Jump to content
RESET Forums (homeservershow.com)
schoondoggy

Home Network IP Address Scheme Best Practice

Recommended Posts

itGeeks

Wondering whether I should just be using the DHCP server built into my router instead of Windows DHCP server? What do others here do?

 

Instead I create a reservation on Windows DHCP, mirror that IP definition in Sophos UTM, then add to a Sophos UTM https exception list. More steps than I probably need?

 

 

Sent from my iPhone using Tapatalk

Unless your doing something fancy that your router does not support then as jmwills said keep it on the router.

Still a work in progress. Home address range 192.168.1.1-255 Lab address range 192.168.2.1-255

Home:

1-20 Networking/Firewall

30-43 PC/Laptop

49-68 Home Automation

100-149 DHCP range

180-185 Printers/Scanners

190-225 Audio/Video/Media/Gaming

235-254 Servers/VM's

Thanks for the info...

Share this post


Link to post
Share on other sites
nrf

what is the intended benefit of a complicated addressing scheme? I can see fixed assignments for devices offering services, with a range for 'clients' to be dynamic... even then, my hdhomeruns work just fine with random ip assignments

Share this post


Link to post
Share on other sites
ShadowPeo

what is the intended benefit of a complicated addressing scheme? I can see fixed assignments for devices offering services, with a range for 'clients' to be dynamic... even then, my hdhomeruns work just fine with random ip assignments

 

Basically for knowing where things are, and depending on your management practices (for example routing/firewall) you may apply different rules for different ranges. For example at one location I have the server/device range to be allowed straight through the firewall, no authentication, nothing, anything outside that authenticates.

Share this post


Link to post
Share on other sites
itGeeks

what is the intended benefit of a complicated addressing scheme? I can see fixed assignments for devices offering services, with a range for 'clients' to be dynamic... even then, my hdhomeruns work just fine with random ip assignments

First thing that comes to mind is OCD :D Talking about OCD does anyone else besides me color code there cables? Kidding aside I like my network organized, I know at a glance if something is not rite and doing this allows me better management. I concur with ShadowPeo. On closing its not a complicated habit to get into.

Share this post


Link to post
Share on other sites
nrf

ocd is the one thing they can't take from us... :)

Share this post


Link to post
Share on other sites
schoondoggy

First thing that comes to mind is OCD :D Talking about OCD does anyone else besides me color code there cables? Kidding aside I like my network organized, I know at a glance if something is not rite and doing this allows me better management. I concur with ShadowPeo. On closing its not a complicated habit to get into.

At home, I think I have finally given up on the color coding rules we had defined for Ethernet cables in IT departments and labs, except Red will always be a crossover cable and Yellow will always be iSCSI traffic.  

  • Like 1

Share this post


Link to post
Share on other sites
jmwills

At home, I think I have finally given up on the color coding rules we had defined for Ethernet cables in IT departments and labs, except Red will always be a crossover cable and Yellow will always be iSCSI traffic.  

 

I was waiting for someone to admit to that. :)

Share this post


Link to post
Share on other sites
ShadowPeo

I use the same colour coding at home as I do for clients. I have not fully got all the clients cleaned up and on standards but that is due to the amount of work needed vs available support hours. Anyway two are complete, and the other two are 80-90% done
 
My structure is as such - I also post this (or where there is no router, a copy of the page without the router section)
 

ROUTER LINKS - WORK - This is a managed service we cannot change anything
COLOUR - LINK
BLACK - PUBLIC
ORANGE - DMZ
PURPLE - SECURE
YELLOW - MEDIA CONVERTER/DMZ
 
ROUTER LINKS - HOME
COLOUR - LINK
RED - LINK FROM NTU
ORANGE - VLAN LINK TO SWITCH
 
FIBRE PATCHES - Yes I have fibre at home as well
COLOUR - DEVICE
YELLOW - OS1/OS2
AQUA - OM3
 
SWITCH PATCHES
COLOUR - DEVICE
BLACK - VIDEO DISPLAYS
BLUE - COMPUTERS & DATA
GREEN - WIRELESS ACCESS POINTS
GREY - SERVERS
ORANGE - VOICE CARRIER TIE
PINK - SECURE
PURPLE - PRINTERS
RED - NETWORK DEVICES
WHITE - SECURITY CAMERAS
YELLOW - VOICE PABX TIE
 
IMG_5474.JPG

Share this post


Link to post
Share on other sites
snapper

I use random addresses, in the private range but not 192.168.*.*

Static devices will use static IP (again random) and dynamic will use DHCP from Sophos UTM. The static addresses are defined as hosts on Sophos as well, so they appear in the reports correctly.

 

This is an interesting read: http://routersecurity.org/ipaddresses.php

 

Share this post


Link to post
Share on other sites
nrf

that article seems a bit shaky, with the exception of the use of permanent site-to-site vpns. one can easily find their own ip and default gateway then there is no mystery.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...