[askms]

Hi,

I need (yes need because I received/inherited an internal network with real IPs) to change the whole IP range we have in the office.
I would like to get about 500 IPs (we have only 150 active IPs today and so I included future planning).
Our switch configuration is FLAT and we have a Primary and Secondary domain controller (windows 2008 R2 including DHCP and DNS services on it).

I know I should change the range in our FW (NAT) /SW/Network appliances but I would like your opinion about where do I need to change the scope and how ?

DHCP - do I just need to delete the scope and add a new one ?

Which scope should I use to get 500 IPs - 192.168.1.X ? or 192.168.10.x ? 172.16.X.X ?
If you can, please explain your choice.


DNS - should I just delete all records or do anything else ?


The next is obvious so I won't ask about it: Servers Desktops / Laptops / Printers / Etc ... Need to ipconfig / release and IPconfig / renew with Flush DNS I guess.

Your input is appreciated !

Thanks!
Me

[cruachan]

Step 1 is the hardest: Document the existing setup. Every printer, WAP, switch, router or anything else that might have an undocumented static IP.

My personal preference, even when the devices don't support them, is to setup DHCP reservations so that all devices are visible in the DHCP table.

You can't use 192.168.1.x or 10.x as those are Class C ranges and will only give you 254 usable addresses. I never use 192.168.0.x or 1.x or similar anyway as many home routers use these ranges and then external users have issues with VPNs.

Oh, and BTW there are no such things as "Primary" or "Secondary" DCs anymore.

[biggles77]

Just to be picky (sorry) 192.168.0.0/23 will give you 512 usuable IPs. It's called CIDR. However I do agree with cruachan and would not use 192.168.x.x in a corportate environment even though it can be done.

Best option is to decide what your future growth may be, NOT what you require right now or think you may require, and decide on a range. Use an online subnet calculator to play around with various options.

Search the DHCP Forum as there are several posts on similar lines to what you are asking. Well worth the search.

Finally, do NOT choose the 169.254.x.x range.

[joeqwerty]

Before you go about readressing your internal network: Are the "real" ip addresses in use actually assigned to your company?

If so, then there's no need to readdress your network. There's nothing technically wrong with using routable ip addresses internally. Before RFC 1918 came to pass, every network used routable ip addresses internally.

There's nothing inherently more secure about using RFC 1918 addresses internally then using routable ip addresses. Security is facilitated by your firewall and/or router, not by the ip address range is use.

[Ghostrocket]

Really glad to see this post

As I might have to do the same thing soon.

Although Joe said there's no harm in the real/public ip's my issue is if we move ISP, then we will lose our range.

So I am really looking to prevent this going forward.

For the record I was going to use 10.x.x.x feel free to comment anyone

[auglan]

Yeah we use 10.x.x.x in my network at work. Granted 10.x.x.x is a popular internal addressing scheme so you can still run into issues with partners, mergers etc, but nat can solve a lot of those issues.

[Ghostrocket]

Its good to hear other people use it and thanks for your reply.

We had it in my previous company.

We had our servers on one subnet, so 10.2.0.1 +, printers on 10.3.0.1+ etc just so we always knew what was what