diff --git a/pkg/login-validator/cmd/pxetpl.go b/pkg/login-validator/cmd/pxetpl.go
index bec269f..9cf8882 100644
--- a/pkg/login-validator/cmd/pxetpl.go
+++ b/pkg/login-validator/cmd/pxetpl.go
@@ -37,12 +37,16 @@ func registerUser(tplPath string, filename string, username string, ip net.IP) e
 
 		pkey := hmac.New(sha512.New512_224, []byte(loginSalt))
 
+		if len(ip.To4()) != 4 {
+			return fmt.Errorf("Unable to assign a protected IP.")
+		}
+
 		if pxeTmpl, err := template.New("pxeUser").Parse(string(pxeTplCnt)); err != nil {
 			return err
 		} else if err := pxeTmpl.Execute(userfd, map[string]string{
 			"username": username,
 			"pkey":     fmt.Sprintf("%x", pkey.Sum([]byte(username))),
-			"ip":       fmt.Sprintf("%d.%d.%d.%d", ip.To4()[0], ip.To4()[1], ip.To4()[2], ip.To4()[3]),
+			"ip":       ip.String(),
 		}); err != nil {
 			return err
 		}
diff --git a/token-validator/ip.go b/token-validator/ip.go
index b0896da..aca9a79 100644
--- a/token-validator/ip.go
+++ b/token-validator/ip.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"fmt"
+	"net"
 
 	"github.com/julienschmidt/httprouter"
 
@@ -15,8 +16,19 @@ func init() {
 	})))
 }
 
-func IPSuffix(s adlin.Student) int64 {
-	return s.Id*4 + 10
+func IPSuffix(s adlin.Student, network net.IPNet) net.IP {
+	ipshift := s.Id*4 + 10
+
+	myIP := network.IP
+
+	if ipshift > 254 {
+		myIP[len(myIP)-2] += byte(ipshift / 254)
+		ipshift = ipshift % 254
+	}
+
+	myIP[len(myIP)-1] += byte(ipshift)
+
+	return myIP
 }
 
 func showIPs(_ httprouter.Params, body []byte) (interface{}, error) {
@@ -45,9 +57,9 @@ func showIPs(_ httprouter.Params, body []byte) (interface{}, error) {
 func getStudentIPs(student adlin.Student) (r map[string]string) {
 	r = make(map[string]string)
 
-	r["vlan0"] = fmt.Sprintf("172.23.0.%d", IPSuffix(student))
-	r["wg0"] = fmt.Sprintf("172.17.0.%d", IPSuffix(student))
-	r["vlan7"] = fmt.Sprintf("172.23.142.%d", IPSuffix(student))
+	r["vlan0"] = IPSuffix(student, net.IPNet{net.ParseIP("172.23.0.0"), net.CIDRMask(17, 32)}).String()
+	r["wg0"] = IPSuffix(student, net.IPNet{net.ParseIP("172.17.0.0"), net.CIDRMask(16, 32)}).String()
+	r["vlan7"] = IPSuffix(student, net.IPNet{net.ParseIP("172.23.142.0"), net.CIDRMask(23, 32)}).String()
 	r["wg"] = adlin.StudentIP(student.Id).String()
 	r["adn"] = student.MyAssociatedDomain()
 	r["ddn"] = student.MyDelegatedDomain()
diff --git a/token-validator/students.go b/token-validator/students.go
index 42ad331..ac101fa 100644
--- a/token-validator/students.go
+++ b/token-validator/students.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"log"
+	"net"
 	"strings"
 
 	"github.com/julienschmidt/httprouter"
@@ -89,7 +90,7 @@ func createStudent(_ httprouter.Params, body []byte) (interface{}, error) {
 	}
 	exist.RegisterAccess(std.IP, std.MAC)
 
-	ip := fmt.Sprintf("172.23.0.%d", IPSuffix(exist))
+	ip := IPSuffix(exist, net.IPNet{net.ParseIP("172.23.0.0"), net.CIDRMask(17, 32)}).String()
 	exist.IP = &ip
 
 	return exist, nil