Hi Guys
I have an Intrent company network with about just over 200 Devices.
The network is Static ( No DHCP) for security till we get a NAC system
the Network ip range is: 192.168.10.20-254
Subnet: 255.255.255.0
I’m thinking about changing the subnet mask to a 252 range to give me extra ip as the current ip addresses are runinng out. This questions probably has been asked a few times but need to make sure that that I’ve covered everything:
Is there a way of Changing the subnet mask in the network automatically?
Or do I have to go to every device and change the subnet Mask to: 255.255.252.0?
Any Problems That i might have in the way?
Thanks
7 Spice ups
tobywells
(toby wells)
2
You would be better going to /23 aka 255.255.254.0 that gives you 512
As you have no DHCP running then its a manual change but I would probably use the time to switch to a more business class range
5 Spice ups
maxsec
(maxsec)
3
Echoing Toby /23 is plenty big enough
When you do go dhcp make the lease time alot smaller than the default 8 days, esp is you have alot of transient devices that will be in 1 day then not for the n days
If you have to dhcp then, yes you’ll have to manually edit each NIC setting
1 Spice up
Yes as the others say, without DHCP you’ll need to manually change the Subnet on each device.
Toby - what do you mean by a business class range? 192.16.10.x is standard for business use
maxsec
(maxsec)
5
Business class prob means 10’s or 172.16 subnet. Most consumer grade stuff starts is in the 192.168 network so good to avoid that if possible so you dont have clashes with peoples home networks when on VPNs etc
4 Spice ups
I’d buy that to avoid 192.168.0.x or 192.168.1.x or even 192.168.254.x but i’ve never seen any consumer grade stuff outside of that. I have seen consumer grade using 10.0.0.1 by default though. (home adsl router - can’t remember make)
I’d say 192.168.10.x is fine for a small business network.
chivo243
(chivo243)
7
We have a couple of VLANS where the DHCP lease time is in the single digit minutes. We have hundreds of users personal mobile devices hitting our DHCP server(guest VLAN of course ;-} ) and they may only need momentary access, so why give them a long lease?
And also remember there is a DHCP grace period as well!
** DHCP on Windows Servers – Why are the expired IP addresses not getting re-assigned? | Microsoft Learn **
Don’t laugh, I’ve been managing DHCP for 10+ years and only recently stumbled upon this little gem…
DHCP and NAC are independent things. You’re feeling the pain now by having to go and manually change everything, take the opportunity to switch everything to DHCP. You can manage your hosts this way, no problem. Also look at your networking hardware to enforce the DHCP setup. Not running DHCP doesn’t gain you any security from bad actors, and probably makes it worse since you don’t have any good way of matching an IP address to a physical device.
The only thing I have that has fixed IPs is the network infrastructure itself, and my core servers. Everything else is controlled via a redundant set of DHCP servers. If I ever have to go through a great renumbering again, I can just throw a few commands, and make the change.
@millujina
By not Having DHCP its harder for someone from outside the Organization to just hook up his laptop to any wall port and get access to the network.
I agree with u that if we get a NAC system then theirs no problem having DHCP.
Kenny8416
(Kenny8416)
10
If that’s your security concern then it is far more effective to not have unused wall sockets patched in to the switches.
Not having DHCP for that concern is security by obscurity, and that’s easily bypassed - just run a network config print page from any printer, find out your subnet range and set a static IP. less than 2 minutes work to get round the no DHCP problem.
2 Spice ups
