Changing subnet mask?

siringo

@jaredbusch said in Changing subnet mask?:

Anything in the larger subnet can talk to the smaller subnet.
The smaller subnet cannot talk to the larger subnet beyond its boundary.

Thanks @JaredBusch that ^^^ was all the info I was after. I really appreciate everyones help.

siringo

@dashrender said in Changing subnet mask?:

Then comes the question - does he have the gear needed to do that?

the answer is no, the answer to whether I have the desire or need is also no.

Thanks everyone for the help it is greatly appreciated.

IRJ

@siringo said in Changing subnet mask?:

@dashrender said in Changing subnet mask?:

Then comes the question - does he have the gear needed to do that?

the answer is no, the answer to whether I have the desire or need is also no.

That's a very sad answer IMO

travisdh1

@jaredbusch said in Changing subnet mask?:

@travisdh1 said in Changing subnet mask?:

You're conflating VLANs with security.

You need to realize who you are talking to.

@IRJ is probably the most skilled security person on the community.

I know this, and statements like he made give me headaches after having to explain to other people that VLAN does nothing for security if you don't have firewall/access rules as well.

The types of places @IRJ has worked at, I agree that it would be insane to have a flat network.

Dashrender

@travisdh1 said in Changing subnet mask?:

@jaredbusch said in Changing subnet mask?:

@travisdh1 said in Changing subnet mask?:

You're conflating VLANs with security.

You need to realize who you are talking to.

@IRJ is probably the most skilled security person on the community.

I know this, and statements like he made give me headaches after having to explain to other people that VLAN does nothing for security if you don't have firewall/access rules as well.

The types of places @IRJ has worked at, I agree that it would be insane to have a flat network.

This is my thoughts - most small businesses don't need/want more complexity than a flat network.

stacksofplates

@dashrender said in Changing subnet mask?:

@travisdh1 said in Changing subnet mask?:

@jaredbusch said in Changing subnet mask?:

@travisdh1 said in Changing subnet mask?:

You're conflating VLANs with security.

You need to realize who you are talking to.

@IRJ is probably the most skilled security person on the community.

I know this, and statements like he made give me headaches after having to explain to other people that VLAN does nothing for security if you don't have firewall/access rules as well.

The types of places @IRJ has worked at, I agree that it would be insane to have a flat network.

This is my thoughts - most small businesses don't need/want more complexity than a flat network.

Most small businesses don't want to deal with ransomware. What they want is immaterial. They should be doing what they need.

travisdh1

@stacksofplates said in Changing subnet mask?:

@dashrender said in Changing subnet mask?:

@travisdh1 said in Changing subnet mask?:

@jaredbusch said in Changing subnet mask?:

@travisdh1 said in Changing subnet mask?:

You're conflating VLANs with security.

You need to realize who you are talking to.

@IRJ is probably the most skilled security person on the community.

I know this, and statements like he made give me headaches after having to explain to other people that VLAN does nothing for security if you don't have firewall/access rules as well.

The types of places @IRJ has worked at, I agree that it would be insane to have a flat network.

This is my thoughts - most small businesses don't need/want more complexity than a flat network.

Most small businesses don't want to deal with ransomware. What they want is immaterial. They should be doing what they need.

Yep, and most small businesses shouldn't be running their own server in the first place, and most of our clients are actually moving to all hosted services. So no need to segment the network.

CloudKnight

@travisdh1 I wouldn't host with Microsoft's Azure due to their costs, well accept for 365 for small businesses.
But there are many other server hosting places that are reliable including amazon, digital ocean and vultr for VM's and OVH, Hestner for dedicated. hell you can even colo in the uk for about £50-60 per 1u. I've seen a 5u rack for about £100 the other day.

JaredBusch

@stuartjordan said in Changing subnet mask?:

@travisdh1 I wouldn't host with Microsoft's Azure due to their costs, well accept for 365 for small businesses.
But there are many other server hosting places that are reliable including amazon, digital ocean and vultr for VM's and OVH, Hestner for dedicated. hell you can even colo in the uk for about £50-60 per 1u. I've seen a 5u rack for about £100 the other day.

Azure should not be serving workloads that go in a VM on Vultr. Azure is a cloud not a VPS. Host the workload correctly and the cost is actually not that different than others.

CloudKnight

@jaredbusch I know it's cloud, but you still really creating VM's or containers in most cases just that you can upscale and downscale easier due to how you can change the resources and how the cloud is managed. I just see it as an expensive solution for most workloads.

travisdh1

@stuartjordan said in Changing subnet mask?:

@travisdh1 I wouldn't host with Microsoft's Azure due to their costs, well accept for 365 for small businesses.
But there are many other server hosting places that are reliable including amazon, digital ocean and vultr for VM's and OVH, Hestner for dedicated. hell you can even colo in the uk for about £50-60 per 1u. I've seen a 5u rack for about £100 the other day.

I wouldn't either. They all use Office 365 and get everything they need via services offered with Office 365 already. No need to pay more for a VM to do anything.

Now, if it was me doing the selling/planning I'd be using Zoho Office rather than Office 365, but I have no say in that stuff.

CloudKnight

@travisdh1 said in Changing subnet mask?:

@stuartjordan said in Changing subnet mask?:

@travisdh1 I wouldn't host with Microsoft's Azure due to their costs, well accept for 365 for small businesses.
But there are many other server hosting places that are reliable including amazon, digital ocean and vultr for VM's and OVH, Hestner for dedicated. hell you can even colo in the uk for about £50-60 per 1u. I've seen a 5u rack for about £100 the other day.

I wouldn't either. They all use Office 365 and get everything they need via services offered with Office 365 already. No need to pay more for a VM to do anything.

Now, if it was me doing the selling/planning I'd be using Zoho Office rather than Office 365, but I have no say in that stuff.

I've heard good things about people using Zoho, I did give there free account a try a few years ago. They seem to incorporate a lot into their product, it's not just email is it.

scottalanmiller

@stuartjordan said in Changing subnet mask?:

@travisdh1 said in Changing subnet mask?:

@stuartjordan said in Changing subnet mask?:

@travisdh1 I wouldn't host with Microsoft's Azure due to their costs, well accept for 365 for small businesses.
But there are many other server hosting places that are reliable including amazon, digital ocean and vultr for VM's and OVH, Hestner for dedicated. hell you can even colo in the uk for about £50-60 per 1u. I've seen a 5u rack for about £100 the other day.

I wouldn't either. They all use Office 365 and get everything they need via services offered with Office 365 already. No need to pay more for a VM to do anything.

Now, if it was me doing the selling/planning I'd be using Zoho Office rather than Office 365, but I have no say in that stuff.

I've heard good things about people using Zoho, I did give there free account a try a few years ago. They seem to incorporate a lot into their product, it's not just email is it.

No, SO much more than just email.

stacksofplates

@stacksofplates said in Changing subnet mask?:

@dashrender said in Changing subnet mask?:

@travisdh1 said in Changing subnet mask?:

@jaredbusch said in Changing subnet mask?:

@travisdh1 said in Changing subnet mask?:

You're conflating VLANs with security.

You need to realize who you are talking to.

@IRJ is probably the most skilled security person on the community.

I know this, and statements like he made give me headaches after having to explain to other people that VLAN does nothing for security if you don't have firewall/access rules as well.

The types of places @IRJ has worked at, I agree that it would be insane to have a flat network.

This is my thoughts - most small businesses don't need/want more complexity than a flat network.

Most small businesses don't want to deal with ransomware. What they want is immaterial. They should be doing what they need.

Not really sure what the argument is here? No one is disagreeing with what you said.

But the businesses that decide they need their infrastructure on prem, should 100% be separating networks. It takes little time/effort to set up properly.

dave247

@hobbit666 said in Changing subnet mask?:

@siringo said in Changing subnet mask?:

If I get the Cisco gear changed, prior to me changing the servers, PCs, printers etc to /24 will everything remain working??

For example, If I get the Cisco gear changed to /24 on weekend 1, will everything still communicate & work fine until I can change the other gear on weekend 2??

I know the subnets are different, but with all devices having 10.0.0.x addresses I'm thinking they still may be seen by the /24 devices????

Does that make sense?

From what i remember
no they won't talk to each other once they are on a /24
e.g. 10.0.1.X/24 wont talk to 10.0.2.X/24

Have you checked the devices are using different IPs? 10.X.X.X? if your lucky they might all be on 10.0.X.X/24

They would talk to each other if you use a router. If it were me, I would just create the new network(s), VLAN(s) and router/firewall rules, then gradually move things over until everything was off the /8. That's what I did at my present company where we once had everything on a single /23

scottalanmiller

@siringo said in Changing subnet mask?:

Inherited an old SBS network which has been upgraded, but is still using the 10.0.0.0 /8 setup.
I was thinking of changing the subnet to /24.

while the old addressing is insane, what's the reason to change? Unless there is a benefit, why? Just reducing the address pool isn't going to buy you anything.

scottalanmiller

@siringo said in Changing subnet mask?:

I know the subnets are different, but with all devices having 10.0.0.x addresses I'm thinking they still may be seen by the /24 devices????

Yes, if everything falls within the scope of a /24, then all of the devices that are in a larger pool will keep working. But they ALL have to be already in the smaller pool and ONLY the subnet mask gets changed.

But again... why?

scottalanmiller

@irj said in Changing subnet mask?:

@siringo said in Changing subnet mask?:

Sorry if this is a dumb question but ...

Inherited an old SBS network which has been upgraded, but is still using the 10.0.0.0 /8 setup.

I was thinking of changing the subnet to /24.

Currently all devices still have 10.0.0.x addresses.

Some of the their network gear is managed and I need to arrange with them to change settings within their Cisco gear to /24.

If I get the Cisco gear changed, prior to me changing the servers, PCs, printers etc to /24 will everything remain working??

For example, If I get the Cisco gear changed to /24 on weekend 1, will everything still communicate & work fine until I can change the other gear on weekend 2??

I know the subnets are different, but with all devices having 10.0.0.x addresses I'm thinking they still may be seen by the /24 devices????

Does that make sense?

Create /24 VLANs. Separate severs, printers, workstations with different VLANs. Then you can block workstations from even seeing server VLAN.

Which is fine, but can be done without changing the current subnet. Im' only arguing against unnecessary effort for zero gain.

scottalanmiller

@hobbit666 said in Changing subnet mask?:

@siringo said in Changing subnet mask?:

If I get the Cisco gear changed, prior to me changing the servers, PCs, printers etc to /24 will everything remain working??

For example, If I get the Cisco gear changed to /24 on weekend 1, will everything still communicate & work fine until I can change the other gear on weekend 2??

I know the subnets are different, but with all devices having 10.0.0.x addresses I'm thinking they still may be seen by the /24 devices????

Does that make sense?

From what i remember
no they won't talk to each other once they are on a /24
e.g. 10.0.1.X/24 wont talk to 10.0.2.X/24

Have you checked the devices are using different IPs? 10.X.X.X? if your lucky they might all be on 10.0.X.X/24

He didn't ask about 10.0.x.x, only 10.0.0.x, which would be the same /24.

Dashrender

@scottalanmiller said in Changing subnet mask?:

@siringo said in Changing subnet mask?:

I know the subnets are different, but with all devices having 10.0.0.x addresses I'm thinking they still may be seen by the /24 devices????

Yes, if everything falls within the scope of a /24, then all of the devices that are in a larger pool will keep working. But they ALL have to be already in the smaller pool and ONLY the subnet mask gets changed.

But again... why?

Forgetting about the - but why part...

The OP could make sure all devices are in the /24 before touching anything by changing DHCP to only hand out addresses in /24 range, then move by hand any staticly assigned devices into that range.