You might need to change your network’s IP address scheme for any number of reasons: company acquisitions, conflicts with another network, additional IP addresses required. I recently changed a client’s IP address scheme from 192.168.10.0/24 to 10.10.0.0/16 because the client needed more than 254 addresses at a particular location. If you’ve ever had to change an IP addressing scheme on a network of any significant size, you know that it's a major undertaking. If you need to perform such a change, plan it over a weekend to give yourself plenty of time to test and troubleshoot any problems that might arise. Here are some items to consider when changing your network's addressing scheme.
- WAN/VPN connections. Reconfigure the firewall, WAN routers and VPN tunnels with the new IP scheme. For site-to-site VPN tunnels, remember to update the remote firewalls with the new IP scheme. You might want to temporarily enable secure WAN management access to any remote firewall in case you have difficulty establishing the tunnel after you change the IP scheme on the local firewall.
Servers. Change the IP addresses, subnets, default gateways, and DNS addresses on the servers, to reflect the new IP address scheme. I suggest you use a label maker to label any device that has a fixed IP address. Double-check the C:\windows\system32\drivers\etc\hosts and C:\windows\system32\drivers\etc\lmhosts files for server IP addresses and update them as necessary. After you’ve changed the IP addresses of all your servers, run the commands
ipconfig /flushdns and ipconfig /registerdnsto flush the DNS cache and load the new IP addresses of the servers.
- Sites and services. Use the Microsoft Management Console (MMC) Active Directory Sites and Services to create a new subnet and assign the updated subnet to the site. Make sure to remove the old IP subnet from the site.
- Microsoft IIS. If you’re running IIS, make sure to check the IP addresses of your Web sites. Open Internet Services Manager (ISM), right-click your Web site, and select Properties. On the Web Site tab, the IP address should be set to "All unassigned." If you manually selected an IP address for the server, you need to update it after you change the IP address on the Web server.
- Microsoft Exchange Server 2003. If you run Exchange, start Exchange System Manager (ESM) and select Administrative Groups,
, Servers, , Protocols, SMTP. Right-click the Default SMTP Virtual Server and select Properties. On the General tab, make sure the IP address is set to "All unassigned." If it's not, make sure to update the SMTP Virtual Server with the correct IP address after you make the IP address change on the server.
- DNS. Most likely, you had to change the IP address of your DNS server. If you allow zone transfers to other Win2K and later DNS servers listed on the Name Servers tab in the Properties of your Win2K domain, you must update the IP addresses of any DNS servers.
- Devices with fixed IP addresses. Change the IP address for any devices that have fixed IP addresses, such as printers, switches, routers, network scanners, network copiers, and video-conference units. Make sure that the remote video-conference units are updated with the new address of the local video-conference unit. If your workstations print directly to a network printer with a fixed IP address, you must update the printer address on each workstation or write a script that will update the workstations automatically. You can also set the workstations to print via a queue on a server, in which case you just have to change the printer address on the server.
- Firewall. This change is probably one of the more difficult ones. Make sure to get a good backup of your firewall configuration before you start. Depending on your firewall configuration, you might need to change the IP address of your inside interface, the IP address of internal network objects, static routes, and one-to-one NAT definitions with the new IP address of the device.
- DHCP configuration. Most likely your workstations are assigned an IP address with a DHCP server. Before you make the address change, I suggest you expire all the leases on the DHCP server to force the workstations to obtain a new IP address. Make sure to update the configuration of the DHCP server with the new IP scheme, which typically includes the new IP address, subnet, default gateway, and DNS servers.
- Test, test, test. Thoroughly test your new configuration. At a minimum, test the following items:
a. DHCP leases. Make sure workstations that use DHCP can obtain a new address and that all the IP settings are correct. b. Servers. Make sure workstations and servers can access each other. c. Internet access. Make sure workstations and servers can access the Internet. d. WAN connections. Make sure you can access remote servers and the remote servers can access local resources. e. Web site. If your company hosts a Web site, make sure it's still accessible from inside and outside of your network. f. Email. Make sure users can access their email. Verify that inbound and outbound Internet mail and email to and from remote offices works. g. Printing. Make sure users can still print to network printers. h. Video conferencing. Verify that video-conferencing units can access each other.
If you’re making this change over a weekend, make sure to have IT staff available on Monday morning to address any problems that might arise. Of course, you might have more or fewer tasks to perform during an IP scheme change, depending on your network configuration.