we've run out of ip

codolom · September 7, 2017, 12:05pm

Hi,
We have ONE Mikrotik 493G router behind a cable modem (this is for internet access). This serves lots of PCs, notebooks and cellphones which causes the problem:
We all use IPs like this: 192.168.21.x and we have run out of free IPs. DHCP often fails.
Are there any solution to use more IPs like 192.168.21.x and 192.168.22.y?
If You need more info just ask please.
Thanks for advance,
c

PS: if this question looks too trivial, doesn’t matter, I’m rookie.

BartoszP · September 7, 2017, 12:34pm

Yes. It is.
Just use mask /23 which gives you pool 192.168.20.x and 192.168.21.y which is equal to 192.168.20.x/23.
You will have 512 hosts. Using mask /22 you can address 192.168.20.0 – 192.168.23.255 hosts.

Remeber to change everywhere mask /24 to /23 !!! Especialy on devices with static addresses.

codolom · September 7, 2017, 1:58pm

Thank You!
This solution seems to make two other issues, but I didn’t tell everything. I couldn’t know the way, that’s why. OK, I show:
1st problem
This is looking like solution for this:
192.168.21.x and the next IPs are 192.168.22.x
These are false addresses in reality. Why? We have got more than one real addresses, and that’s why we use VPN. There are own IP at every address, like 192.168.0.a, 192.168.1.b, 192.168.2.c. We have got the 192.168.5.f and the next one is 192.168.6.g. We have to use a free, for example 192.168.51.f
Our router is the default gateway at the end of current ip domain (254).
Goal:
I have to separate some devices to a new one (192.168.51.x), but they have to access internet and some servers, maybe network devices at 192.168.5.f
Can I solve the problem with changing netmask only? Is it possible, to cause something wrong for somebody in VPN (for example my neighbours at first)?

2nd problem
There are many devices, what uses static IP, and DHCP uses the netmask 255.255.255.0 also. Maybe this will be too long work to change. What is Your opinion?

ZeroByte · September 7, 2017, 3:42pm

TL;DR:
It’s going to be a pain to renumber your network no matter when you do it. Do it now, and do it via a planned scheme that works for your growth needs that will make your life magnitudes easier in the future.

Full response:
Sorry, but there’s no way around fixing your numbering - at least not without gumming things up with more work-arounds that may come back to bite you in the long run.

Some short term fixes might be to

create a guest WiFi segment and move your phones/tablets/etc onto that segment, leaving the printers and LAN stuff alone for now.
shorten the lease duration so that transient devices like those above won’t take up space for long after they’re gone.

However, those short term fixes can quickly become permanent and make your network snowball into a spaghetti bowl nightmare.

If you have a growing organization, then I highly recommend that you switch to using 10.x.x.x as your private IP space. I previously worked at an enterprise where 192.168.x.x had been used since the beginning. The organization went through explosive growth, and the original site1 = 192.168.1.x , site2 = 192.168.2.x , etc scheme was vastly outgrown. There were all sorts of random 192.168.x.x networks at every site w/o rhyme or reason. They weren’t contiguous blocks; either by site or by functionality. 192.168.14.x may be a server net at site 3, while .13.x was a guest network at site 1 and .15.x was a workstation LAN at site 1 again.

I implemented a numbering scheme as follows:
10.x.x.x gets divided up by sites, so 10.1.0.0/16 is site1, 10.2.0.0/16 is site 2, etc.
The routers all had loopback IP addresses of 192.168.255.x/32, so I used the 4th octet of the loopback IP to dictate the site numbers in the new scheme.
This gives 256 /24 networks at each site. I then defined certain maps for the various uses of those networks as well:
Say 10.x.0-15.x would be server networks, 10.x.16-31 would be network management, etc.
Even small sites having only 12 seats would still follow this same scheme.
That way, we could tell at a glance what an IP address was just by looking at the 2nd and 3rd octets.

(What’s even better is that this mapping can be easily copied 1:1 when laying out IPv6. Dole out a /48 of IPv6 for each /16 of 10.x.x.x space and you’re done.)

In your case, I would say that the large site needs one of two things to happen:

split your LAN into two segments, with each using its own /24
or
create a supernet (/23 /22 etc) from available space in the 192.168.x.x range and renumber your large site into this supernet.

If you’re going to go through the trouble of renumbering, you may as well use the 10.x.x.x mapping strategy though, so that you can scale for years w/o running out of addressing.

Note that my scheme was based on the idea that we would never have more than 256 campuses, and that each would tend to be relatively large, requiring hundreds or thousands of seats (we ran call centers). If you would have more sites, but smaller, then you could give less than a /16 to each site so that more sites are available in your scheme.
e.g.
10.0.0.0/20 = site 1,
10.0.16.0/20 = site2,
10.0.24.0/20 = site3
etc.
Then you can break these /20s into smaller allocations at each site just as you would if giving a full /16 per site.