@wduke<\/a> made the most important statement here: :Why are you doing this?\"<\/p>","upvoteCount":3,"datePublished":"2024-11-21T16:22:11.578Z","url":"https://community.spiceworks.com/t/setting-static-ip/1143119/5","author":{"@type":"Person","name":"kencarter","url":"https://community.spiceworks.com/u/kencarter"}},{"@type":"Answer","text":"Awhile back, I inherited a school that was running one server. It was server 2003. The DHCP scope was full. At most day-to-day there were 3 or 4 unused IP Addresses. I also noticed that they were running on expired licensing and had a demo version of server. It was a mess. I was able to get a couple of servers donated and got the licensing updated. We started running server 2019 and set the scope to never run out of DHCP’s. Like I said - it was a mess…<\/p>","upvoteCount":1,"datePublished":"2024-11-21T18:15:19.348Z","url":"https://community.spiceworks.com/t/setting-static-ip/1143119/6","author":{"@type":"Person","name":"StoneyD","url":"https://community.spiceworks.com/u/StoneyD"}},{"@type":"Answer","text":"
Here at the library, the primary network was 192.168.1.x /24. The firewall living at 192.168.1.1, etc. That turned out to not be enough, so the subnet was change to /23, and they magically had aonther 256 addresses. This happened before I got here. \nWhen I arrived, the primary subnet was filling up again, and there was another, public, subnet, that had also grown 172.x.x.x/24, then /23, then /22, which was filling up. \nI found that the real problem with that one was lease time. Since patrons come and go so often, long lease times were using up all the addresses. I dropped it way down from several days to an hour or so, and freed up all the addresses.<\/p>\n
But see, I knew why the changes were made, and why I made the change I did. I understood the consequences and prepared for them, BEFORE stuff went fanward. Remember, Slow is smooth, and smooth is fast.<\/p>","upvoteCount":1,"datePublished":"2024-11-21T22:07:37.154Z","url":"https://community.spiceworks.com/t/setting-static-ip/1143119/7","author":{"@type":"Person","name":"wduke","url":"https://community.spiceworks.com/u/wduke"}},{"@type":"Answer","text":"
Thank you everyone, I now understood the purpose for this, I think I’ll stick with default range until it is needed for changes.<\/p>","upvoteCount":0,"datePublished":"2024-11-22T00:44:36.821Z","url":"https://community.spiceworks.com/t/setting-static-ip/1143119/8","author":{"@type":"Person","name":"maaothman","url":"https://community.spiceworks.com/u/maaothman"}},{"@type":"Answer","text":"
If you plan to host any services on-premises (like a file server or remote desktop services (RDS) / virtual desktop infrastructure (VDI)) that your users might access via VPN, I highly<\/em> recommend that you avoid using the 192.168.[0-1].0 ranges.<\/p>\nThe reason is that most home computer networks use 192.168.0.x or 192.168.1.x, and if your office has the same network address range, then connection via VPN will be practically impossible. (There are ways to make it work, but it’s a kludgy and requires advanced network address translation (NAT) techniques.)<\/p>\n
Warning - advanced network concepts ahead! Feel free to tune out.<\/em><\/p>\nFor business purposes, I actually prefer to use 10.x.y.z – even for small businesses. Optionally, the 172.16.y.z - 172.31.y.z range. The reason is that you can build an efficient network structure that simplifies routing.<\/p>\n
Considering 10.x.y.z, I’ll use the second octet (x) to denote the site. For example, the main office in Portland will be assigned 10.1.0.0/16 and the office in Billings will be assigned 10.2.0.0/16 and so on.<\/p>\n
Then, the third octet (y) will be used to denote VLANs. So the primary VLAN (1) in Billings might be 10.2.0.0/23 (allowing for 10.2.0.0 thru 10.2.1.255; 512 addresses) and the camera VLAN 10.2.4.0/22 (we’ve got a LOT of cameras!).<\/p>\n
\nSite note: when you use a /23 or larger subnet, addresses ending in 0 and 255 in the middle of the range are valid host addresses, but some systems and software are poorly coded and will not communicate properly with those addresses because 0 and 255 are often assumed to be network and broadcast addresses, respectively. For this reason, I tend to avoid assigning those addresses, and exclude them from DHCP.<\/p>\n<\/blockquote>\n
The last octet, of course, denotes the host. This pattern is duplicated at each site.<\/p>\n
Here’s where this simplifies routing: I’ve got a site-to-site VPN (or maybe even a leased line) between the sites. In Portland, I set up a route for 10.2.0.0/8 pointing to Billings, and that covers every VLAN in the Billings site. In Billings, I can set up a route for 10.0.0.0/8 pointing to Portland, and traffic to any other site will just “know” to go to Portland, and the Portland router will sort it out and send it on its way. (I could also add additional routes between individual sites if that is more efficient.)<\/p>\n
Otherwise, if you don’t carefully plan your supernetting/subnetting, you end up adding a route entry for every single subnet on every single router in the organization (or you set up routing protocols, which get even more<\/em> advanced) and then things break when you have to maintain them and mess up or forget to update that one router in Albuquerque. Even if you do<\/em> set up routing protocols, structuring your supernets/subnets properly can still make them more efficient and easier to troubleshoot.<\/p>\nYou can, of course, build a supernet/subnet structure with the 192.168.0.0/16 network range, but using the 10.0.0.0/8 range as I’ve described above makes it easier for humans<\/em> to understand the network structure.<\/p>","upvoteCount":2,"datePublished":"2024-11-22T07:10:40.839Z","url":"https://community.spiceworks.com/t/setting-static-ip/1143119/9","author":{"@type":"Person","name":"Jonathan-Johnson","url":"https://community.spiceworks.com/u/Jonathan-Johnson"}},{"@type":"Answer","text":"I agree with all of what Jonathan said. However, given that this particular user is brand new, I suspect it will be a while before he is managing the described network. He could run into the VPN thing, though. So using a 10.x.x.x network is danged fine suggestion.<\/p>\n
Of course, if he’s already on a 192.168.x.x network, there’s not really any difference between changing it now, and changing it later when he understands what’s going on a little more.<\/p>","upvoteCount":0,"datePublished":"2024-11-25T18:11:13.408Z","url":"https://community.spiceworks.com/t/setting-static-ip/1143119/10","author":{"@type":"Person","name":"wduke","url":"https://community.spiceworks.com/u/wduke"}}]}}
maaothman
(maaothman)
November 18, 2024, 8:40am
1
I notice some company using private IP address such as 10.10.xx.xx,
My question is How do I set from Private IP 192.168.xx.xx to simpler 10.10.xx.xx to my local network for devices. I am a network beginner.
4 Spice ups
matt7863
(m@ttshaw)
November 18, 2024, 9:33am
2
You change the ip address and subnet mask of the main router, and then update the dhcp scope on that device.
4 Spice ups
This is actually a much more complex answer than it appears.
I have been in IT now for 20 years and I remember wanting to go through and do “all the things”, I have had some hard lessons along the way. I am not saying there isn’t benefit in learning the hard way, but I would highly encourage you to get some non-production lab equipment or better yet, a virtual network sandbox like Packet Tracer or GNS3 to explore your IP addressing desires.
That being said, I agree with matt7863, it is relatively easy to change the IP address and subnet mask of the main router / DHCP scope. However, IMHO, you would be better off, sticking with the 192.168.x.x/24 subnet until you are not a network beginner.
Best of luck!
3 Spice ups
wduke
(wduke)
November 19, 2024, 8:39pm
4
I’ve been doing this for a few years myself, and I’ve learned the first question should be - Why am I doing this? What do I gain?
If you can’t answer that, don’t do it. I can’t begin to say how many weird messed up situations I’ve stepped into because someone “fixed” something they didn’t understand. Defaults aren’t always bad. In fact, they’re usually pretty darned good.
5 Spice ups
kencarter
(Ken Carter)
November 21, 2024, 4:22pm
5
Using 10.x.x.x implies that you have a really large number of endpoints (think multi-national corporation large). I use 192.168.0.1/23 since I don’t need anymore than 512 endpoints. You can use 192.168.x.x and support up to 65,535 endpoints. @wduke made the most important statement here: :Why are you doing this?"
3 Spice ups
StoneyD
(StoneyD)
November 21, 2024, 6:15pm
6
Awhile back, I inherited a school that was running one server. It was server 2003. The DHCP scope was full. At most day-to-day there were 3 or 4 unused IP Addresses. I also noticed that they were running on expired licensing and had a demo version of server. It was a mess. I was able to get a couple of servers donated and got the licensing updated. We started running server 2019 and set the scope to never run out of DHCP’s. Like I said - it was a mess…
1 Spice up
wduke
(wduke)
November 21, 2024, 10:07pm
7
Here at the library, the primary network was 192.168.1.x /24. The firewall living at 192.168.1.1, etc. That turned out to not be enough, so the subnet was change to /23, and they magically had aonther 256 addresses. This happened before I got here.
When I arrived, the primary subnet was filling up again, and there was another, public, subnet, that had also grown 172.x.x.x/24, then /23, then /22, which was filling up.
I found that the real problem with that one was lease time. Since patrons come and go so often, long lease times were using up all the addresses. I dropped it way down from several days to an hour or so, and freed up all the addresses.
But see, I knew why the changes were made, and why I made the change I did. I understood the consequences and prepared for them, BEFORE stuff went fanward. Remember, Slow is smooth, and smooth is fast.
1 Spice up
maaothman
(maaothman)
November 22, 2024, 12:44am
8
Thank you everyone, I now understood the purpose for this, I think I’ll stick with default range until it is needed for changes.
If you plan to host any services on-premises (like a file server or remote desktop services (RDS) / virtual desktop infrastructure (VDI)) that your users might access via VPN, I highly recommend that you avoid using the 192.168.[0-1].0 ranges.
The reason is that most home computer networks use 192.168.0.x or 192.168.1.x, and if your office has the same network address range, then connection via VPN will be practically impossible. (There are ways to make it work, but it’s a kludgy and requires advanced network address translation (NAT) techniques.)
Warning - advanced network concepts ahead! Feel free to tune out.
For business purposes, I actually prefer to use 10.x.y.z – even for small businesses. Optionally, the 172.16.y.z - 172.31.y.z range. The reason is that you can build an efficient network structure that simplifies routing.
Considering 10.x.y.z, I’ll use the second octet (x) to denote the site. For example, the main office in Portland will be assigned 10.1.0.0/16 and the office in Billings will be assigned 10.2.0.0/16 and so on.
Then, the third octet (y) will be used to denote VLANs. So the primary VLAN (1) in Billings might be 10.2.0.0/23 (allowing for 10.2.0.0 thru 10.2.1.255; 512 addresses) and the camera VLAN 10.2.4.0/22 (we’ve got a LOT of cameras!).
Site note: when you use a /23 or larger subnet, addresses ending in 0 and 255 in the middle of the range are valid host addresses, but some systems and software are poorly coded and will not communicate properly with those addresses because 0 and 255 are often assumed to be network and broadcast addresses, respectively. For this reason, I tend to avoid assigning those addresses, and exclude them from DHCP.
The last octet, of course, denotes the host. This pattern is duplicated at each site.
Here’s where this simplifies routing: I’ve got a site-to-site VPN (or maybe even a leased line) between the sites. In Portland, I set up a route for 10.2.0.0/8 pointing to Billings, and that covers every VLAN in the Billings site. In Billings, I can set up a route for 10.0.0.0/8 pointing to Portland, and traffic to any other site will just “know” to go to Portland, and the Portland router will sort it out and send it on its way. (I could also add additional routes between individual sites if that is more efficient.)
Otherwise, if you don’t carefully plan your supernetting/subnetting, you end up adding a route entry for every single subnet on every single router in the organization (or you set up routing protocols, which get even more advanced) and then things break when you have to maintain them and mess up or forget to update that one router in Albuquerque. Even if you do set up routing protocols, structuring your supernets/subnets properly can still make them more efficient and easier to troubleshoot.
You can, of course, build a supernet/subnet structure with the 192.168.0.0/16 network range, but using the 10.0.0.0/8 range as I’ve described above makes it easier for humans to understand the network structure.
2 Spice ups
wduke
(wduke)
November 25, 2024, 6:11pm
10
I agree with all of what Jonathan said. However, given that this particular user is brand new, I suspect it will be a while before he is managing the described network. He could run into the VPN thing, though. So using a 10.x.x.x network is danged fine suggestion.
Of course, if he’s already on a 192.168.x.x network, there’s not really any difference between changing it now, and changing it later when he understands what’s going on a little more.