2

We are running a small network with address range 192.168.0.0/24. So we only have 254 IPs available. We want to increase this range slightly, to allow more hosts in the network. So if I change the network to 192.168.0.0/23, that should give us 256 more IP addresses right? From 192.168.0.1-192.168.1.254?

As a test I gave one of our machines on the network a static IP address 192.168.1.25/23. But this machine can't seem to connect to our default gateway, 192.168.0.1 -- the ping times out.

We have a box that serves as our DHCP, DNS, Gateway and firewall all in one, and its IP is 192.168.0.1, and on that I set the subnet mask to 255.255.254.0 (/23).

Anything I put in 192.168.1.x can't seem to get to the 192.168.0.1 gateway. Not sure what's going on. Is there something else I need to change?

Thanks in advance.

womble
  • 96,255
  • 29
  • 175
  • 230
ssin
  • 53
  • 2
  • 5
  • 3
    There is no such thing as class C (or A or B for that matter). It got obsolete several years ago. – pauska Jul 01 '11 at 14:01
  • If you have that many devices in your only network, it might be time to start considering a more segregated network. You didn't give enough information about your entire company that I'm certain this is true, just food for thought. – Kyle Smith Jul 01 '11 at 14:27
  • Its not an option at the moment to change everyone's subnet mask (complex mix of servers and desktops). I like eriktm's idea of having two seperate networks. I have almost got it working using routing tables, i can now ping the 0.x range from the 1.x range. But when i try to ping an external site (eg. google.com), it gets the ip address of the site but the ping times out. Is there something else i need to do on the routing tables? or my firewall/gateway (Untangle), if anyone is familiar with this software. – ssin Jul 01 '11 at 15:45
  • Separate questions should be in separate questions, not comments. – womble Jul 17 '11 at 08:26

2 Answers2

7

The ping won't work because the reply cannot be routed, as the router won't know where to find you 192.168.1.* machines. You'll have to change the subnet mask on all hosts in the subnet.

That said, why bother with those tiny bitmask changes -- if you have a large subnet, just make it /16 and be done with it -- what benefits do you expect otherwise?

Kerrek SB
  • 201
  • 1
  • 5
  • +1 for 'tiny bitmask' idea – jftuga Jul 01 '11 at 14:01
  • 2
    /16 is deeply wrong approach – poige Jul 01 '11 at 17:18
  • @Poige: care to elaborate? – Kerrek SB Jul 01 '11 at 17:20
  • — Expanding broadcast domain is always bad idea, specially when you going as wide as /16 since it wastes available bandwidth drastically. Small networks are okay with usual routers, and if throughput needs arises, switching routers (3rd level switches) can be deployed instead, but proper network segmentation would be helpful even in that case. – poige Jul 02 '11 at 07:55
  • @Poige: How does this apply in the present situation? The OP was clearly going to expand his broadcast domain to include all his available machines, and that's all. This isn't an uncontrolled environment. Given that the number of hosts is fixed, there's no benefit in making the netmask as big as possible, and you might as well go with one that's easy to inspect and understand. – Kerrek SB Jul 02 '11 at 07:59
  • Well, present continuously becomes outdated by future. In case you haven't built a system that is at least partly future-ready, you're in the past. Using /16 is the past, not even present. :-) – poige Jul 02 '11 at 17:16
  • @Poige: Hm, I don't think I buy that. Show me that there is really a bottleneck and we can talk. With switched networks, the available bandwidth between peers is usually not very dependent on the number of hosts in the network anyway, and since the OP has a single outgoing router, which is probably the main bottleneck outwards, I would need a much stronger argument against the simple solution. – Kerrek SB Jul 02 '11 at 17:20
  • I'm not selling. I just have 10+ years of network experience (mostly ISP's one) and sometimes I share it with guys like you. :-) Have you heard something about so-called "broadcast storms"?… There's "best practices" term and using "wider masks" than /24 on broadcast media isn't tagged with it. – poige Jul 02 '11 at 18:17
  • 1
    "With switched networks..." -- Switches don't help against broadcasts. Keep your networks small. – womble Jul 17 '11 at 08:21
2

By setting the subnet mask to /23 instead of /24 you would in theory get 255 more IP-addresses. However, this would require you to change the subnet mask on all devices already in the network. It would also increase the number of packets sent to the common broadcast address (192.168.1.255)

Another solution, which we use for our customers, is to add a new subnet - 192.168.1.0/24 - to the new computers, and add this to the routing table of your router. This would, if it is configured correctly, allow traffic from the 192.168.0.0/24 subnet to be sent to the 192.168.1.0/24 subnet and the other way around.

eriktm
  • 173
  • 1
  • 8
  • Correct in theory, but by the sound of the OP's requirements that would be way overkill... – Kerrek SB Jul 01 '11 at 14:05
  • and would route peer to peer traffic through the router, too. nothing wrong with just making his subnet larger. – SpacemanSpiff Jul 01 '11 at 14:24
  • Its not an option at the moment to change everyone's subnet mask (complex mix of servers and desktops). I like eriktm's idea of having two seperate networks. I have almost got it working using routing tables, i can now ping the 0.x range from the 1.x range. But when i try to ping an external site (eg. google.com), it gets the ip address of the site but the ping times out. Is there something else i need to do on the routing tables? or my firewall/gateway (Untangle), if anyone is familiar with this software. – ssin Jul 01 '11 at 15:45
  • You have to make sure that your routing table contains an entry for "the rest". This would be 0.0.0.0/0 which should be routed to the gateway your ISP have. (There are probably some other ways as well, but this is how we've done it) – eriktm Jul 04 '11 at 05:58