This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Changing Network Mask

Hi,

I know just enough about networking to be dangerous, and this is a more general question I know, but since I have a UTM9 (SG230) I'll start here.

For decade-old and boring reasons, we have a LAN 192.168.0.0/19 for only a few hundred hosts (70 office staff with laptops and phones, some tablets, a few servers, printers, etc).

For years I have been trying to change this, and I think I'm about ready. I would like to change it to 192.168.16.0/22. Still room to grow but not so ridiculous as 8,190 addresses. Plus I can get my network away from common home network ranges to avoid VPN/NAT issues.

I am finally at the point where all my static and dynamic addresses fall between 192.168.16.2-192.168.19.254.

I already have 192.168.16.1 added as an Additional Address on the LAN interface. That'll be the new gateway address on the LAN.

DHCP clients are currently given 192.168.16.1 as the DNS Server and 192.168.0.1 as the gateway address.

My plan is to...

Swap the LAN's interface address and Additional Address (so 192.168.16.1 becomes the "real" one and 192.168.0.1 becomes the additional).

Change DHCP settings to point users to the new gateway address (192.168.16.1).

Since all static IPs are already in the range 192.168.16.2-192.168.19.254, they should still see and treat everything ok even before I change their masks, right? I have a couple windows servers in the network, including an AD DC, but I assume I can take my time in changing their masks since the /22 network I'm making is within the /19 network I currently have. Right?

Or am I in over my head?

Thanks,

Jeff

 



This thread was automatically locked due to age.
Parents
  • "they should still see and treat everything ok even before I change their masks, right?"

    probably not ... some parts of communication use Broadcasts to provide/request some data.

    Changing the networkmask also changes the broadcast-adress.

    First of all, I think of the arp-request


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Thanks Dirk.

    Then would it make more sense to change the static devices' masks and gateway settings first, THEN change the mask on the gateway itself?

    Thanks,

    Jeff

  • ... possible ....


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • What you've detailed will work, Jeff, but my usual recommendation is for internal subnets to be in the 172.16.0.0/12 range.  Reserve 192.168.0.0/16 for public hotspots and home users.  Reserve 10.0.0.0/8 for giant multinationals, ISPs, etc.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • What you've detailed will work, Jeff, but my usual recommendation is for internal subnets to be in the 172.16.0.0/12 range.  Reserve 192.168.0.0/16 for public hotspots and home users.  Reserve 10.0.0.0/8 for giant multinationals, ISPs, etc.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data