Changing subnet mask?
-
@stacksofplates said in Changing subnet mask?:
@dashrender said in Changing subnet mask?:
@travisdh1 said in Changing subnet mask?:
@jaredbusch said in Changing subnet mask?:
@travisdh1 said in Changing subnet mask?:
You're conflating VLANs with security.
You need to realize who you are talking to.
@IRJ is probably the most skilled security person on the community.
I know this, and statements like he made give me headaches after having to explain to other people that VLAN does nothing for security if you don't have firewall/access rules as well.
The types of places @IRJ has worked at, I agree that it would be insane to have a flat network.
This is my thoughts - most small businesses don't need/want more complexity than a flat network.
Most small businesses don't want to deal with ransomware. What they want is immaterial. They should be doing what they need.
Not really sure what the argument is here? No one is disagreeing with what you said.
But the businesses that decide they need their infrastructure on prem, should 100% be separating networks. It takes little time/effort to set up properly.
-
@hobbit666 said in Changing subnet mask?:
@siringo said in Changing subnet mask?:
If I get the Cisco gear changed, prior to me changing the servers, PCs, printers etc to /24 will everything remain working??
For example, If I get the Cisco gear changed to /24 on weekend 1, will everything still communicate & work fine until I can change the other gear on weekend 2??
I know the subnets are different, but with all devices having 10.0.0.x addresses I'm thinking they still may be seen by the /24 devices????
Does that make sense?
From what i remember
no they won't talk to each other once they are on a /24
e.g. 10.0.1.X/24 wont talk to 10.0.2.X/24Have you checked the devices are using different IPs? 10.X.X.X? if your lucky they might all be on 10.0.X.X/24
They would talk to each other if you use a router. If it were me, I would just create the new network(s), VLAN(s) and router/firewall rules, then gradually move things over until everything was off the /8. That's what I did at my present company where we once had everything on a single /23
-
@siringo said in Changing subnet mask?:
Inherited an old SBS network which has been upgraded, but is still using the 10.0.0.0 /8 setup.
I was thinking of changing the subnet to /24.while the old addressing is insane, what's the reason to change? Unless there is a benefit, why? Just reducing the address pool isn't going to buy you anything.
-
@siringo said in Changing subnet mask?:
I know the subnets are different, but with all devices having 10.0.0.x addresses I'm thinking they still may be seen by the /24 devices????
Yes, if everything falls within the scope of a /24, then all of the devices that are in a larger pool will keep working. But they ALL have to be already in the smaller pool and ONLY the subnet mask gets changed.
But again... why?
-
@irj said in Changing subnet mask?:
@siringo said in Changing subnet mask?:
Sorry if this is a dumb question but ...
Inherited an old SBS network which has been upgraded, but is still using the 10.0.0.0 /8 setup.
I was thinking of changing the subnet to /24.
Currently all devices still have 10.0.0.x addresses.
Some of the their network gear is managed and I need to arrange with them to change settings within their Cisco gear to /24.
If I get the Cisco gear changed, prior to me changing the servers, PCs, printers etc to /24 will everything remain working??
For example, If I get the Cisco gear changed to /24 on weekend 1, will everything still communicate & work fine until I can change the other gear on weekend 2??
I know the subnets are different, but with all devices having 10.0.0.x addresses I'm thinking they still may be seen by the /24 devices????
Does that make sense?
Create /24 VLANs. Separate severs, printers, workstations with different VLANs. Then you can block workstations from even seeing server VLAN.
Which is fine, but can be done without changing the current subnet. Im' only arguing against unnecessary effort for zero gain.
-
@hobbit666 said in Changing subnet mask?:
@siringo said in Changing subnet mask?:
If I get the Cisco gear changed, prior to me changing the servers, PCs, printers etc to /24 will everything remain working??
For example, If I get the Cisco gear changed to /24 on weekend 1, will everything still communicate & work fine until I can change the other gear on weekend 2??
I know the subnets are different, but with all devices having 10.0.0.x addresses I'm thinking they still may be seen by the /24 devices????
Does that make sense?
From what i remember
no they won't talk to each other once they are on a /24
e.g. 10.0.1.X/24 wont talk to 10.0.2.X/24Have you checked the devices are using different IPs? 10.X.X.X? if your lucky they might all be on 10.0.X.X/24
He didn't ask about 10.0.x.x, only 10.0.0.x, which would be the same /24.
-
@scottalanmiller said in Changing subnet mask?:
@siringo said in Changing subnet mask?:
I know the subnets are different, but with all devices having 10.0.0.x addresses I'm thinking they still may be seen by the /24 devices????
Yes, if everything falls within the scope of a /24, then all of the devices that are in a larger pool will keep working. But they ALL have to be already in the smaller pool and ONLY the subnet mask gets changed.
But again... why?
Forgetting about the - but why part...
The OP could make sure all devices are in the /24 before touching anything by changing DHCP to only hand out addresses in /24 range, then move by hand any staticly assigned devices into that range.
-
@dashrender said in Changing subnet mask?:
@scottalanmiller said in Changing subnet mask?:
@siringo said in Changing subnet mask?:
I know the subnets are different, but with all devices having 10.0.0.x addresses I'm thinking they still may be seen by the /24 devices????
Yes, if everything falls within the scope of a /24, then all of the devices that are in a larger pool will keep working. But they ALL have to be already in the smaller pool and ONLY the subnet mask gets changed.
But again... why?
Forgetting about the - but why part...
The OP could make sure all devices are in the /24 before touching anything by changing DHCP to only hand out addresses in /24 range, then move by hand any staticly assigned devices into that range.
Yes, quite doable.
-
@dashrender said in Changing subnet mask?:
@scottalanmiller said in Changing subnet mask?:
@siringo said in Changing subnet mask?:
I know the subnets are different, but with all devices having 10.0.0.x addresses I'm thinking they still may be seen by the /24 devices????
Yes, if everything falls within the scope of a /24, then all of the devices that are in a larger pool will keep working. But they ALL have to be already in the smaller pool and ONLY the subnet mask gets changed.
But again... why?
Forgetting about the - but why part...
The OP could make sure all devices are in the /24 before touching anything by changing DHCP to only hand out addresses in /24 range, then move by hand any staticly assigned devices into that range.
I gave that process above.
-
@irj said in Changing subnet mask?:
@siringo said in Changing subnet mask?:
@dashrender said in Changing subnet mask?:
Then comes the question - does he have the gear needed to do that?
the answer is no, the answer to whether I have the desire or need is also no.
That's a very sad answer IMO
sorry to have disappointed you
-
@dashrender said in Changing subnet mask?:
@travisdh1 said in Changing subnet mask?:
@jaredbusch said in Changing subnet mask?:
@travisdh1 said in Changing subnet mask?:
You're conflating VLANs with security.
You need to realize who you are talking to.
@IRJ is probably the most skilled security person on the community.
I know this, and statements like he made give me headaches after having to explain to other people that VLAN does nothing for security if you don't have firewall/access rules as well.
The types of places @IRJ has worked at, I agree that it would be insane to have a flat network.
This is my thoughts - most small businesses don't need/want more complexity than a flat network.
^^^ real world.
-
@scottalanmiller said in Changing subnet mask?:
@siringo said in Changing subnet mask?:
Inherited an old SBS network which has been upgraded, but is still using the 10.0.0.0 /8 setup.
I was thinking of changing the subnet to /24.while the old addressing is insane, what's the reason to change? Unless there is a benefit, why? Just reducing the address pool isn't going to buy you anything.
Yes this ^^^ exactly Scott. I'm of the same mind, that's part of why I threw the question out there, I wanted 2nd opinions.
Everything is working fine ATM, why would I want to make an unneccessary change that provided no benefit but could introduce downtime. I susbcribe heavily to the KISS principal, hence my lack of interest in VLANing in this instance.
The only reason I came up with, when thinking about the change is that it may make the environment 'look' more professional by having a more appropriately scoped, network.
Thanks for all the opinions and information it is all greatly appreciated.