Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«391 »
  • Post
  • Reply
MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Lonoxmont posted:

Thanks guys, looks like I got lucky, and all that happened was the sonicwall has to do the routing for the new range until I get all the /24 changed to /22 on the clients on my end. So everything stayed up and running, but until everything has the new hostmask it is still a bottleneck through the sonicwall (I presume). At some point I will probably get around to moving the default gateway etc where the sonicwall lives to somewhere closer to the beginning of the address space, where networking stuff should go. Not looking forward to running through all the clients again for that.

If your clients are all windows based, you could use powershell to do it!

Adbot
ADBOT LOVES YOU

Lonoxmont
Aug 28, 2018
I'm too stupid to put something witty here. Sorry.

MF_James posted:

If your clients are all windows based, you could use powershell to do it!

Oh? I was vaguely toying with trying to finagle something through Group Policy to do that, but if there is an easier way I am

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Lonoxmont posted:

Oh? I was vaguely toying with trying to finagle something through Group Policy to do that, but if there is an easier way I am

This guy has some powershell that can do it locally, you just need to invoke via remote powershell and possibly step through an array of computer names, make a few other changes, and possibly have it step through each netadapter found in the event you have wireless, wired and other possibilities.

The thing I'm not sure about, and possibly someone else can comment on, is if you will run into a problem running the script part-way through due to the changes being made.

CrazyLittle
Sep 11, 2001







Clapping Larry

Lonoxmont posted:

Thanks guys, looks like I got lucky, and all that happened was the sonicwall has to do the routing for the new range until I get all the /24 changed to /22 on the clients on my end. So everything stayed up and running, but until everything has the new hostmask it is still a bottleneck through the sonicwall (I presume). At some point I will probably get around to moving the default gateway etc where the sonicwall lives to somewhere closer to the beginning of the address space, where networking stuff should go. Not looking forward to running through all the clients again for that.

set your router to 10.1.0.0 /15

Lonoxmont
Aug 28, 2018
I'm too stupid to put something witty here. Sorry.

CrazyLittle posted:

set your router to 10.1.0.0 /15

That sounds like a bad idea from a performance standpoint, from what I have been told.

CrazyLittle
Sep 11, 2001







Clapping Larry

Lonoxmont posted:

That sounds like a bad idea from a performance standpoint, from what I have been told.

Nothing magical about that subnet aside from being able to set an IP that some stupid devices won't recognize as a valid address... which it is.

Thanks Ants
May 21, 2004

Bless You Ants, Blants



Fun Shoe

Confuse the gently caress out of everybody who comes to work on that network and enable proxy ARP

Adbot
ADBOT LOVES YOU

Chuck Finley
Oct 27, 2010



Partycat posted:

This is why I love reserved or static DHCP , because I dot have to chase statically configured garbage around that ends up being some embedded poo poo I have no password to.

It's also just nice to have all that information in a database (that's not an excel spreadsheet or some impromptu IP database you threw together), so you can leverage it later for stuff.

ElCondemn posted:

Having very large subnets means you also have a larger broadcast domain, so be wary of that as it can cause problems as you add more hosts (like larger impact during broadcast storms etc.)

I mean, yeah, a bigger subnet means the possibility for more hosts, but you should be taking precautions on the layer 2 access side of things to prevent this anyway (storm control, port security?).

MF_James posted:

This guy has some powershell that can do it locally, you just need to invoke via remote powershell and possibly step through an array of computer names, make a few other changes, and possibly have it step through each netadapter found in the event you have wireless, wired and other possibilities.

The thing I'm not sure about, and possibly someone else can comment on, is if you will run into a problem running the script part-way through due to the changes being made.

Couldn't you just readdress everything major that needs to be statically assigned and then pull the client PC MACs from the ARP table on the SonicWall, put some reservations on via DHCP, presto blamo. Unless I'm missing something here, that seems the most straightforward way unless you really want things to stay statically assigned without the use of DHCP. We recently migrated from a very old server running an also old version of pfSense to a Netgate appliance, resubnetted our entire company LAN (broke up our dwindling /24 full of statics into 5 /22's by dept), and that's essentially how we did it. Pulled the MACs, binded via DHCP, and then slowly told everyone to switch to DHCP (mind you we kept two active firewalls live for the transition).

Chuck Finley fucked around with this message at Sep 22, 2018 around 13:34

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
«391 »