How to increase usable IP for DHCP LAN?
-
hi,
I wonder if it's possible to increase the LAN usable IP of pfsense? To my understanding, during the installation configuration, we are using /24, that would give us a usable dhcp LAN of 255. Is it possible to make is as /22 to get 1022 usable DHCP LAN IP?
I haven't yet tried, I'm afraid I might mess up my current settings. Any advice is highly appreiated.
Thanks!
Nubee
-
When specifying the LAN IP address you also have to specify the netmask too. Just type in what you want.
-
When specifying the LAN IP address you also have to specify the netmask too. Just type in what you want.
Ok, thanks alot for that assurance that "it can" happen. I have already my box running and have set up pretty much with it, is there a way to edit the subnet so that I could specify is as /22 instead of /24. If there is, can you please share with me the steps in how?
Thanks alot!
-
Edit your LAN settings (Interfaces > LAN) and change the mask there.
Depending on your current IP, it could end up making it larger in a direction you don't expect - for example if you use 192.168.1.1/24 and expand to 192.168.1.1/22 it actually goes from 192.168.0.0-192.168.3.255. Use a subnet calculator to figure out what you really want.
Once you have changed that, adjust the DHCP pool start/end as needed.
-
If you have a Layer 3 switch, or any switch that supports VLAN and 802.1Q you can create additional LAN networks that can be individual /24's.
I wouldn't suggest using a LAN block larger than a /24 as you can run into performance/stability issues with broadcasts overwhelming all hosts on the network. Instead, carve up that /22 into multiple blocks like so:
192.168.0.0/22:
192.168.0.0/24 - 192.168.0.1-254
192.168.1.0/24 - 192.168.1.1-254
192.168.2.0/24 - 192.168.2.1-254
192.168.3.0/24 - 192.168.3.1-254This will also give you the ability to segment your network, and will make overall management easier. You can even split those /24 blocks into smaller network blocks so you can keep servers, management IP's, VIP's, VPN users, etc.. separate and firewalled across LAN's.
For example, with the blocks above, we want to further segment the first block.
First split them into two /25's:
192.168.0.0/24:
192.168.0.0/25 - 192.168.0.1-126
192.168.0.128/25 - 192.168.0.129-254Then we can split the second block into two smaller, /26 blocks:
192.168.0.128/26 - 192.168.0.129-190
192.168.0.192/26 - 192.168.0.193-254Yes you 'lose' a few IP's in each network for subnet, broadcast, and gateway IP's, but overall it's a great solution to optimally use your IP blocks.
Hope this helps!
