Supernetting in Server 2012

Hi Guys,

I have an issue here.
We have 20 something spare IPs left on our subnet of 192.168.1.0/24

We are now getting a new phone system installed which needs to be run in the same subnet and required 50 IPs for the handset.
What we need is -

1. People who are using SOFT PHONE in remote offices and on mobile phone must be able to dial into our VPN firewall and connect to the internal phone system.

2. We need to provision these 50 something IP addresses, something I don't have.

They do not want a new SUBNET like 192.168.2.0 for the phones, so my question is if this issue can be resolved by supernetting or not??

If yes, how will this work in practical terms? Will I have to implement this after hours? How complicated is it and what precautions I need to take
LVL 11
manav08Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Zephyr ICTCloud ArchitectCommented:
If you change your subnet to 255.255.0.0 (as example, you don't need to make it this big of course), then the phone system will still be in the same subnet.

This change isn't quite so extensive, but can cause downtime when changing these settings on switches/routers etc...
0
wynandkunkelCommented:
Hi yes you can do this with supernetting.  If this is your internal LAN you can change it to something like 192.168.0.0/22 which will give you the following:
Network start: 192.168.0.1
Network end: 192.168.3.254
and
- You will not have to change your existing IP addresses
- You will have more than enough IP addresses available

In practical terms you could attempt it during the daytime (being a bit oldschool I would not) and complete this before adding any additional devices.

1 - Firewall
I am assuming you have access to the firewall, so the first order of business would be to change the subnetmask of the Internal Interface

2 - Servers
Now change the subnetmasks of all the servers

3 - Desktop
Again I am assuming you are using DHCP to hand out IP addresses.  Change the DHCP scope to hand out the new subnetmask.

4 - Other
If you have printers and other IP based paraphenalia change the subnetmask now.

The theory behind this is that since the machines will be using ARP to get each others' IP, and it being a flat network the devices will still be able to communicate.  The only tricky step is the one right at the beginning (i.e. the firewall) where if you have NAT definitions they might act up due to the differing subnetmasks (again my sensibilities would say, do this or at least do the firewall and servers after hours)

After having done all this, now you can add the additional devices.

With regards to the VPN, I would allocate a different subnet (something like 192.168.254.254/24) to the VPN connections which would allow you to easily see on a server or desktop whether a VPN connection is made to that adress.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
manav08Author Commented:
Sounds a bit of work guys :)
How will I do all this remotely?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

wynandkunkelCommented:
That puts a lightly different spin on things :-) , but you should still be able to do this in the order as I have it above.  Just ensure that you have rock solid access to the firewall i.e. on the outside via VPN.  As long as you are connected to the outside of the firewall and can manipulate the rulebase, you should be OK.

Personally, I would after having changed the internal firewall interface subnet, create a NAT and a rule that allows direct RDP to one or two servers, albeit just from the other offices' public IP, since you are going to have a machine to for example log into the web interfaces of printers to change the subnetmask.
0
Zephyr ICTCloud ArchitectCommented:
Yeah, it's doable from remote ... Start from the back and make sure you do the firewall first, like wynandkunkel mentioned.

But if the servers or other equipment don't change IP-address normally you shouldn't see much problems...
0
manav08Author Commented:
Let's say the forewall is 192.168.1.1/24, can it talk to a server which is 192.168.1.100/22 ??
0
wynandkunkelCommented:
Technically they might look to be in the same network but they are not.  So  no, you will have to change the firewall interface subnet first to also be /22 or 255.255.252.0. That will then make 192.168.1.1 and 192.168.1.100 be in the same IP subnet.
0
manav08Author Commented:
Although I never got around to doing this because we eneded up using another subnet for this new set of IPS and performed routing between the 2, but I am sure if I would have tried it. It willl have worked.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.