HomeSysadmin Notebook

How to Renumber the LAN (with New IP Addresses for a VPN)

Thu, 07/05/2012 - 02:41 — johnk

If you want to VPN, there are some varied solutions, most of them not requiring a LAN renumbering, but with trade offs. I won't go over them here, but I put off doing a renumbering for years, unit we really started to hit some limits of a 192.168.1.0/24 network. Chief among them was the inability to reliably use a VPN. This document will outline how I performed the network renumbering. Linked below is a model plan, which will be my starting point. I'll document how I renumbered, and you can use both documents as a reference for your own project.

IP Renumbering Plan

Make a Renumbering Spreadsheet

Make a renumbering spreadsheet that maps out ranges where you want computers, devices and VPN interfaces. Leave room for growth. I'm going to move things into a x.x.x.x/21 network that will support 2048 IP addresses. To further segment things, the overall office will have a x.x.x.x/18 network, and the x.x.x.x/21 will be a subnet. There will be up to six subnets, and we'll use two of them. The all-zeros and all-ones subnets won't be used.

Here are the netmasks:

11111111.11111111.11000000.00000000   /18  = 255.255.192.0
11111111.11111111.11111000.00000000   /21  = 255.255.248.0

This will segment the network into two networks, and you need a router. There are routers called "layer 3 switches" that will do this; get one with six ports. Some managed (layer 2) switches also include layer 3 switching features.

Move Devices to DHCP

Printers and other devices should be configured via DHCP. We currently have assigned fixed IP addresses for printers, and they will continue to be "fixed" by reserving the addresses. Go into the DHCP server, and make reservations for all the existing printers and their IP addresses.

Don't move routers to DHCP.

Whatever gets moved to DHCP will eventually require that any configurations on the personal computers also gets updated. So if a printer changes IP addresses, it'll need to get re-installed on all the clients, unless they print to it based on the MAC address or the name. If there's an option to print to a printer based on MAC address (like, the driver will seek out the printer by MAC address) go with that.

cont...

.

Donate Bitcoin to support the writer: 1F13NCPcFKjJ7oy36zc2vBTtqoQCBPpAPH

Comments are disabled

If you wish to comment, post this article on reddit or hacker news.