Use a More Sophisticated IP Address Scheme on Your Network

Posted At : August 14, 2019 10:56 PM | Posted By : Josh Adams
Related Categories: Router

Let's assume that your router's IP address is set as 192.168.0.1. Yours might be different and that's fine, I just need to assume something here for this post.

Generally, at least in home networking situations, routers are configured to have 255.255.255.0 for their subnet mask. So then, based on the previous assumption of 192.168.0.1 for your router's IP address, your router's local network is everything 192.168.0.x.

But in most routers, you're not constrained to that subnet mask of 255.255.255.0, you can use any valid subnet mask. I'll leave it to you to read up on subnet masks if need be, but I'll note that if you just change this to 255.255.254.0, now instead of your local network being just 192.168.0.x, you also have 192.168.1.x. What's cool about this is that now you can use 192.168.0.x and 192.168.1.x for different things and be easily able to tell at a glance what is what.

So what's a way you could utilize 192.168.0.x and 192.168.1.x separately? Well, for known devices on my network, I like to create DHCP reservations (as I detail in my post Use DHCP Reservations Instead of Static IP Addresses, you should use DHCP reservations, not static IP addresses). So then I could create DHCP reservations for all known devices with IP addresses in 192.168.0.x. And then I could set my DHCP server to utilize addresses starting at 192.168.1.1 and ending at 192.168.1.254. And at that point, I can tell at a glance if something is a known device (has a 192.168.0.x IP address) or an unknown device (192.168.1.x).

And if you like this idea, you can take it to the next level by using 255.255.252.0 as the subnet mask and now, using my previous 192.168.0.1 router IP address as the assumption, your local network is 192.168.0.x, 192.168.1.x, 192.168.2.x, and 192.168.3.x. And now you have 2 additional values available to use in the third octet. So now you could do something like this:

192.168.0.x: use for DHCP reservations for your known devices (that don't fall into one of the following 2 categories).
192.168.1.x: use for DHCP reservations for your known devices that need special access through the firewall. For WiFi calling, my experience is that you need an outbound rule for UDP ports 500 and 4500 (yes, you could turn on IPSec passthrough, but it's better to be more prescriptive about exactly what destination devices need that access).
192.168.2.x: use for DHCP reservations for your known devices that should not have Internet access (for example, let's say you have a printer on your network that you want to be able to print to so you want to access it locally, but you don't want it exposed to the Internet). Then you create firewall rules to block Internet access to and from all of 192.168.2.x.
192.168.3.x: make these the addresses your DHCP server utilizes.

And if you need to be able to use even more than 4 values in the third octet, just change your subnet mask and you can get 8, 16, 32, 64, 128, or even 256 of them.

And then hopefully your guest network can operate on an entirely separate set of IP addresses, maybe even use its own subnet mask so you can do this kind of thing for your guest network too and see at a glance what devices are known and unknown in your guest network (and yes, it can make sense to have known devices in your guest network; see my post Two Security Approaches You Should Be Taking on Your Network for more information on this subject).

Comments (20) |

PDF |

Send |

del.icio.us |

Digg It! |

Linking Blogs | 5129 Views

Comments

[Add Comment]

Have you been able to do this with your Synology Router?

The SRM GUI won't allow the DHCP range to be on a different subnet to the gateway.

# Posted By Sony Nair | 8/28/19 10:13 AM

Hey, Sony. Thanks for visiting my blog. Good to talk to you here outside of the Synology Community router forum.

If you use 255.255.252.0 as your subnet mask, then if for example you're using 192.168.0.1 for your router's address, your local network subnet spans from 192.168.0.1 (well, I guess technically 192.168.0.0) to 192.168.3.255. If you use 255.255.248.0 as your subnet mask then your subnet would end at 192.168.7.255. And on and on it goes as you modify the subnet mask to include more and more addresses in the subnet.

So I'm not talking about using a DHCP range that's outside of the subnet of your network, I'm talking about expanding the subnet of your network from the typical one value for the 3rd octet you get with 255.255.255.0 so that you can use multiple values in that 3rd octet position.

On the Synology Router, you provide start and end IP addresses for the DHCP server to utilize and those can be anywhere within the subnet. What I'm suggesting is, again with the router IP address of 192.168.0.1 as the example, that you use 255.255.252.0 as the subnet mask and 192.168.3.1 as the start IP address and 192.168.3.255 as the end IP address for the DHCP Server. The SRM GUI accepts it just fine and, more importantly, it works just fine because the 255.255.252.0 subnet mask means that those 192.168.3.x addresses are part of the same subnet as the router on 192.168.0.1.

# Posted By Josh Adams | 8/28/19 2:40 PM

Hi John, a very useful and informative blog site you have.

Thanks for clarifying - I tried again using the mask of 255.255.252.0 and the SRM GUI did accept it now. I must have made a typo previously when I got the error.

All of my known devices are already set to use DHCP reservations, so I just moved my DHCP range to the next range.

Thanks for tip - really useful.

# Posted By Sony Nair | 8/29/19 7:09 PM

Awesome! I'm glad you were able to get it to work, Sony. Yeah, I agree that it's really useful to be able to group your network clients together. I'm looking forward to when Synology implements VLAN capabilities so we can get even more sophisticated at that point!

# Posted By Josh Adams | 8/30/19 4:43 PM

I was thinking of grouping my IoT devices so I could restrict their access to other devices. I don't think Safe Access is suitable for this, and from what I've read the firewall only manages WAN to LAN traffic. I could be wrong - need to to do some reading up on that.

I'm hoping that Synology do implement vLAN capabilities. I'll be attending the London event on the 19th (I've been going to these for a few years now). Quite disappointed that at last event DSM7 was discussed but the beta is still not yet out.

I'm expecting new hardware announcements too. Possibly new router/mesh with Wifi 6 capability?

# Posted By Sony Nair | 8/30/19 7:21 PM

<ahref=’’https://420liveclub.com/’’>strongest k2 spray</a>
<ahref=’’https://420liveclub.com/’’>dmt cart for sale</a>
<ahref=’’https://420liveclub.com/’’>k2 paper sheets</a>
<ahref=’’https://420liveclub.com/’’>strongest k2 spray for sale</a>
<ahref=’’https://420liveclub.com/’’>4 aco dmt microdose</a>
<ahref=’’https://420liveclub.com/’’>best place to buy mushrooms</a>
<ahref=’’https://420liveclub.com/’’>best place to buy k2 paper</a>
<ahref=’’https://420liveclub.com/’’>spice spray for paper</a>

# Posted By esther | 9/1/22 5:02 AM

# Posted By rso oil for sale | 9/11/22 7:45 AM

Thanks for the tips!!

# Posted By Painters Parramatta | 12/15/22 2:41 AM

# Posted By Swati hedge | 1/24/23 5:30 AM

These binary bits can be further divided into network portion and host portion with the help of a subnet mask.

# Posted By Landscaping North Shore | 2/15/23 2:40 AM

This..

# Posted By painters north sydney | 2/16/23 4:04 AM

# Posted By dsad | 3/31/23 6:13 AM

Flattrade.in is India's first zero brokerage platform, Enjoy unlimited orders in Equity delivery, Intraday, Futures and Options, Commodities, and Currency with no brokerage. Up to 5x leverage on Intraday Trading and 2.5X leverage through Margin Trading Funding. No AMC, No Demat account charges. No charge on Algo trading - Free API. http://flattrade.in/

# Posted By Flattrade | 4/24/23 12:15 AM

# Posted By Tungsten Carbide Inserts | 4/26/23 3:50 AM

https://www.socialintech.com/
Social technology also poses potential threats to human rights. These concerns are based on the notion that humans are a product of their environment.
https://gamesspecial.com/
In this contemporary world, it has become liable to access each and everything with modern technologies; therefore, gaming peripherals are the best gaming devices which comfort the gamers who love to play the ideal games with easy and accessible device to play their skills.
https://businessapnews.com/
If you think about it you can see that the news media has been evolving for some time. Business news was once only available in a newspaper that changed when television arrived on the scene.
https://techroboting.com/
It is very important to keep yourself updated as far as the technology is concerned. You should try to get your hands of the latest technology and gadgets as soon as they hit the market.
https://outreachgalaxy.com/
Outreach Galaxy is a platform that merchandise guest posts only with no limitation to minimum guest posts or any SEO metrics. Further, there’s no evaluation for home page features or any other requirements
https://www.caremetutor.com/
Careme Tutor” is a web based platform founded in 2018 that connects an increasing number of teachers with students for private, home sessions in the Pakistan.
https://econixdigital.com/
Econix digital is a full-service Digital Marketing Agency that specializes in web design, eCommerce (Shopify), social media marketing, SEO, conversion rate optimization, PPC/SEM, Sales Funnels, and UI/UX services. Our team of professionals provides a customized approach to our client's needs by blending the latest digital marketing strategies.

# Posted By Carl Jhonson | 5/3/23 10:03 AM

Download MetaMask is particularly helpful for meeting the needs of cryptocurrency traders because it enables users to purchase, send, and swap cryptocurrencies and tokens.
https://sites.google.com/metamskio.com/metamaskdow...
-------
You may already be aware of the importance of generating safe Coinbase wallet login credentials if you chose a Coinbase Extension for the same purpose.
https://sites.google.com/coinslogs.com/coinbaseext...

# Posted By Sankiturner01 | 5/16/23 4:17 AM

If you are looking for a secure and reliable exchange then look no further than <a href="https://sites.google.com/cryptocomlgin.com/cryptoc... login issues</a>. Create your crypto.com login profile and then you can easily get your crypto assets insured. Although the platform faced a breach in 2022, it managed to maintain its reputation even after that.
Enjoy the extensive crypto services with <a href="https://sites.google.com/metamskio.com/metamasklog... log in</a> that makes you feel more than just like a wallet. You can now safeguard your crypto funds conveniently and in no time. It is a home for your crypto funds providing your digital wealth with a secure environment. Read More:-<a href="https://sites.google.com/cryptoexchangeu.com/gemin... Exchange</a>$<a href="https://sites.google.com/cryptosswap.com/curvefina... Finance</a>$<a href="https://sites.google.com/coinbaslogs.com/coinbasee... Extension</a>

# Posted By Jack John | 5/19/23 5:55 AM

In order to understand what the Beacon Chain can do for the network, it’s important to understand the problems that the network currently faces. Right now, Ethereum’s consensus layer is what’s known as a Proof-of-Work consensus layer, same as Bitcoin’s. This involved different nodes run by computers solving complex math problems in order to come to consensus and be able to produce the next block on the blockchain. While the system itself works fine, with a lot of users conducting transactions it becomes quite unwieldy.
https://sites.google.com/cryptlogs.com/beaconchain...

# Posted By Steven Neesham | 5/26/23 5:33 AM

Enjoy Mumbai escorts company. Explore the hot escort girls in Mumbai for ultimate enjoyment. Juhu Bandra is such a beautiful place, and it never fails to be. Sanjana, a woman who's pure fire, is so worth an escort agency in Mumbai.
Visit: https://royal-escorts.org/

Monica is very familiar with Mumbai, knowing all the places to visit, including restaurants and bars. How can I begin to explain? Oh, my god, how can I begin to explain the pure pleasure I experienced here at the Mumbai Top Escorts agency? Visit: https://royal-escorts.org/

Despite a law forbidding entry to unaccompanied females under the age of 28, "agents arrange for call girls to enter the country on a 30-day tourist visa. All escorts in Mumbai have an escort. This website only allows adult individuals to advertise their time and companionship to other adult individuals.Visit: https://royal-escorts.org/
Mumbai Model Hot , Mumbai Hot Model , Hi Class Escorts , Mumbai Vip Escorts , Escort High , Model Escorts Mumbai , High Class Agency , High Class Call Girls in Mumbai ,

Reff:
https://royal-girls-mumbai.quora.com/
https://fliphtml5.com/homepage/nfqqz
https://giphy.com/channel/mumbai-escorts-girls-age...
Other Links:
https://ask.godotengine.org/user/ankita4bengali
https://storify.co.uk/user/ankita4bengali/
https://malt-orden.info/userinfo.php?uid=350527
https://artmight.com/user/profile/274987
https://www.behance.net/kolkatabengalan
https://all4.vip/p/page/view-persons-profile?id=44...

# Posted By Mumbai high Classs Escorts | 5/26/23 6:33 AM

[Add Comment]

Sun	Mon	Tue	Wed	Thu	Fri	Sat
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31