+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 30 of 30
How do you do....it? Thread, Device IP Allocation in Technical; Right so yes your choices are to get everything running how you need it you: 1. Change everything to the ...
  1. #16
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,988
    Thank Post
    120
    Thanked 283 Times in 261 Posts
    Rep Power
    107

    Re: Device IP Allocation

    Right so yes your choices are to get everything running how you need it you:
    1. Change everything to the 172.x
    or

    2. If you want more flexible ip configuration and a little more local protection from things lurking around on your grid then use a 192.x range for all your local devices and have a dual honed proxy natting your 192.x range to your grid 172.x range.

    Number 2 is the way I have it set up as do a few others I know of. Other keep their county assigned range as some rely on getting remote support from their LEA etc..

    Either way you need to change the current setup.

  2. #17

    Join Date
    Oct 2005
    Location
    Stevenage, Hertfordshire
    Posts
    53
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Device IP Allocation

    Great, Thanks for that. Security was a valid argument that i can understand but figured that the router/firewall should have been configured by the LEA to make this schools seeing other schools kit a non-issue. Further, I always password protect my devices when setting them up (And document the config)

    How do you keep track of what printer has which IP? Manually? Or have you setup something in DHCP (Like a scope with reservations for the 192.x.x range)?

    Do you agree that 255.255.252.0 is an invalid subnet mask for a class C address therefore I would have to change that aspect?

    Regards,

    Barry

  3. #18

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,969
    Thank Post
    1,355
    Thanked 1,814 Times in 1,126 Posts
    Blog Entries
    19
    Rep Power
    600

    Re: Device IP Allocation

    wow ... what a pants setup ... please don't ake any offence at that comment, but there is one thing missing here in a major way.

    What on earth is doing your routing?

    You should have at least one device available to route traffic between the subnets. You have one to route between 172.19.x.x as the proxy is also your default gateway ... so it says "any traffic note for this network should come through". Nothig is saying "for 192.168.3.x please line up here and a club 18-30 rep will be along shortly".

    Your switch is a layer 3 switch and can be set up to do your routing for you (up to 16 static IP routes IIRC) but that still does not work with the topology you have.

    As for the subnet mask ... it is possible to use it ... to make it a /22 address range, neither class C or B actually, and I am glad they did away with allocationg to classes (a class C range is typically /24, 255.255.255.0) and with the 2650 it is possible to have routing tables that will allow for the broadcast across all the 1022 hosts ... but I would not rely on it.

    http://www.subnetonline.com/subcalc/subnet8.html for a nice calculator for subnetting.

    I honestly cannot see any reason to be using this range ... none at all.

    I would get the printers onto the standard range and disable the second NIC in the FR.

  4. #19
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,988
    Thank Post
    120
    Thanked 283 Times in 261 Posts
    Rep Power
    107

    Re: Device IP Allocation

    I have DHCP reservations for my devices.
    According to the IP calculator that is a strange range as it reports these ranges

    # ID Range Broadcast
    0 192.168.1.0 192.168.1.1 - 192.168.1.62 192.168.1.63
    1 192.168.1.64 192.168.1.65 - 192.168.1.126 192.168.1.127
    2 192.168.1.128 192.168.1.129 - 192.168.1.190 192.168.1.191
    3 192.168.1.192 192.168.1.193 - 192.168.1.254 192.168.1.255

    Dont think too much about class specific subnet ranges though as they seem to be ignored a lot now though. Anyway bedtime it's friday! 8O

  5. #20

    Join Date
    Oct 2005
    Location
    Stevenage, Hertfordshire
    Posts
    53
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Device IP Allocation

    Quote Originally Posted by GrumbleDook
    wow ... what a pants setup ...
    lol you don't have to tell me that, I have been saying this since....well....forever.

    Using that subnet mask isn't exactly standard. Even the link to that subnet calc reports that 'Note: 192.168.3.100 is a class C IP address and is normally used with a subnet mask of type 255.255.255.x'


    Quote Originally Posted by ChrisH
    I have DHCP reservations for my devices.
    According to the IP calculator that is a strange range as it reports these ranges

    # ID Range Broadcast
    0 192.168.1.0 192.168.1.1 - 192.168.1.62 192.168.1.63
    1 192.168.1.64 192.168.1.65 - 192.168.1.126 192.168.1.127
    2 192.168.1.128 192.168.1.129 - 192.168.1.190 192.168.1.191
    3 192.168.1.192 192.168.1.193 - 192.168.1.254 192.168.1.255

    Dont think too much about class specific subnet ranges though as they seem to be ignored a lot now though
    Im glad it chucks stranges things out at you too. I have always been taught to follow standards. Otherwise things slip.

    Thanks for your input at this stupid time of night. I need my sleep too

    Night All

    Barry

  6. #21

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115

    Re: Device IP Allocation

    It is not a pants setup (or at least it wasn't). It's a perfectly adequate setup designed to raise the bar a little to prevent workstations on your LAN from messing with resources they don't need to access.

    Comments about routing are red herrings.

    Supernetting and subnetting has been around and perfectly valid for a long time i.e. 255.255.252.* is perfectly fine here, regardless of what some calculator says. Strictly classful networking went by the way ages ago in order to alleviate the alleged "world running out of IP addresses" problem.

    Again DHCP and DDNS is mostly for random workstations, whereas everything else usually requires a static address. If you do have a devices like that.. and you always do.. it's a good idea to manually add DNS entries for them. I wouldn't bother with DHCP reservations (but the static address must be in an excluded-for-lease range).

    If it were my network I'd likely change the new stuff you put in from 172 to 192 addresses to be consistent with the others. If I did have to talk to my switches and printers from somewhere besides the server it would likely only be one specific admin machine (probably a troubleshooting laptop) and I would give that static address in both the 172 and 192 ranges. Regardless I can always remote desktop to the server.

  7. #22

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,592
    Thank Post
    109
    Thanked 770 Times in 598 Posts
    Rep Power
    182

    Re: Device IP Allocation

    It does appear to be set up so that only the dual-homed machines can administer and contact the printers, etc. - a little paranoid and it does indeed add a layer of complexity that you could do without.

    I use the IP range 192.16.0.0/22 and use NAT to get out onto the RBC WAN. This works perfectly well.

    I also use reservations to assign the IP addresses to my printers - this means I can easily check which device has which IP and I can change them as needed.

  8. #23

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115

    Re: Device IP Allocation

    Well I think we'll just have to agree to disagree then...

    To me it's useful to have the logical separation between a) the Windows domain boxes, and b) all those other devices with their various (and variously secure) services that users have no need to access. Maybe I've got a warped mind, but I think a network "overlay" like that is a simple concept and trivial to configure/maintain.. just a minute of additional work when you add servers to handle print queues or setup a network admin workstation.

    And I don't think it's paranoid, but I'm aware of various exploits and one school in particilar that spent a lot of time tearing their hair out over some printer mischief this would have stopped dead. A better p-word word is prudent... it doesn't cost much and might save you a lot of hassle. It also conserves real IP addresses (assuming you use those for your workstations).

  9. #24

    Join Date
    Oct 2005
    Location
    Stevenage, Hertfordshire
    Posts
    53
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Device IP Allocation

    Its very interesting, Different people have very different ways of doing this. For example, A college just down the road do it the public way so they can administer from anywhere. I also think industry sets these sorts of things up in the same way.

    I prefer the public way because that’s the way I was taught. My NM is set in her way, and I am sure she as her reasons for it so I am not going to challenge anymore.

    I guess when I am a NM someday I can make these types of decisions my way.

    Thanks to all that posted.

    Barry

  10. #25

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,969
    Thank Post
    1,355
    Thanked 1,814 Times in 1,126 Posts
    Blog Entries
    19
    Rep Power
    600

    Re: Device IP Allocation

    @piqueaboo: But was is the point in dual-honing a server so that only the server can talk to certain devices? Security? maybe ... but it is still regarded as poor practice to do it this way nowadays ... even NSA security guidelines point to using VLANs and ACLs on switch ports to do this control. This also improves performance of switches, which is becoming more important when having to allow for QoS.

    I stand by the above configuration being pants ... if you don't accept my reasoning, think about the amount of confusion it seems to have caused, including extra work for configuration. Surely having the single scope on DHCP which allows for reservations being made via MAC address so a printer can be dropped in and configured with ease, saving time and effort.

    As for routing being a red herring ... every subnet / range should have a default gateway; this does not seem to be the case. So you end up having every switch doing the routing, relying on their own table or on broadcasts. Again ... regarded as poor practice and in larger neworks, especially those using VoIP, VLANs, QoS ...

    I have to admit to trying to make things as simple as possible really ...

    Then again ... I refer all honourable members to RFC 1925 (the twleve truths of networking) ... in particular rule 12

  11. #26

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,807
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Device IP Allocation

    Surely having the single scope on DHCP
    I dispute that. It's benifical to have two scopes if you implement the 80/20 rule to have redundancy with your DHCP servers.

  12. #27

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115

    Re: Device IP Allocation

    I said it "raises the bar bit" which is not poor practice compared with leaving the bar on the floor. The approaches are not mutually exclusive, but yes properly configured VLANs, ACLs et al are much, much better. If the equipment supports the latter then I'd seriously consider the pros and cons of implementing that stuff.

    Meanwhile, IP devices only need a gateway if they need to talk to the outside world and vice versa. Printers, switches, APs and the like do not need to talk to the outside world. And there is no conventional routing in this scenario - IP comms between two 192 devices relies on exactly the same mechanism (ARP) as IP comms between 172 devices.

    --

    DHCP redundancy *is* complex. The 80/20 rule relies on the 20 server being reliably slower to respond to requests (it's supposed to be on a remote subnet). The scope split is better based on making an educated guess for "what percentage of your machines are likely to a) have been offline for the lease duration, and b) will get switched on while their local DHCP server is down?".

    If you've only got one subnet, I'd consider setting up a second service with a few spare addresses but disabling it until needed. You could run both concurrently with a 50/50 split but watch our for bias i.e. significantly more leases being assigned from one server than the other.

  13. #28
    budgester's Avatar
    Join Date
    Jan 2006
    Location
    Enfield, Middlesex
    Posts
    486
    Thank Post
    4
    Thanked 37 Times in 30 Posts
    Rep Power
    24

    Re: Device IP Allocation

    <quote>
    (Most) of our printers and older switches (Ones that I didn't install) are currently on an IP range of 192.168.x.xxx ranging from 100 to 300 and a subnet of 255.255.252.0
    </quote>

    This a valid subnet see reasoning below

    So normally you would use a standard

    192.168.*.*
    255.255.255.0

    This would give you 256 networks with 254 hosts (0 for network, and 255 for broadcast)

    First Network range is 192.168.0.*
    Second Network range is 192.168.1.*
    Third Network range is 192.168.2.*
    Hence 254 hosts per network

    With a subnet mask of

    255.255.252.0 you get 64 networks with 1022 hosts.

    First Network range is 192.168.0.* to 192.168.3.*
    Second Network range is 192.168.4.* to 192.168.7.*
    Third Network range is 192.168.8.* to 192.168.11.*
    Hence 1022 hosts per network

    Calculations follow:
    256 - 4 = 252 Subnet Mask
    256/4 = 64 Networks
    256 * 4 = 1024 hosts per network

    Take out your Network and Broadcast address form each network to find out total amount of hosts for each network

    Subnetting seems like a black art but really isn't once you understand it.

    So if you wanted to split the 192.168.*.* address range into 16 networks you would

    256 - 16 = 240 Subnet mask
    256/16 = 16 Networks
    256*16 = 4096 hosts per network

    So the reason for using a subnet such as 255.255.252.0 is so that you don't restrict yourself to 254 hosts per network and have to do routing between networks, you would get 1022 hosts per network, which might just enough for a modern school if every student and teacher had a PC connected to your network. Which thankfully they don't have here yet.

    So how many hosts could you have with a subnet of 255.255.0.0 ?

    This is commonly used with the private range of 172.25.*.*

    So 256 * 256 = 65536 hosts per network

    Note all calculations are done with 256 because in computers 0 is a number to :-) so 0 -> 255 = 256 unique numbers.

    Am i making sense ?

    Regards

    Budgester

  14. #29

    SpuffMonkey's Avatar
    Join Date
    Jul 2005
    Posts
    2,250
    Thank Post
    55
    Thanked 280 Times in 187 Posts
    Rep Power
    134

    Re: Device IP Allocation

    [quote="budgester"]<quote>
    (Most) of our printers and older switches (Ones that I didn't install) are currently on an IP range of 192.168.x.xxx ranging from 100 to 300 and a subnet of 255.255.252.0
    </quote>

    300! - surely - you can't have a number bigger than 254?

  15. #30
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    34

    Re: Device IP Allocation

    on a 255.255.252.0 (/22) subnet, you can use the .255 address, because it's not the broadcast address for that subnet, but i'm being pedantic

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. MAC Based vlan allocation with procurve switches (11x)
    By AlexB in forum Wireless Networks
    Replies: 25
    Last Post: 21st September 2008, 05:56 PM
  2. Need a NAS device that can do RAID-5 - 1Tb
    By sidewinder in forum Hardware
    Replies: 4
    Last Post: 27th November 2007, 11:54 AM
  3. PC Not Recognising USB Device
    By enjay in forum Hardware
    Replies: 9
    Last Post: 16th November 2007, 03:26 PM
  4. New USB Security Device
    By in forum General Chat
    Replies: 3
    Last Post: 6th July 2006, 06:44 PM
  5. System Nonpaged Pool Allocation
    By indiegirl in forum Windows
    Replies: 21
    Last Post: 21st June 2006, 10:48 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •