My ASUS router is very close to maxing out the number of IPs with all my connected devices in the house. Wondering what everyone else is doing for this scenario? Multiple routers with different VLANs?
does your router run merlin.. if so highly recommended. no limit.. just whatever is limited by your subnet mask
if not get a new router gt-axe11000 or 16000
My router can run Merlin but regardless of firmware it can only support 254 IPs
change to the private clase b... that 254 limitation is due to your class c address block ie 192.168.1.x
or try a subnet mask of 255.255..0.0 that way you should be able to do 255*255 ips..
Yeah I’ll have to change my subnet to 254 from 255. Don’t want to change it to a class B, don’t want any storms on my network. But thanks for the suggestion. Been googling this as well. Appreciate the feedback.
1 Like
ya you will quickly notice a problem with this.. lol you need to change the subnet maskon all your devices or you will not be able to talk to each other if they cross from on class c to another..
and also many device will not take a new ip and subnet mask even if you change it in the dhcp in your router (remember to change the subnet mask here as well even for those where the ip stays the same) most likely you will then need to reboot your router and many of your devices.
hope this helps
Wasn't IPv6 supposed to fix this problem? 
2 Likes
If you have that many devices on a router that allows for a single VLAN only, you may want to consider switching to a different class of router, like something from Ubiquiti, TP-Link Omada, PFSense, etc., where you can segment your network across multiple VLANs.
@inetjnky Don't make things complicated when you don't have to. Simply switch to a /23 subnet. This will get you from 254 to 510 devices. Leave your network flat. When dealing with home networks people try to make things way to complicated in the name of "Security" and what they don't understand is that if someone gets past your NAT they're gonna get to your VLANS. So go with the KISS principal. (Keep it simple stupid). Simply change out the subnet from /24 to /23 and give yourself the space.
3 Likes
Multiple routers is a bad idea, that leads to multiple networks, weird NAT problems or double-NAT.
Easiest solution is simple subnetting. For example let's say you are using network 192.168.0.0 with a subnet of 255.255.255.0, which gives you 254 devices (192.168.0.1-254). Simply changing your subnet mask to 255.255.254.0 will give you double the IPs (192.168.0.1-192.168.1.254). Probably the easiest way to fix the issue with minimal impact of current config.
*I didn't read all the replies before posting, but @rlithgow1 beat me to the answer.
1 Like
I know the ASUS routers default to 192.168.1.0 (255.255.255.0) and then if you use the main guest network and have it isolated they go into a VLAN using 192.168.2.0. Not sure what would happen if you adjusted the range of the main segment exactly, if it would bump the guest network out or cause problems. Just something to be aware of, if its an issue the main LAN could just be changed to something higher like 192.168.100.0 / 23
right a /23 will give him 510 instead of 254
Shouldn't. If you use a /23 subnet (255.255.254.0) your main network would be 192.168.0.0/23 (with IPs from 192.168.0.1 thru 192.167.1.254) and the guest network is already on the NEXT possible /23 network (192.168.2.0/23). Although, I imagine by default, it would keep the guest network as /24. Either way, no problem.
That's only if you change the main LAN to 192.168.0.0 / 23, it defaults to 192.168.1.0 / 24. I was questioning what might happen if you changed it to 192.168.1.0 / 23 since the new range would overlap with the typical range of the guest network.
That's fine, you could literally leave everything where it is, change the router to 192.168.0.1/23, and everything will be fine. Your new addresses will just populate the 192.168.0.xxx part of the space that is unused.
There technically is no 193.168.1.0/23. There is 192.168.0.0/23, and the next possible /23 is 192.168.2.0/23. Addresses that land in 192.168.1.xxx/23 are part of 192.168.0.0/23
5 Likes
The use of VLANS for security in a home network is not to prevent the internet from getting in. The use is to provide isolation in the local network between higher risk entities and lower risk or trusted entities.
There are many devices that are built by companies that lack rigorous control on the firmware supply chain. Even those companies that believe they have rigorous controls in place may still have significant holes. Many of these devices are built around embedded general purpose systems running Linux. These devices and their firmware are excellent potential attack vectors. Higher risk devices such as these should be isolated from trusted devices if feasible. This is what VLANs accomplish.
Short version: I love my Tesla, but I will never let it send packets to my NAS. Ditto for my Roborock, Sense controller, DJI drone controller, etc.
3 Likes
To a degree I 100% agree. The problem is that I think there are allot of people that end up trying to do this and end up having issues because of how complicated it can be. It is so easy to have unexpected consequences if you don't fully understand all the network implications.
You also have to ask what are you protecting yourself from. Though there is certainly potential for security concerns in many cases I think this is mostly about "FUD". This also depends a little bit on each individual of course.
I honestly view the basic approach as pretty simple. Two lan segments, LAN and IOT. The only difference is between the two is that IOT has one additional rule which blocks access to LAN. Lots and lots of basic guides to setting up firewalls use this kind of approach. It's easy enough for just about everyone, and greatly reduces risk. I think it's easily worth it.
FWIW, in my case, my single largest concern is my NAS. I run a Synology (yes, I know) and their NASs have been the focus of a lot of ransomeware over the past few years. I have a good deal of data in my NAS. While I have secure off site backups, it would still take me 3-4 weeks to recover from an event.
Or like me with a public subnet and a private one. And a huge firwall. No need for vlan as nas is on private and no ports or udp are open to it.
I’ve thought about isolating my cameras on my network but admittedly have not done it yet. I too have a NAS (QNAP) but again I have t isolated anything on my internal network. It’s just my wife and I and our couple of kids who come and go.
