Community discussions

MikroTik App
 
robertEIT
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Tue Sep 08, 2015 6:16 pm

More than 254 IPs needed! What options do I have?

Mon Jun 11, 2018 2:50 am

Hi guys!

So I have this situation in a small school in wich the current network is really badly configured and they reached (I think) the limits of their LAN subnet.

I'm going to change their main router with a RB951G for the time being and I was wondering what options do I have for increasing the number of IPs available on the LAN via the DHCP server. 99% of their devices are DHCP configured so I don't think I'll have to check their settings, only some DVRs and printers I believe have static IPs configured but I do have access to them.

In the future were they get the money we will replace their old equipment and get someone to properly redesign and segment the LAN correctly but now they need a temporary fix.

Will I get away with changing the subnet size in the main router and restarting the DHCP server?

Sent from my STH100-2 using Tapatalk

 
IntrusDave
Forum Guru
Forum Guru
Posts: 1290
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: More than 254 IPs needed! What options do I have?

Mon Jun 11, 2018 3:03 am

Just right off, a few things...

1) I don't think a RB951G is suitable for this. I would start with an RB3011 at the least, maybe an RB1100AHx4
2) Needing more than 254 IP's means you need a Class B or Class A subnet. I do not recommend simply changing the netmask, as many devices aren't going to tolerate a class B or A netmask on a Class C IP. While is it possible, it quickly turns into a support nightmare.
3) Switching a subnet almost always causes a huge nightmare of random issues. It may be something that you want a network admin to help you with.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
cgallery
newbie
Posts: 35
Joined: Tue Apr 24, 2018 5:25 am

Re: More than 254 IPs needed! What options do I have?

Mon Jun 11, 2018 6:52 am

Change your subnet to /23. 512 addresss. It works fine.
 
boxpik
just joined
Posts: 7
Joined: Fri Jul 29, 2016 1:28 am

Re: More than 254 IPs needed! What options do I have?

Mon Jun 11, 2018 7:38 am

afaik, increasing the number of devices in your network >255 with switching from /24 netmask to /23 without network segmentation can't lead to any problems, except the increasing chance of getting a broadcast storm in your network, which may become a serious problem itself :)
And what about your internet speed? I believe RB951G can handle only 30-40 mbit/s with NAT
Last edited by boxpik on Mon Jun 11, 2018 7:38 am, edited 1 time in total.
 
IntrusDave
Forum Guru
Forum Guru
Posts: 1290
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: More than 254 IPs needed! What options do I have?

Mon Jun 11, 2018 7:42 am

some devices won't work correctly when you mix subnet classes. Mixing Classes isn't a good idea.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
sindy
Forum Guru
Forum Guru
Posts: 5325
Joined: Mon Dec 04, 2017 9:19 pm

Re: More than 254 IPs needed! What options do I have?

Mon Jun 11, 2018 10:20 am

@robertEIT, as you say that there are some devices with static configuration, I would probably keep the subnet they use in operation, and attach a new /23 or /22 subnet to the same interface of the 'Tik and move the DHCP server configuration (pool, network) to it. This works fine and you can then migrate the manually configured devices one by one at convenient pace and remove the original subnet afterwards.

@IntrusDave, what kind of devices do you use that do not tolerate CIDR subnets and insist on use of exact A, B or C masks??? I may be just lucky but I've never met such a device in past 20 years.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
sid5632
Member
Member
Posts: 396
Joined: Fri Feb 17, 2017 6:05 pm

Re: More than 254 IPs needed! What options do I have?

Mon Jun 11, 2018 11:03 am

some devices won't work correctly when you mix subnet classes. Mixing Classes isn't a good idea.
This is just utter rubbish, at least for any modern device. "Classes" went out at least 2 decades ago. Anything that can't handle this (let's hear some specific examples of devices, rather than vague assertions) is broken and should be disposed of.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6660
Joined: Mon Jun 08, 2015 12:09 pm

Re: More than 254 IPs needed! What options do I have?

Mon Jun 11, 2018 2:43 pm

I fully agree with that. I routinely use /23 /22 and /21 subnets without any issues.
Furthermore, when you extend the existing subnet the existing addresses can remain the same.
 
sindy
Forum Guru
Forum Guru
Posts: 5325
Joined: Mon Dec 04, 2017 9:19 pm

Re: More than 254 IPs needed! What options do I have?

Mon Jun 11, 2018 2:48 pm

Furthermore, when you extend the existing subnet the existing addresses can remain the same.
Not immediately, as if you just extend it, the statically configured devices will have wrong mask => wrong broadcast address => no response to arp.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6660
Joined: Mon Jun 08, 2015 12:09 pm

Re: More than 254 IPs needed! What options do I have?

Mon Jun 11, 2018 3:20 pm

Arp is sent to the 255.255.255.255 broadcast address so it is not affected by the mask.
Traffic for devices in the old range will work normally, the device will send traffic for the new extended space to the router (default gateway)
instead of sending Arp, the router will reply with a "redirect" packet which the device can choose to use or ignore, and in both cases it
will just work. The only possible trouble occurs when explicit firewall rules are configured that forbid forwarding from the LAN to the LAN
in the router.
 
sindy
Forum Guru
Forum Guru
Posts: 5325
Joined: Mon Dec 04, 2017 9:19 pm

Re: More than 254 IPs needed! What options do I have?

Mon Jun 11, 2018 3:27 pm

Arp is sent to the 255.255.255.255 broadcast address so it is not affected by the mask.
Traffic for devices in the old range will work normally, the device will send traffic for the new extended space to the router (default gateway)
instead of sending Arp, the router will reply with a "redirect" packet which the device can choose to use or ignore, and in both cases it
will just work. The only possible trouble occurs when explicit firewall rules are configured that forbid forwarding from the LAN to the LAN
in the router.
Yes, you are right regarding the arp request's destination of 255.255.255.255, nevertheless I remember that plain extension of the subnet (shortening of the mask) did not work for me more than once, and the firewall rules were not the reason. The icmp redirect wasn't either as both the default gateway and the device were in the "old", i.e. smaller, subnet. I'll have to analyse it deeper the next time it happens.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1692
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: More than 254 IPs needed! What options do I have?

Mon Jun 11, 2018 4:06 pm

@robertEIT, If the lease period long and they don't need IT equipment / activity in every class, then maybe reducing the lease period might help
MTCNA, MTCTCE, MTCRE & MTCINE
 
robertEIT
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Tue Sep 08, 2015 6:16 pm

Re: More than 254 IPs needed! What options do I have?

Mon Jun 11, 2018 4:32 pm

There are only 3 devices wich have static IPs, 2 Hikvision DVRs on wich we have access and a Konica Minolta Bizhub printer on wich we also have access.

I will reduce the lease time, I believe many of the IPs are used by random smartphones that just come and go.

512 would be more than enough.
 
User avatar
Cha0s
Forum Veteran
Forum Veteran
Posts: 987
Joined: Tue Oct 11, 2005 4:53 pm

Re: More than 254 IPs needed! What options do I have?

Mon Jun 11, 2018 4:56 pm

I fully agree with that. I routinely use /23 /22 and /21 subnets without any issues.
Furthermore, when you extend the existing subnet the existing addresses can remain the same.
I agree. I've done it numerous times without a hitch.

Especially on DHCP-only networks without anything statically configured anywhere it's just a matter of a few clicks only on the router. You don't have to touch anything else.
And if you maintain a short lease expiration time (eg 10mins) then all the network clients will follow the new subnet mask within a few minutes.
And since the gateway doesn't necessarily need to change all existing clients will keep working even if they haven't got the new subnet mask from the DHCP server yet. In such a scenario the only problem (until they refresh their leases) would be that new devices on the network won't be able to talk with the old ones (again - until they refresh their leases and thus update their subnet mask) - but all will be able to go out to the internet.

Broadcasts and ARP are definitely not an issue. Nor any other issue mentioned here really (except maybe broadcast storms - which I haven't had an issue with personally).

Also I have never encountered a device made in the last 15 years that does not work with /21 or even /16.

Another option would be to create a new network/vlan and use a separate /24 on that. And devices between the two networks/vlans will communicate via the router (static routing). Depending on the situation this may be a better solution. It all depends on each situation's requirements. There isn't a fixed way to do it.
 
robertEIT
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Tue Sep 08, 2015 6:16 pm

Re: More than 254 IPs needed! What options do I have?

Mon Jun 11, 2018 5:12 pm

I fully agree with that. I routinely use /23 /22 and /21 subnets without any issues.
Furthermore, when you extend the existing subnet the existing addresses can remain the same.
I agree. I've done it numerous times without a hitch.

Especially on DHCP-only networks without anything statically configured anywhere it's just a matter of a few clicks only on the router. You don't have to touch anything else.
And if you maintain a short lease expiration time (eg 10mins) then all the network clients will follow the new subnet mask within a few minutes.
And since the gateway doesn't necessarily need to change all existing clients will keep working even if they haven't got the new subnet mask from the DHCP server yet. In such a scenario the only problem (until they refresh their leases) would be that new devices on the network won't be able to talk with the old ones (again - until they refresh their leases and thus update their subnet mask) - but all will be able to go out to the internet.

Broadcasts and ARP are definitely not an issue. Nor any other issue mentioned here really (except maybe broadcast storms - which I haven't had an issue with personally).

Also I have never encountered a device made in the last 15 years that does not work with /21 or even /16.

Another option would be to create a new network/vlan and use a separate /24 on that. And devices between the two networks/vlans will communicate via the router (static routing). Depending on the situation this may be a better solution. It all depends on each situation's requirements. There isn't a fixed way to do it.
So basically I would just need to set 192.168.1.0/23 on bridge1, a shorter lease time and restart the DHCP server? I never did this in routeros, seems simple :).
 
darioferrante
just joined
Posts: 4
Joined: Sun Jun 10, 2018 11:47 pm
Location: Palermo

Re: More than 254 IPs needed! What options do I have?

Mon Jun 11, 2018 5:12 pm

The best way is a network segmentation, for security reason assign to DVR a different subnet.
For example:

10.0.0.0/24 - DVR and other related device (NAS, File Server, Mission Critical Service, VoIP Server, Domain Controller)
192.168.0.0/23 - All other device

If the devices are VoIP Phones the right thing is give a dedicated subnet to this service, manage QoS and Traffic Control.

RB951 is too small for this network size. I thing that the best choice is RB3011.

Finally manage inter subnet traffic with firewall rules.

Inviato dal mio HUAWEI MT7-TL10 utilizzando Tapatalk

 
User avatar
Cha0s
Forum Veteran
Forum Veteran
Posts: 987
Joined: Tue Oct 11, 2005 4:53 pm

Re: More than 254 IPs needed! What options do I have?

Mon Jun 11, 2018 5:36 pm

So basically I would just need to set 192.168.1.0/23 on bridge1, a shorter lease time and restart the DHCP server? I never did this in routeros, seems simple :).
You don't even need to restart the DHCP Server. Just change the lease time on IP > DHCP Server.

Also you will need to update any references to your old subnet (192.168.1.0/24) to the new subnet (192.168.1.0/23) in any firewall rules (especially NAT).

Who is online

Users browsing this forum: Baks38RUS, papukbanot, WookieeFer and 84 guests