i wanted to confirm something before I changed my networks subnet.
I am currently using 172.16.1.x 255.255.255.0 I want to be able to use 172.16.1.x 172.16.2.x 172.16.3.x and so fourth and they all be on the same network. If I recall correctly, If I change the subnet to 172.16.0.0/16 (255.255.0.0) would that be correct? Reason being just to simplify things for me a little more than I have now for example, I want to have one DHCP server ditching IP's from the first server in the block 172.16.1.x and the second 172.16.2.x and finally 172.16.3.x. This letting me know which DHCP server gave out the Dynamic IP. If I am right about this, there is a little trick on something I want to try with public IP's. So if some folks could just confirm this for me that would be awsome.I obviously do not have 65,534 PC's lol. But this setup will let me know what servers and branches stuff is assigned. Like another example 172.16.10.x would be Store #10 computers. Thanks in advance. To add what would be the pros or cons if any using 10.x.x.x over 172.16.x.x or even 192.168.x.x?

Can I ask how many computers you need to setup on your network?

1 members found this post helpful.

Hello,

You're right, that is for the general part. But why would you use 255.255.0.0? That are a lot of networks. You should limit it down to for example 255.255.248.0 on both nets. That way you still have more then enough networks available to 'play' with. Have a look at this tutorial.

Kind regards,

Eric

2 members found this post helpful.

To help out with what you need, from my understanding, check this link out - http://www.subnet-calculator.com/

You will be able to figure out exactly what you need in able to configure your subnet for the number of hosts per subnet.

1 members found this post helpful.

Thanks for the quick replies. 255.255.248.0 will prolly work. Obe main reason is to use the 3rd oct of the address to know what box us doing the job. 255.255.255.0 is plenty of ups far as computer numbers however being private ops I'm not worried about anyone getting into the network since it is internal. When u say networks I'm just wondering using it thus way 172.16.7.1 would be in the same network as 17216.1.66 I'd the sub is 255.255.0.0. And if so great but would would be a problem doing it that way if any.

Hello,

You're welcome. Read the tutorial I pointed to in order to understand better how subnetting works. In short, 172.16.1.X/255.255.0.0 will have access to all networks from 172.16.0.1 to 172.16.255.254, while with a subnet of 255.255.248.0 the last address reachable would be 172.16.7.254.

The part I don't understand though is why you want to complicate your life setting up your network like that just to identify which DHCP server is giving you an IP on some machine. On your client machine you can just look at the dhclient.leases file to see which DHCP server handed out the IP (dhcp-server-identifier). The file should be in /var/lib/dhcp or /var/lib/dhcp3 depending your client version and distro.

Kind regards,

Eric

2 members found this post helpful.

Thanks again. It's not just for dhcp. But using that example I can just simply look at the ip and see where it leases from but also example for branched VPN from different locations and just to make sure I'm understanding subnet correctly. But again is there anything such as security or anything with this? Besides just have alot of available open ip's is there anything else to be concerned about

Hi,

There's always some effect on security. In this case it would be the number of IPs you need to know about. If you have a firewall set up and you have to allow traffic from ALL your subnets when in a 255.255.0.0 subnetted network, that's a lot of IPs to monitor, document, follow and know about. If you don't have the need for it, then stick with the lowest number you need. The less you need to control, the harder it is to 'simulate' an IP to gain access to your network. I'm sure that someone who's more into security then I am, will be able to provide you a lot more information on why you should limit your network (maybe Josh (corp769) can step in here?).

Kind regards,

Eric

1 members found this post helpful.

You shouldn't be worrying about subnetting when it comes to security. If security is an issue, then code up a good iptables script, shut down unneeded services, use strong passwords and strong encryption settings, and be smart about your computers and your networks. As far as VPN's, pretty much the same thing. Use strong keys and keep them safe, and just remember - "the best security is no security." Always be paranoid, and never let your guard down. Can I ask what kind of network you are running, and how many hosts total do you have on it?

1 members found this post helpful.

Okay so its not really much more guarding as we do now just have more to guard. Right now there isn't thT baby that wouldn't fit in a 255.255.255.248 sub but I'm thinking for growth. I may be opening alot of branches in the future and I will have hosts at each location all VPN to HQ and all locations can access resources from all locations such ad camera DVRS telephone recording servers etc but I don't also want to come in latter and say crap out of ip!s and gave to change it all up.

Hi,

You're confusing LAN with WAN I think. If you have a LAN with several subnets, you can assign those subnets to departments in the same building for example, to identify computers quickly when something happens. On the other hand if you're going to open other branches in other geological locations and connect them through VPN then your routers/firewall/VPN servers can take care of everything using NAT so you'll not be out of IPs pretty soon, not even when using 255.255.248.0 as subnet.

Kind regards,

Eric

1 members found this post helpful.

Um yeah that would be one way to do it but I was just thinking too another easy thing I was looking to do for example say from the Corp office the it guys want to look at the security camera DVRS at different stores the DVRS at all locations would be 172.16.x.100 the x being what ever store DVR you are wanting to review same for the telephone call recording computer being say 162.16.x.150 x again being the store location. So if the boss man comes to the it depRyment and says to o e guy hey check the activities on such date and time o. The cameras at store 12 we would automTixally. Know to access that DVR at 172.16.12.100. Of the phones at store 3 would be 172.16.3.150. Does that sound more like what I'm wanting to do and be easy to access far as remember what's what and were?

I know I'm not tired; Can you please explain that a little bit more clearer? It all seems way too mashed up......

Sorry about that. I have been doing all this from my iPhone. It tends to make it look that way. Especially doing it on the tiny little screen. I am on a real computer now. I am planning for the long term. So I got several ideas and looking at several options and ways to do everything. But for a good example and I have been able to think about it more as you guys give your suggestions and opionions on security and having a lot to monitor and so fourth but I will make a little diagram if I can and show you kinda what I am thinking by using a sub-net such as 255.255.0.0.

HQ would be where Logins, reports, monitoring, IT guys, and all that mess. Can't leave out the bosses. And if I use 172.16.x.0 sub-net to 255.255.0.0, I can use the 3rd oct of the address to represent a location or store number that is connected to the HQ. But at each store, they will each have a main router/firewall, a security camera DVR, a telephone call recording computer, printers, and no telling what else might end up there since it's not in stone yet. But lets use 2 stores for example. We will use store 3 and store 12 as examples. And we will call the headquarters store 1.

Store 1
Router 172.16.1.1
Camera DVR 172.16.1.100
Telephones 172.16.1.150
Back Office Printer 172.16.1.175

Store 3
Router 172.16.3.1
Camera DVR 172.16.3.100
Telephones 172.16.3.150
Back Office Printer 172.16.3.175

Store 12
Router 172.16.12.1
Camera DVR 172.16.12.100
Telephones 172.16.12.150
Back Office Printer 172.16.12.175

This basically saying at every store that has a camera DVR its IP would end in 100. Telephone 150. Back Office Printer for the managers end in 175.

Now It the corporate HQ's IT guys get a request to access the camera DVRS at any store, they know all DVR's in the company has an ip that ends in 100. So depending on what store they are requested to bring up a recording to review on a camera say a break in took place they would just need to know the store number. Boss says, "Hey store 12 got broke into last night, can you review the cameras and see what you can find out." The IT guys now know all they need to know to bring up that stores DVR. Which would be 172.16.12.100. If they would have asked about store 3, then all they would have to do is connect to 172.16.3.100. Since all stores are connected to the main HQ through VPN all the time it's like one large network.

Now so that there isn't so many IP's to monitor, we could make a scope on the DHCP servers for each location to only ditch out say 25 ips. That would bring down the number of ips to worry about. The main thing is that each location has the same equipment but just using one set of the IP address to represent the location or what store its located at to make it easy to just connect and do what work is needed. I hope I am not killing your eyes and that I am explaing this good enough and hope this isn't just a retarded way to do it. I also appreciate you guys talking with me about it.

Ahh ok, I see now. And yeah, stop using your iPhone :P LOL

Technically, yes you can do it that way, and it does make sense now. Just use it through a VPN, and use the routing configuration to your advantage.

1 members found this post helpful.