• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 118
  • Last Modified:

Extending a subnet

Hello All

I have /24  wifi subnet that terminates on my  ASA Firewall. The Wifi team want  to make the subnet  a  /16.
The current default gateway is Will the Gateway have to change  ? are any changes that will have to made.
in advance.
2 Solutions
Ken BooneNetwork ConsultantCommented:
So you can leave the gateway Ip address the same, but just change the mask.
So your network will now be /16

Your first usable address is     -- I would probably change my gateway to this but you don't have to as is still in the subnet.

Why do they want to make the subnet so large?  If it is getting a little tight, why not move it out to a /23 instead of /16?

Other things to thing about - if this is guest wifi - change the lease time down to hours instead of days.. That frees up unused IP addresses in the pool quicker.

Hope that helps.
don't forget to change the network mask on the gateway and all the clients.
since the clients receive their ips through dhcp ( at least i assume they do since this is a wifi network ), you probably can do all the setup on the gateway. just remember that existing clients won't be able to reach the hosts outside of their /24 until they renew their leases.
thombieAuthor Commented:
Thanks Guys
 In answer to the questions.
1. the Subnet is for a large public space and the  WIFI Insist on make it a /16 ( might make it a /22  as compromise.)
2. The clients only have  30 minute leases. from DHCP.
Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

As said by others: you do not have to change your default gateway ip address. You will have to change to subnet mask setting on that default gateway though

So you will need to change:

- your firewall interface (if it is directly connected)
- your firewall routing (if it is not directly connected)
- your firewall rules concerning that network
- any router that may have a static route configured or an interface in said subnet
- dhcp server (scope and options)
- any devices with a fixed ip address in that range

And hopefully you have no other network in use inside that space?
thombieAuthor Commented:
Thanks Guys very useful
1. the Subnet is for a large public space and the  WIFI Insist on make it a /16 ( might make it a /22  as compromise.)

i see little to no reason for /22 as a general rule
unless you lack ip space, it is much easier to maintain /24 /16 /8 ranges
easy to read and understand by non-professionnals and instant conversion between quad notation and masklen

usually, you divide the ip space into /24 subnets and end up with partial subnets when you need to split existing subnets

basically, either you expect many hosts and a complex network and you need some kind of logic for subnet attributions ( maybe 10.datacenter.room.machine in which case you might split the resulting subnets to handle multiple lans ) or you had better use /16 for mostly everything and split whenever needed

obvioulsy there is no "good" way of doing stuff. what matters is taking a while to figure out where you are going.

2. The clients only have  30 minute leases. from DHCP.

depending on your workflow, this might be a bit long
even if you had 65k hosts connected at a time, 5 minutes would not put a huge strain on the dhcp server
if you provide wifi to your employees, 30 minutes seems reasonable, if you are operating a hotspot in a railway station, 5-10 minutes seem more economic


do not forget that dhcp servers have lease durations and also lease reservation durations ( possibly called "backoff" or whatever similar term ).
if you take a default server with for example a 1 day default lease duration and 2days reservation, and only change the lease duration, the ips are still reserved for a couple of days. you might want to double-check
thombieAuthor Commented:
skullnobrains   - Good call  I will check out the leases durations,. I have not messed with windows dhcp servers for a while.
neither did I : does win2k even count ? i'm pretty sure i never setup ms's dhcp since so i won't be able to help you much with that part
thombieAuthor Commented:
skullnobrains: No worries I have that covered I am going to make the changes  20:00  tonight.  we will see what happens.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Tackle projects and never again get stuck behind a technical roadblock.
Join Now