• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 42
  • Last Modified:

New client using 192.168.1.x subnet - Yikes!

Getting a new client changed over from SBS 2011 to a new 2016 Server. They are currently using 192.168.1.x for their internal scope - which I don't like. Have had issues with it in the past (with remote/VPN where user has same subnet at home).

Am I being overly cautious? Would be easier to leave subnet as is, but I think it is definitely worth the effort to change to something less 'common'. They have a mix of Windows and Macs with AFP connections, etc., so the change would require some work.

Looking for opinions with substantiation and/or 'been there / done that' reason why 192.168.1.x is OK or baaad.
Sal Sorice
Sal Sorice
2 Solutions
Just a been there and this is what I do:

I always like to set up clients on a 172.x.x.x subnet (lower half that is non routeable).

As you note, it leads to far fewer issues with VPNs.

I have yet to see anyone's home LAN in that locality - except my own, and I'm guessing, other techies.

Jose Gabriel Ortega CCEO J0rt3g4 Consulting ServicesCommented:
Hi Sorice, if the client had ?  what is the submask? it should be usually or /24.
This is a common IP network for a "local subnet" so yes, it's pretty normal, and if you do need to do a change you can change just the 192.168.X.0/24 (the X from 1 to 2) and that's all.

Here you have an interesting networking article that you should be aware of: https://helpdeskgeek.com/networking/what-is-192-168-0-1/
Andy BartkiewiczNetwork AnalystCommented:
You should use 10.x.x.x, it's a private class A. It will leave you the most room to create subnets. 172.x.x.x isn't a valid range because some of those are real IPs. It's actually 172.16.x.x. 192.168.1.x is only a class C and will really limit what you can do
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Hi Andy,

That's why I explicitly said that you use the non-roubtable section of 172.x.x.x.

We used to use 10.x.x.x many years ago in the mid noughties, but it was a newb mistake we made.  A fair number of ISPs issue their customers 10.x.x.x non-routable IPs, both to save money, and protect their customers (they say).

I would advise against it for exactly the same reason you avoid 192.168.x.x

David Johnson, CD, MVPOwnerCommented:
you have to change it on the dhcp server on those that use dhcp and the network card on those that use static ip's i.e. servers and maybe printers
Sal SoricePresidentAuthor Commented:
Thanks all for the comments. Alan said it best - use a range that is not likely to be used by either other private networks or ISPs, etc. I'm going to move them away from 192.168.1.x (small company so subnet of is fine) to something more 'unique'  in the 192 or 172 range.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now