Advice for expanding range of usable IPs
Anyone have any real-life experience switching a live network from a /24 to a /23? I'm running out of IPs. I already have my phones on their own VLAN. Cameras on their own VLAN. WiFi is on its own VLAN. I need more IPs for the main/workstation network. In total I have 5 or 6 VLANs and the firewall controls access between the VLANs. All switches are managed but there's no routing done on the switches.
How feasible is it to do something like this over a weekend? I'd like to find (or create) a checklist to make sure I have planned this out before actually doing it.
It's a Windows 2016 domain with DHCP running on one of the DCs. All servers are static IP. Most workstations are DHCP.
Any tips, comments, etc are welcome!
How feasible is it to do something like this over a weekend? I'd like to find (or create) a checklist to make sure I have planned this out before actually doing it.
It's a Windows 2016 domain with DHCP running on one of the DCs. All servers are static IP. Most workstations are DHCP.
Any tips, comments, etc are welcome!
ASKER
I am using a Class C network.
Considering that you have burned up 252 addresses, I'm going to assume that there are servers involved as well as statically set devices like firewalls and Printers/Print Servers. To buy yourself some time, I would set a secondary address on all of the devices, if possible, in your new IP address range. Add a gateway to all of these devices for the new IP address of the router/firewall. This will allow you to continue working in both IP ranges until the project is complete.
First will be your Firewall/Router. You need to assign the primary address of the LAN interface as the new IP address and then assign the old address as secondary. This will allow you to delete the old address when the time comes. This also allows devices on the LAN to use either IP address as a gateway. You may also need to change/modify or duplicate any firewall rules or NAT translations to match.
Second, work on your servers, AD controllers are finicky about their IP's, make sure you have DNS entries setup before hand so they don't get lost looking for each other. If you have an Exchange server or SQL server, make sure you give them the same attention. Make sure your servers are available from both subnets before moving on.
Now you can add a new DHCP Pool, leaving the old one in tact for now. You never know if and when you will need to revert for some unexplained reason. Disable the old pool and enable the new.
From here it's troubleshooting. Be prepared, you are performing major surgery here, you will have problems. Listen to everyone and stay calm, many times different user complaints have a single solution, look for clues and monitor everything.
Can this be done in a weekend? It all depends on how well you prepare ahead of time and how many statically set devices you have. If you use secondary addresses, you can take care of the critical stuff over the weekend and then deal with the not so critical when you come in on Monday.
Once everything is moved, go back and remove the secondary IP addresses, one device at a time and verify that everything works. Finish with your firewall/router.
Have Fun!
First will be your Firewall/Router. You need to assign the primary address of the LAN interface as the new IP address and then assign the old address as secondary. This will allow you to delete the old address when the time comes. This also allows devices on the LAN to use either IP address as a gateway. You may also need to change/modify or duplicate any firewall rules or NAT translations to match.
Second, work on your servers, AD controllers are finicky about their IP's, make sure you have DNS entries setup before hand so they don't get lost looking for each other. If you have an Exchange server or SQL server, make sure you give them the same attention. Make sure your servers are available from both subnets before moving on.
Now you can add a new DHCP Pool, leaving the old one in tact for now. You never know if and when you will need to revert for some unexplained reason. Disable the old pool and enable the new.
From here it's troubleshooting. Be prepared, you are performing major surgery here, you will have problems. Listen to everyone and stay calm, many times different user complaints have a single solution, look for clues and monitor everything.
Can this be done in a weekend? It all depends on how well you prepare ahead of time and how many statically set devices you have. If you use secondary addresses, you can take care of the critical stuff over the weekend and then deal with the not so critical when you come in on Monday.
Once everything is moved, go back and remove the secondary IP addresses, one device at a time and verify that everything works. Finish with your firewall/router.
Have Fun!
I don't know how large the facility is and how the infrastructure is laid out, but you can look into creating VLANs based on sections of the facility. But as Frank mentioned, the key is preparation and having proper documentation on everything.
Have you considered adding a secondary address on your vlan interfaces? Then just use that subnet as an extension of that vlan.
that would be pretty easy assuming the second /24 is not currently used
1/ change your gateway settings. this will ot change a thing to existing hosts.
2/ change the dhcp setting so all the hosts in the current /24 use /23 masks
3/ wait till all of the hosts renewed their dhcp settings and switched to /23
4/ change the dhcp setting to allow the secondary pool
that's all
--
if the secondary /24 is used, this will be much more complex, and we'd need specificities. and you're midly sure to break things along the way. anyway, your first step is to make sure the dhcp lease time is short. equal or less to an hour, possibly a few minutes would seem reasonable.
1/ change your gateway settings. this will ot change a thing to existing hosts.
2/ change the dhcp setting so all the hosts in the current /24 use /23 masks
3/ wait till all of the hosts renewed their dhcp settings and switched to /23
4/ change the dhcp setting to allow the secondary pool
that's all
--
if the secondary /24 is used, this will be much more complex, and we'd need specificities. and you're midly sure to break things along the way. anyway, your first step is to make sure the dhcp lease time is short. equal or less to an hour, possibly a few minutes would seem reasonable.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
What class IP range are you using?