Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Y
Y
Yamazaki2014-11-28 08:29:53
Network administration
Yamazaki, 2014-11-28 08:29:53

What is the best way to expand the address space lok. networks (normal network 192.168.1.0/24)?

Initial data:
Domain network for ~240 hosts, AD, Windows computers only (XP and 7),
I found such options, but there are probably others. Which one to choose (it is desirable to manage with a minimum of costs, both monetary and labor)?
1) just change the mask from /24 to /23 (/22). This will give a domain of about 500 (1000) addresses. Minus: dchp on the network is not raised - all computers have a static IP, i.e. I'll first have to enable IP acquisition via dchp through group policies. Also, subnets 192.168.0 (Internet access) and 192.168.1 (LAN) will be combined into one network, which is unacceptable, you will have to do one of them, say 192.168.50, and these are possible jambs with the fact that something is not will work, will be forgotten, not corrected and pop up during business hours.
2) create VLAN1 for LAN, then add another VLAN2 for new computers, (VLAN3 for servers, VLAN4 for network printers, copiers) configure vlans to work with each other. By the way, do they do that? VLANs are needed for subnetting, i.e. to isolate, not to unite, right?
3) add support for IP6 in some way. For example, dual stack will allow IP4 and IP6 addresses to coexist on the same network. Minus: it is difficult, I estimate the probability of failing this method is 90%.
4) just create another one (192.168.20/24) in the same physical network and route it to the first local area (buy a server or a router). Minus: I don’t know, the entire load is on a single network interface (if computers from network A want to communicate with computers from network B)?
I hope I described it well, help me choose a method, please.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
S
Sergey Pisarenko, 2014-11-28
@spisarenko

To begin with, it seems to me not very convenient to administer a network of ~240 hosts without DHCP.
I once solved this problem using method 1, because it was the least painful and the transition was "seamless". Expanded the subnet to /22. Everything works and works great. DHCP lives on WS 2012R2 on 2 servers for failover.
I seriously thought about method 2. In this case, you will either have to keep several areas on DHCP - each VLAN has its own area, or keep its own DHCP in each VLAN (in my opinion, this method is flawed).
Now I have come close to the implementation of this method in order to bring servers out of the same broadcast domain with users and "break" users into subnets based on a territorial basis. Routing between VLANs is easily provided by Layer 3-enabled switches.
I can’t say anything intelligible about the use of IPv6 in this case.
Method 4 is considered the least optimal of the above.

Report
S
Sergey, 2014-11-28
@bk0011m

Method 2 is the best IMHO.
My network has been divided into VLANs for 3 years now. Servers separately, users separately, phones separately, printers, VPN, WiFi ... etc. etc.
Very convenient, and very easy to control all this "goodness".
Only here there is a nuance. VLANs must be supported by the gateway and all switches. Otherwise, you will get confused in the wires and sockets.

Report
A
Armenian Radio, 2014-11-28
@gbg

AD without DHCP is nonsense, and even more than a hundred machines.
To cut a network into virtual local area networks - very correctly. In cases of special paranoia, each client computer is assigned a personal VLAN, and even with a port binding by MAC (there can be 4095 in total, but you can put tagged traffic inside another VLAN, and thereby get 4095 * 4095 VLAN), and rules are set on the router, according to which client machines can only see VLANs with servers.

Report
A
Alexander Karabanov, 2014-11-28
@karabanov

Hang up Secondary the address on the interface. That is, there will be two addresses on the interface at the same time 192.168.1.0/24 and 192.168.2.0/24 (for example), and then 192.168.3.0/24, etc. So you won't have to change the settings on the clients...
And yes, think about DHCP and Wealans, it's easier to live with them.

Similar questions
S
SkyChiff2013-11-19 00:49:57
How to raise 2 pppoe connections at the same time on 2 network cards on the server? 1Reply
U
uaf0x2016-02-28 23:33:03
Is it possible to redirect by User-agent globally in Apache settings? 1Reply
P
Pavel2016-03-01 09:59:20
How to find out by what standard the network card works (Fast Ethernet \ gigabit ethernet), from under windows? 4Reply
J
just_denni2016-03-03 15:42:49
Where can I find examples of algorithms? 0Reply
M
Macbet2016-03-03 16:12:24
How to organize a connection to a wifi network using a certificate? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question