Changing LAN subnet mask

JasminLandryJasminLandry Member Posts: 601
Hi I would need help from the experienced experts here :). We will be changing our LAN subnet mask in the next couple of weeks. We have user workstations, servers and networking equipment in this subnet. We currently have a 192.168.0.0/24 network and we'd like to extend it to a /23 or /22. I know I'll have to change the DHCP scope, firewall, servers, etc. But my question is, where do I start? Should I start with the clients or the L3 switches, configure the static IP information on the servers... Is there a "best practice" on how to do this? Of course we won't do this during work hours.

Comments

  • DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
    Hi,

    just quickly why extend the subnet and not simple create a second subnet, with routing between.

    Extending a sub net is generally the easier way than reducing it, but still can have some side effects that will bit you. Personal as you say you have all your devices in one subnet, I would be more inclined to create a new subnet and move the workstations over to it, so separating them from the server and network equipment.

    I am of the mid set that you should never have infrastructure devices and work stations together.
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
  • shodownshodown Member Posts: 2,271
    It will prob be best to create a new subnet. When you start getting into the larger subnets you are placing too many devices in the same bcst domain. I'm not sure how large your environment is, but usually when I'm doing new build outs. I actually keep the VLAN's isolated to a closet and route between them if needed.
    Currently Reading

    CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related
  • jibbajabbajibbajabba Member Posts: 4,317 ■■■■■■■■□□
    shodown wrote: »
    I'm not sure how large your environment is.

    Currently less than 255 devices I bet :p:p
    My own knowledge base made public: http://open902.com :p
  • JasminLandryJasminLandry Member Posts: 601
    DevilWAH wrote: »
    Hi,

    just quickly why extend the subnet and not simple create a second subnet, with routing between.

    Extending a sub net is generally the easier way than reducing it, but still can have some side effects that will bit you. Personal as you say you have all your devices in one subnet, I would be more inclined to create a new subnet and move the workstations over to it, so separating them from the server and network equipment.

    I am of the mid set that you should never have infrastructure devices and work stations together.

    I actually suggested that to my boss but he doesn't want to. I don't understand why though, we even have the VLANs set up on the switches and everything.

    As for the servers and workstations in the same subnet I am aware that it is a problem, but it's only our dev servers in there, not the critical ones. We still plan to move them someday though.

  • NutsacjacNutsacjac Member Posts: 76 ■■■□□□□□□□
    jibbajabba wrote: »
    Currently less than 255 devices I bet :p:p

    This made me laugh.
  • ougijoeougijoe Member Posts: 37 ■■□□□□□□□□
    jibbajabba wrote: »
    Currently less than 255 devices I bet :p:p

    hah!!!!
  • PurpleITPurpleIT Member Posts: 327
    As long as you aren't currently routing to any networks that overlap with your proposed extension, you can start anywhere. When I have done this in the past I started with the DHCP settings so the clients would get the new subnet mask (you may want to put an exclusion range in so you don't get clients with IPs the rest of the network isn't set up to deal with just yet).

    After that I tend to follow the packet - switches, then routers, then firewalls and so on out the Internet. I do the servers last.

    Try a test computer or two (statically configured) to make sure you can hit everything, the routes are good, etc and then take down exclusion ranges, etc. so the deployment is live.

    Document each step (preferably beforehand) so if you need to you can roll-back if things just aren't working out right.

    Last but not least, even though the boss isn't looking to have multiple subnets block out sections as if it were (maybe a /27 for the printers, a /26 for Department A, don't use the .0s and .255s, etc) so if he changes his mind then you just happen to have a solution all ready to go. If nothing else, it's good practice for you.
    WGU - BS IT: ND&M | Start Date: 12/1/12, End Date 5/7/2013
    What next, what next...
  • networker050184networker050184 Mod Posts: 11,962 Mod
    PurpleIT wrote: »
    Last but not least, even though the boss isn't looking to have multiple subnets block out sections as if it were (maybe a /27 for the printers, a /26 for Department A, don't use the .0s and .255s, etc) so if he changes his mind then you just happen to have a solution all ready to go. If nothing else, it's good practice for you.

    Excellent idea! When you finally do convince your boss you are already ahead of schedule on the planning.
    An expert is a man who has made all the mistakes which can be made.
Sign In or Register to comment.