Running out of IP addresses on LAN

I have a / range currently that is running out of IP addresses. If I am understanding correctly, in order to allow for more IP addresses I.E., all I need to do is change the subnet mask on all devices to So, any device with static IPs would need to changed...Just trying to make sure we do everything correctly in the correct order. Do we change our AD servers first? Change on our firewall?
Jason ShawAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CESNetwork AdministratorCommented:
Use an online subnet calculator to change your mask from a /24 to a /23 to ensure you know what the range will be:

By my quick calculation, a /23 will give you a range of - usable

You do not need to change existing IP addresses, but you do need to change the netmask

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Pete LongTechnical ConsultantCommented:
You are proposing the 'drop' the subnet by one bit so instead of 256 addresses you will get 512

Do the default gateway device first then static and the servers etc, then the DHCP scope.

Jason ShawAuthor Commented:
Thanks guys. Quick question for Pete...Our default gateway device is our firewall so we just need to change the IP config of the firewall first? We dont need to change any configuration for WAN/LAN on firewall? I.E. current firewall IP is / change firewall to /
Sorry, novice here..
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

We dont need to change any configuration for WAN/LAN on firewall? I.E. current firewall IP is / change firewall to /
Correct, that is the one thing you need to change as far as the LAN interface on your firewall is concerned.

I'm also going to post this quote from CES:
You do not need to change existing IP addresses, but you do need to change the netmask

I put that one in particular, because you also need to update the subnet mask for any devices that have static IP addresses, as well as on the DHCP server.
Pete LongTechnical ConsultantCommented:
>>Thanks guys. Quick question for Pete...Our default gateway device is our firewall

Depends on the firewall buddy, its a cheap and cheerful one then just change the IP, BUT for example, if it were a Cisco ASA then you would need to change the NAT rules to accommodate the wider network space as well :)

Brian BEE Topic Advisor, Independant Technology ProfessionalCommented:
Yes, change the firewall first to ensure it can manage all the traffic as you move things over.

You might also want to take this opportunity to set up a second DHCP server. If you are using server 2012 or higher for DHCP you can use redundant DHCP. Otherwise set up the two DHCP server both covering the range discussed, but exclude half the range on each server.
Pete LongTechnical ConsultantCommented:
You can change the scope 'on the fly' if you like again see the following link

Windows Server – Change a DHCP Scopes Subnet Mask

I did this last week on  a live server without even a blip :)

Jason ShawAuthor Commented:
Great info! My plan is as follows per comments....Change firewall subnet mask....change subnet mask on all other static devices...change subnet mask on servers. Change IP info on DHCP server scope.....a reboot of all workstations should then supply new IP addresses....I believe I would also need to change subnet mask on any firewall rules that are setup correct?
If the mask is used in a rule, then the answer is no because that's solely there is specify a specific host (and would not be impacted by such a change). If you're specifying the entire LAN subnet, then the answer is yes.
Pete LongTechnical ConsultantCommented:
>>subnet mask on any firewall rules that are setup correct?

If you have defined an ACL with a subnet, or an 'object' that has a subnet defined for it then yes :)

Jason ShawAuthor Commented:
One more this the simplest process for us at this point? I am assuming there is no way to leave current IP scheme in place and just make additions somewhere to add ip's?
Pete LongTechnical ConsultantCommented:
Thats a different Question :)

Yes (depending on your switches) you could spin up  a VLAN with a new range and setup a new DHCP scope for that new range.

Brian BEE Topic Advisor, Independant Technology ProfessionalCommented:
You could use two DHCP servers like I said, but you'd still have to change the subnet settings to all devices can find each other.

You could also add a second server on a new subnet and set up VLANs with routing between the two networks, but that may require some more planning.
Jason ShawAuthor Commented:
We are using Meraki MS220 switch....So, I would setup VLAN on the Meraki and also setup DHCP and new scope on the Meraki or continue with our current Windows server DHCP or does it even matter?
Pete LongTechnical ConsultantCommented:
You would create VLAN 2 then setup a DHCP Relay see this article on that VLAN then configure a scope on the DHCP relay you specify.

You then need to tag the ports into the new VLAN that you want to use the new network scope, you can do this en-masse in the Meraki dashboard.

David SpigelmanPresident / CEOCommented:
What you're talking about now is creating an entirely different subnet. (E.g. with a mask of You can certainly do that, but it does mean that, in order for traffic to go between the 2.x network and the 3.x network, it has to go through some sort of routing function. They're not on the same subnet, and cannot communicate directly. A VLAN is essentially another ip subnet running through the same wiring scheme, or through the same switch,, or through the same physical router interface. But there is still some routing function that would have to take place.

Some switches may be able to provide that function internally. I know that some of the higher end Cisco switches often have routing blades in them, for example. Don't know about the Merakis. And it's not hard to do. But you should understand what you're doing, if you choose that method. Widening the net mask would definitely be architecturally simpler. (But that doesn't mean it's the better option.)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.