I was running out of IP addreses (254), so I went to my ISP (Sprint) to tell them that I wanted to change the addressing scheme from the 10.163.0.0 with class C mask to a 10.0.0.0 with a different mask that would allow at least 1024 addresses per subnet.
They told me "then" that they had "already" configured each of our routers (1 each at 15 different sites) for 2 class C subnets when they installed it. (The 1st I'd heard of this.) Example: 10.161.1.x and 10.161.21.x at one site, 10.161.2.x and 10.161.22.x and so on, so that I really have 508 addresses available at each site.
I'm not sure this is a good remedy, so need advice.
Would it be better to have 1 subnet on the router with ample addresses, like a couple of thousand or the 2 that they suggest?
This is for a school system.
Thanks in advance for any suggestions.
You mentioned that your ISP has configured your network routers with IP addresses falling in the 10.x.x.x range, so your surely talking about your network's internal LAN as this range is excluded from the Internet's routers.
Networks such as 10.x.x.x, 172.16.x.x and 192.168.x.x. are only for private use and non-routable to the Internet.
From your description, I have understood that your network is quite big, 15 sites, each one with two networks using a 24 bit subnet mask (255.255.255.0), connected to your head office, which is running out of IP addresses.
If this is correct, then here's what I suggest:
Any network, should be restricted to a certain amount of hosts. It is surely not a good idea placing 500 hosts, whether they are workstations or other network aware devices, on one physical or logical network if your not using some type of smart LAN technology - for example, VLANs.
The reason you shouldn't place so many hosts are quite a few. The most important though are 1) Broadcasts and 2)Security.
Having too many windows (especially) workstations on one network is a nightmare. Essentially what will happen is they will be flooding your network with broadcasts, chewing up your bandwidth!
The second reason is quite obvious and doesn’t need any clarification
Before you start breaking networks and assigning new IP addresses, I'd recommend you to take a look at your network infrastructure and see if there is any possibility of creating VLANs. Unfortunately I am in the process of analysing the topic at the moment and won't have it complete anytime soon, so I can't refer you to any internal page, but there is heaps of information on them on the Internet should you wish to learn more about them.
In the case VLANs are not a solution, then you need to break the network. The best, and safest way to do this is to physically break the networks between each other.
To help you get a visual on what I'm talking about, I've included the diagram below, which is from the VLAN topic I'm writing:
As you can see, there needs to be some type of router that will route packets from one network to another. This can be in form of a physical router .e.g Cisco router or a PC with routing enabled.
If you need more information, just give us some type of diagram with the networks involved so the answer can be specific to your network.
Thank you for your comments. What you have just seen is what I like to call "The next generation of diagrams" we will be using for all Firewall.cx material ! It has actually come to a point where the time taken to research and write up new articles, is equal to the time required to create these new diagrams!!
There are plenty more to come, but I'm saving them for the VLAN topic I am writing, so you'll have to wait for the next batch of 'eye candy'.
As far as what I use to create them .... well.... if you don't mind, I'd like to keep the ingredients 'secret', but I can tell you that I use a total of 3 programs for nearly every diagram created!