Cisco context. -Original Message- From: David Rees [mailto:dree...@gmail.com] Sent: 03 April 2009 20:34 To: discussion@pfsense.com Cc: eu...@leitl.org Subject: Re: [pfSense-discussion] extending LAN private network On Fri, Apr 3, 2009 at 7:48 AM, Paul Mansfield it-admin-pfse...@taptu.com wrote: use vlans, a managed switch, and use 192.168.x.0/24 for each vlan. for bonus points, use NAC and dynamic vlans to allow only approved devices and put them on the right network. (we do something similar, vlan N is 192.168.N/24. it's bad practise to use vlan1 so we start at 2) I'm fairly new to VLANs - why is it bad practice to use vlan1? -Dave - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] extending LAN private network
On Fri, 2009-04-03 at 12:34 -0700, David Rees wrote: I'm fairly new to VLANs - why is it bad practice to use vlan1? -Dave Especially in a Cisco environment VLAN-1 is, beside being the default VLAN, also used by several management protocols like CDP, VTP, VQP, ... Some of them carries network sensitive information which you don't really want to expose to everybody. Try to keep your VLAN-1 on it own but this is not always possible. For instance old Cisco Wireless AP (or should I better say Aironet ?) force you to use VLAN-1 as management... -- This message has been scanned for viruses and dangerous content by MailGate, and is believed to be clean. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org