Using 255.255.255.0 Subnet in a /22 network

[Adam]

I have a client who is currently seperated on two networks and connected via a VPN.

One network is 192.168.0.1 /24
The other is 192.168.1.1 /24

They are moving one office soon to a space next door, so we'll be physically connecting the two networks. I dont want to have to change IP's of servers to keep them seperate, plus they have a lot of phones so im afriad i might run out of DHCP space. So im gonna put em on a /22 network... however like i said, i DONT wanna hafta go around changing IP's

I know my subnet mask would be 255.255.252.0 but is it possible for me to keep my existing 255.255.255.0 subnet mask while keeping the range between 192.168.0.1 and 192.168.3.254 ???

Or is changing that subnet mask a requirement?

 

[cyr0n_k0r]

unless you have some layer 3 device to route between them.

If its DHCP whats the big deal?

 

[Adam]

Well the networks are going to be hooked up to one Netgear ProSafe Router.

My DHCP range would be odd. In one building they have IP phones, currently in the range of say 192.168.0.150 to .199 as i have computers/devices above/below the range.

In the 2nd building their ip's are same, but in the 192.168.1.150 - .199 range

so if i combine the networks my dhcp range will still only be weird, i cant designate two different ranges... i'll run out of space for the phones. (we only use dhcp for the phones).

Plus i have servers 192.168.1.200 and 192.168.0.200 so it would be odd.

Im using a Netgear SRX5308 (http://www.netgear.com/business/products/security/wired-VPN-firewalls/SRX5308.aspx)

 

[Vito_Corleone]

192.168.0.0/24 comprises 192.168.0.0-255. So no, you can't have a 24 bit mask for four networks. You could create separate VLANs and route between them with each /24. You could keep the whole /22 together, but you'll definitely need to make the mask right unless they don't need to talk to each other (and a gateway exists for each host to exit the subnet).

 

[trick0502]

192.168.0.0/24 comprises 192.168.0.0-255. So no, you can't have a 24 bit mask for four networks. You could create separate VLANs and route between them with each /24. You could keep the whole /22 together, but you'll definitely need to make the mask right unless they don't need to talk to each other (and a gateway exists for each host to exit the subnet).

i like the vlan idea. 4 vlans total, 2 vlans in each building.
1 vlan for the phones and one for the pc's.

 

[Adam]

Well ive never done VLANs and planned to experiment with a wireless access point. I want the access point on its own NETWORK so visitors can use it, but at the same time i didnt wanna hafta use up one of the public IP's the cable company gives us (that would require me using another router, which i dont really wanna put into the rack)... soo i was gonna plan with the VLAN idea and have the router give off ip's on a dedicated vlan for that wifi.

Then i planned on maybe putting the phones on a seperate VLAN since they DONT need to be part of the same network really.

But im not sure how vlans work. Id like to be able to do that, put one building on one network, 2nd on another and allow them to talk, and allow me to use my port forwarding... but that'll be tricky, as we'll have one public IP and i'd need to change the ports... but i'll have to change my ports anyway now that im merging onto one internet connection.

thoughts/ideas? how hard are vlans to setuip. this thing supports vlans im using

 

[thefreeaccount]

As long as your netgear router is performing proxy-arp, the subnet mask on the internal hosts doesn't matter. You can absolutely keep the subnet mask at 255.255.255.0 for the client PCs/servers. The L3 "routing" will be done by L2 ARP lookups on the router.

 

[Adam]

I guess i can just test it in my office tomorrow when it comes in, see what happens.

 

[Miker2k]

I like the VLAN idea. Seems all together cleaner until you can get the servers migrated. In the meantime drop your DHCP lease times down so that when you do make a change to the network being handed out that they'll renew quicker than the default timer.

 

[Vito_Corleone]

As long as your netgear router is performing proxy-arp, the subnet mask on the internal hosts doesn't matter. You can absolutely keep the subnet mask at 255.255.255.0 for the client PCs/servers. The L3 "routing" will be done by L2 ARP lookups on the router.

Horrible advice.

 

[Shadowspawn]

Horrible advice.

Agreed.

Yeah, it will work but systems trying to reach a system on the other subnet must hit the gateway before being directed back into the same VLAN. It is just messy and very poor design.

Ideally, you want to separate your IP phone traffic from your PC traffic as well for QOS and for security. Same goes for the servers.

VLANs are easy. Fact is, you are already using a default VLAN (usually VLAN 1).

What are you using for switches? Are they VLAN capable? Which Netgear ProSafe Router are you using? A quick Google search turned up one model that does not appear to be VLAN capable.

If you are required to use that router then I highly suggest you run a decent layer 3 switch to handle your VLAN tagging. How many phones, computers, printers, servers, etc, do you have?

 

[thefreeaccount]

Yeah, it will work but systems trying to reach a system on the other subnet must hit the gateway before being directed back into the same VLAN. It is just messy and very poor design.

Not ideal, maybe, but if the alternative is manually reconfiguring hundreds of static ips overnight...not fun.
Proxy-arp would allow him to gradually fix the static ip problem over time without affecting his users. It seems like when you have multiple networks that get squashed together, the answer is always either proxy-arp or route maps.

 

[Vito_Corleone]

Not ideal, maybe, but if the alternative is manually reconfiguring hundreds of static ips overnight...not fun.

Might not be fun, but a good lesson in why DHCP is your friend.

 

[Adam]

Well we're not a hundred machines... i have about 40 computers between the two buildings example:

PC1 is 192.168.0.101 OR 192.168.1.101
PC2 is 192.168.0.102 OR 192.168.1.102

So theres never a 192.168.1.106 and 192.168.0.106 for example.

However i have a server in each building for file storing purposes... both are 192.168.0.200 and 192.168.1.200

Then i have other devices, like printers, which would share the .203 .204 .205 space so i couldnt put them on the same 192.168.1.xxx

ANyway... using a /22 i can do what i need, i tested it today, works fine. I DO have to put my proper subnet mask in, OK NOT a big deal, thees maybe a total of ohhh say 60 devices id have to re-do. not a huge task, especially with a tech working under me. we can do it.

So anyway back on subject, i LIKE the idea of putting my IP phone traffic on a seperate vlan, so we can do QoS if we have to seperate from the main network. Im not a fan of the IP phones on my main network, but i didnt do phone system.

So i played around today with VLANs, i made some progress, but could only spend 20 minutes playing, but it seems easy enough to do... i was able to setup two vlans, but couldnt ping each other, so still learning about that.

Im using regular 24 port netgear prosafe switches. not managed, nothing fancy, just your basic rack mount 24 port switch. thats where my computers go.

However the phones all use the Netgear managed 24 port switches with full PoE theres a combination of a few types, but i know one is a NETGEAR FS728TP-100NAS - why dont i know what the others are? Because the phone guys provided the switches at first, till we took over 100% of the network. We do EVERYTHING but the phones now (they wanted to switch to us, but had already hired the phone guys).

Worst case scenario i cant tell the switches to USE the vlan, as they may not be smart enough... could i setup a 2nd vlan and just allow the phones to use static IP's dedicated to that vlan? or would i have to do mac address filtering? id like to assume they are not smart switches where they KNOW which vlan to use... is this possible?

THe netgear router im using is the NETGEAR SRX5308-100NAS

 

[Miker2k]

Worst case scenario i cant tell the switches to USE the vlan, as they may not be smart enough... could i setup a 2nd VLAN and just allow the phones to use static IP's dedicated to that VLAN? or would i have to do mac address filtering? id like to assume they are not smart switches where they KNOW which VLAN to use... is this possible?/QUOTE]

This is largely dependent on the capabilities of the phones and switches. New phones will do VLAN assignemnt by CDP (In a Cisco LAN) or LLDP. If your phones and switches will do LLDP it will hand out a "voice" VLAN to the phones and the native access VLAN to other devices.

You are unable to route between the VLANs because you need a layer three device to handle the routing. Typically a layer3 switch is used in the core but you could get away with a router on a stick (trunk both VLANs to a router) or even use a Windows box sitting on both VLANs to perform your routing.

There is no problem having IP Phones on the same network as your data since the traffic is really minimal, heck a Pandora stream could consume more bandwidth. Even with Ethernet overhead and a g.711 codec you're looking at just over an 80k stream. It is critical to get this IP overlap worked out sooner than later.

 

[Vito_Corleone]

There is no problem having IP Phones on the same network as your data since the traffic is really minimal, heck a Pandora stream could consume more bandwidth. Even with Ethernet overhead and a g.711 codec you're looking at just over an 80k stream. It is critical to get this IP overlap worked out sooner than later.

It's not about bandwidth, it's about security.

 

[Adam]

Im not really worried about security... we ran seperate network wires (white ones) for the phones and data... all the phones go into a PoE switch, and then all the PoE switches for phones and regular switches for network plug into a single 24 port netgear switch... so i basically have say 5 switches (3 regular, 2 poe) that plug into a 24 port netgear switch, which is hooked up to the router (why a 24 port, because we have an extra laying around, might as well use it)

i guess if a VLAN wont work (although i think i can route between vlans, it has some kinda option i saw briefly) i can always just use 192.168.0.1 - 192.168.2.254 for my computers and then let the phones just play on the 192.168.3.1 - 192.168.3.254 network... which can talk to the computer network (the phone system backs up to one of the servers)

its not a high security network here, your basic file sharing/printing and some VoIP phones thrown in. we're using a linksys business class router now

 

[Vito_Corleone]

Separate switches doesn't really mean anything. I'm talking about running your voice traffic on a separate vlan/broadcast domain.

 

[Adam]

Still trying to figure out how to do that stuff Vito... never played with VLANS before.

I know i can setup seperate vlans. My default VLAN is 192.1688.0.1/22 and my 2nd vlan is 192.168.4.1/24

Sooo after that not sure what to do in order to test it really. Id like to be able for vlan 1 to talk to vlan2 so that the phone system can backup its data to the main server

 

[Shadowspawn]

I need a diagram before I can understand this design. It sounds like you have a separate physical LAN for your phones...at least the start of one. If you home-run your POE switches to the router and home-run the computer switches to the router and put each interface on the router on a different VLAN....

Ugh, I have enough network issues on my own job. I don't want to think about yours as well.