Pshaw! Just implement IPv6 and be done with it!! hehehe On Fri, Jan 13, 2012 at 3:55 PM, Jon Harris <jk.har...@gmail.com> wrote:
> I with Ben on this go the option 2 and get it done now rather than wait > until it bites you again with other issues. Segregation would have the > added benefit of reducing the attack surface for the servers if nothing > else comes out of it. > > Jon > > On Fri, Jan 13, 2012 at 7:47 AM, Ben Scott <mailvor...@gmail.com> wrote: > >> I'll second everything ASB said, and add one more remark: If one >> *is* going to reorganize the network topology -- say, by putting >> servers in one net, wireless in another, or what-have-you -- this >> would be the time to do it. >> >> On Fri, Jan 13, 2012 at 7:35 AM, Andrew S. Baker <asbz...@gmail.com> >> wrote: >> > >> > It is possible to implement larger subnets than /24 without leaping all >> the way to /16 >> > >> > "Best" is always subjective, but without telling us how many IPs you >> foresee needing, and other key details, you'll be the only person capable >> of determining it. >> > >> > You have to ensure that all your edge and near-edge devices (firewalls, >> VPN concentrators, load-balancers) are updated accordingly. Also, the >> larger your subnet, the greater the chance of overlap with a subnet on the >> other side of a VPN. >> > >> > Beyond that, all the advice dispensed on subnetting this week should >> prove helpful. >> > >> > ASB >> > http://XeeMe.com/AndrewBaker >> > Harnessing the Advantages of Technology for the SMB market… >> > >> > >> > >> > >> > On Fri, Jan 13, 2012 at 4:33 AM, Oliver Marshall < >> oliver.marsh...@g2support.com> wrote: >> >> >> >> We’ve hit the limit of internal IP range and need to extend it. >> >> >> >> >> >> >> >> There’s a couple of options and I’m trying to gauge which is the >> “best”. >> >> >> >> >> >> >> >> Option 1 would be the easiest which is to extend our current range ( >> 10.1.37.0/24) to a /16 (10.1.0.0/16) to give us a whopping 65k IPs. This >> seems easy enough, change the IP settings in DHCP and on the servers and >> firewall and reboot it all. However we then have a myriad of VPN >> connections which will also need adjusting and a stack of old kit which >> hasn’t been touched since the animals went in two by two. >> >> >> >> >> >> >> >> Option 2 is to segregate the non-important stuff. Everyone here has a >> desktop, most also have a laptop. Everyone has a smart phone as well and >> most also have a tablet of some kind. Add to that the IP based webcams, >> printers, internet Tellys and the like and you can see why we’ve hit the >> limit. Really only the laptops and the desktops need internal access (to >> servers and the like). Everything else only needs external internet access. >> So we set up a separate wifi for external access on its own IP plumbed in >> to its own port on the firewall. That way we reduce the need for internal >> IPs. >> >> >> >> >> >> >> >> Any other options or any issues you may see? >> >> >> >> >> >> >> >> Anyone know what the real world impact will be of changing the IP >> subnet in a small to medium size network ? >> >> >> >> >> >> >> >> >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > >> > --- >> > To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> > or send an email to listmana...@lyris.sunbeltsoftware.com >> > with the body: unsubscribe ntsysadmin >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin