Internal IP Subnets

Extending your internal (172.) subnet

If you are running out of internal IP addresses there are really two options.

Option 1: Move to a completely new but larger subnet
Advantage

  • No additional school infrastructure (routers or switches) are required
  • Access via your new larger subnet can be set up for you on a second port on your Zhone box or router ready for you to plug into when you are ready.  (It can be done using your existing port but then we will need to coordinate exactly the timing of the change with you and Updata.)

Disadvantages

  • All static IP addresses will have to be changed which could be an issue for some systems such as CCTV and copiers/printers
  • Externally advertised addresses will have to to be remapped by Updata on their firewall … but they will take care of that as part of the service … they will ask you to allocate new internal IP addresses where needed.
  • All HICS internal facing DNS settings will have to be edited by Updata …  but they will take care of that as part of the service
  • DNS and DHCP will have to be updated on your school servers
  • Your VPN accounts will need to be reconfigured … but Updata will take care of that.

Option 2: Maintain your existing internal subnet and obtain an additional non-contiguous range
Advantages

  • There is no need to make changes within your school in respect of devices already configured with IP addresses
  • No firewall changes are required by Updata for addresses already externally advertised

Disadvantages

  • You will need a layer 3 switch to manage the separation of the two non-contiguous IP ranges whilst still allowing DHCP to operate on both
  • You will need to configure either a layer 2 or a layer 3 Virtual LAN (VLAN) on your school switches.
  • Copper connected schools will currently have a Zhone box rather than a Cisco router. The Zhone is not a Layer 3 device and so these schools will also need to purchase (via the Service Desk) a Cisco router for this purpose from Updata, which they will manage and install between the Zhone and the school LAN.
  • Your VPN accounts will need to be updated with the new range assuming that your VPN users require access to the new addresses.  Updata will take care of this as part of the service.

Option 1 is relatively simple but you will need to give time and thought to allocating new IPs to devices and applications that require manually assigned values and to reconfiguring services on your DHCP and DNS servers.  If you are using the existing port on your Zhone box or router you will also need to coordinate the timing of your changes with the changes that Updata will make on the core network.  If you are using a second port on your Zhone box or router please inform the Service Desk when you have finished so that they can arrange the decommissioning of the original port.

Option 2 Updata will provide an additional /30 subnet to link their router and your layer 3 switch.  They will tell you which address has been applied to the router and which address you should apply to your switch.  The Cisco router will advertise the existing and any additional IP range(s) to the school’s switch.  The current gateway will need to be configured on the school’s layer 3 device to service the current LAN configuration.  New layer 2 or layer 3 VLAN’s can then be created from the additional IP range(s) using the school’s switch to route traffic appropriately.

So in summary … Option 1 requires less technical networking expertise, just a fair bit of graft and coordinated activity whereas Option 2 is more elegant and requires less walking about but does demand greater expertise.

Whichever way you wish to do this it’s probably best to start by contacting me.  (kevin.crawley@hertfordshire.gov.uk)   If you are supported by a third party support company I am very happy for them to contact me on your behalf … although I will, of course,  require school authorisation before making any changes.

Leave a Reply