Since this topic comes up alot in network I figured I'd post this for anyone else to find and people can correct me if this plan isn't 100% correct.
I'm working to RE-IP our completely flat network to get segmentation for our internal corporate traffic, mgmt traffic, and customer traffic from a single flat no VLAN network to 3 VLANs.
Currently our network stack is a clustered firewall that serves DHCP on a /24 block to the whole network. Devices on the network are switches, storage mgmt ports, compute mgmt, and ESXi with Windows 2012-2019 VM servers.
I'm going to move the current flat /24 space 192.168.3.x/24 to 192.168.0.x/22. To make the transition as painless as possible I'm going to have all VMs keep there static IPs and keep the gateway the same 192.168.3.1. The only thing I'm going to update is the subnet on the machines. Note by keeping the gateway the same since I'm going to keep DHCP going I have to split the DHCP range space around 192.168.3.1 so my valid range is 192.168.0.1-192.168.2.255 and 192.168.3.2 to 192.168.3.254.
To change all the IPs on the windows machines I'm going to use powercli "Set-vmguestnetworkinterface -netmask “255.255.252.0” -GuestCredential (Get-Credential)" with an array to do this to all the windows machines in the network. This will push out to all the VMs an update to there windows IP space through ESXi. Note this script isn't complete this is just for 1 machine but you can google how to do it to the rest.
Once I get all the devices into the correct IP space then I'll push out the VLAN changes across the network and firewall.
by changing all the VMs first I'll still be able to reach all the devices from Vcenter or Vsphere as those will be the last devices to get changed over and I'll still be able to get to my firewall via VPN in my case or by just connecting right into the firewall on a separate port/IP space.
Hope this helps anyone looking to get out of the /24 trap that alot of people get into thinking you'll never run out of those IPs.
No comments:
Post a Comment