operationsIT
asked on
How to change internal IP scheme on production network?
Hello EE,
We currently have a network connecting several locations. Each has a private IP scheme (IPs changed for example below, but idea is the same):
Corp 192.x.1.x/21
Site 1 192.x.50.x/21
Site 2 192.x.30.x/21
I would like to change to a /16 bit subnet so I could use more IPs and not risk running out.
Corp 192.168.x.x/16
Site 1 192.178.x.x/16
Site 2 192.188.x.x/16
I am wondering if anyone has done this and has a design plan/article they followed and would share. I'm figuring router first (internal), firewall, switches, servers, DHCP. Any guidance would be appreciated.
We currently have a network connecting several locations. Each has a private IP scheme (IPs changed for example below, but idea is the same):
Corp 192.x.1.x/21
Site 1 192.x.50.x/21
Site 2 192.x.30.x/21
I would like to change to a /16 bit subnet so I could use more IPs and not risk running out.
Corp 192.168.x.x/16
Site 1 192.178.x.x/16
Site 2 192.188.x.x/16
I am wondering if anyone has done this and has a design plan/article they followed and would share. I'm figuring router first (internal), firewall, switches, servers, DHCP. Any guidance would be appreciated.
Miguel Angel Perez Muñoz
192.178.x.x/16 and 192.188.x.x/16 ranges are not for LAN usage, would causes routing problems. Consider use 172.16.0.0/16 and 172.17.0.0/16 (per example)
ASKER
Hello Miguel, These aren't my true IPs just using for example to show overall goal and looking for suggestions on steps i.e. do I do DC first, routers first, firewalls first or start clients and static first and roll to network gear?
If somebody has done this they may have list of steps that worked they could share.
If somebody has done this they may have list of steps that worked they could share.
This wont be a problem if you can schedule a downtime change. We do not have your network detail, however which we should notice is:
- DHCP
- Default Gateway
- NAT and Access Rules on Firewall
- Then change subnet mask / IP on devices currently set static IP address
- DHCP
- Default Gateway
- NAT and Access Rules on Firewall
- Then change subnet mask / IP on devices currently set static IP address
Since you have several locations keep in mind that routing needs to updated also and VPN tunnels if used.
Also keep in mind printers and other equipment with static IP that need to be changed.
I would also like to advice to subnetting each /16 into /24 to limit L2 domains.
You should also if doing L3 segmentation take into consideration any crAPPLE devices that need to be reachable via L2.
Also keep in mind printers and other equipment with static IP that need to be changed.
I would also like to advice to subnetting each /16 into /24 to limit L2 domains.
You should also if doing L3 segmentation take into consideration any crAPPLE devices that need to be reachable via L2.
ASKER
@Donboo - yes I plan downtime, but the order you would do is:
DHCP scope
Firewall (VPN tunnels)
Static devices (servers and printers)
Last switches and routers
Can you elaborate on the recommendation to limit L2 domains and crApple devices?
DHCP scope
Firewall (VPN tunnels)
Static devices (servers and printers)
Last switches and routers
Can you elaborate on the recommendation to limit L2 domains and crApple devices?
I normally use /24 for each subnet so I dont get too big a broadcast domain. Of course this is depending on what kind of clients and host use the network but looking at Windows clients they tend to broadcast a lot. Also printers may use proprietary protocols that broadcast packets you dont want but you are unable to turn off as this is what the vendor wants.
In regards to crAPPLE devices they use bonjour to locate each other and say you have a TV and you want you other Apple devices to be able reach it via airplay function then you either need them to be on the same IP net or somehow bring the L2 multicast over L3.
In regards to crAPPLE devices they use bonjour to locate each other and say you have a TV and you want you other Apple devices to be able reach it via airplay function then you either need them to be on the same IP net or somehow bring the L2 multicast over L3.
ASKER
So what traffic would you recommend to vlan apart:
1. Servers/Network
2. Clients
3. Printers
4. Apple
I'll keep the /24 in mind. What do you do for roll out order?
Do you start with
1. Lower DHCP Lease
2. Change DNS and DC server
3. DHCP Configuration
4. Servers
5. Printers
6. Sites and Services
7. IIS
8 . Applications
9. WAN/VPN tunnels
Or is there a template of the best order to make the changes
1. Servers/Network
2. Clients
3. Printers
4. Apple
I'll keep the /24 in mind. What do you do for roll out order?
Do you start with
1. Lower DHCP Lease
2. Change DNS and DC server
3. DHCP Configuration
4. Servers
5. Printers
6. Sites and Services
7. IIS
8 . Applications
9. WAN/VPN tunnels
Or is there a template of the best order to make the changes
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the feedback