DHCP for multiple subnets

[mrCide]

I don't know if this would be considered a network or OS topic but I figured I'd try here first.

Basically we run a WAN across a dozen facilities over AT&T metro-ethernet, each facility has it's own subnet and our colo is our first subnet and also provides internet access, etc. ie; colo is 192.168.1.x, facility 2 is 192.168.2.x, facility 4 is 192.168.4.x. etc.

We've run into a problem of running out of DHCP IPs at facility 4. I'm trying to figure out the best way to tackle this. We've already decided that what we probably want to do is create a new subnet (add 20, 192.168.24.x) for expansion.

We run an all Windows 2003 AD/domain environment an each facility has basically a domain controller that runs DNS/DHCP and a file server.

Unfortunately we lost our network infrastructure guy who would be handling this. Anyone have any thoughts/suggestions?

 

[DnetMHZ]

This may help.

http://support.microsoft.com/kb/255999

Assuming your scope is already extended as far as possible, you may want to look into re-subnetting.

 

[zetsway]

I don't know if this would be considered a network or OS topic but I figured I'd try here first.

Basically we run a WAN across a dozen facilities over AT&T metro-ethernet, each facility has it's own subnet and our colo is our first subnet and also provides internet access, etc. ie; colo is 192.168.1.x, facility 2 is 192.168.2.x, facility 4 is 192.168.4.x. etc.

We've run into a problem of running out of DHCP IPs at facility 4. I'm trying to figure out the best way to tackle this. We've already decided that what we probably want to do is create a new subnet (add 20, 192.168.24.x) for expansion.

We run an all Windows 2003 AD/domain environment an each facility has basically a domain controller that runs DNS/DHCP and a file server.

Unfortunately we lost our network infrastructure guy who would be handling this. Anyone have any thoughts/suggestions?

So you have multiple problems. First, can your router pass traffic to anything from 192.168.x.x? If it can you are fine but I would make sure that someone didn’t put an ACL for 192.168.1.x, 192.168.2.x, 192.168.4.x

Some people may just add the entire block and some may not. 192.168.x.x


So you want to increase your DHCP pool by 5355? What for? Will you really have that many people?

Assuming my math is correct than you will need to add another scope. I would delete your current scope and add a new one.

192.168.4.1 – 192.168.20.255 assuming your are using 1 and 255 on each octet

Really though this should be remap like DnetMHZ said.

 

[imagoon]

You should see what the reason is for running out. Do you have 254 machines there? If not, try shortening the DHCP lease time to free the addresses faster. Check for buggy devices checking out multiple leases. You could also resegment the facility to a /23 if you want everyone on one segment (might get a bit chatty) or just add another segment with a router than can handle the traffic.

Supernetting 192.168.4.x to 255.255.254.0 would give you 192.168.4.0 - 192.168.5.255. Only do that if actually needed though. Make sure your lease timers are appropriate and that there are enough of them (some silly IT people set them to months or infinite). If DHCP is only handing out x.10 - x.50 then it is pointless to supernet as your not using the range you have.

 

[mrCide]

Thanks for the responses guys. I'm looking I think primarily at Creating a superscope for a multinet(supernet?), based on the responses and what I'm trying to accomplish. I should have had more details.

We are out of IPs in that subnet range (192.168.4.x). Router, switches, servers and vendor devices, workstations, cameras, and wireless APs leave me with about 14 IPs remaining, which can strain down to about 2-3 when all the workstations are in use. I've taken the DHCP scope as far as I can without interfering with any static devices, lowered the lease time, etc. It's one of our larger campuses, though we plan on doing this for our other major campuses.

When I said 4 up 20 I meant we're creating a subnet by counting 20 up, so .4 we're adding 20 to create subnet 192.168.24.x (and for facility 6 192.168.26.x), we are currently using up to 192.168.18.x as far as our subnets on the WAN go. I'm only looking to add another 255 IPs.

Seems like what I'll have to do is create a superscope on that DHCP server, bring in the current scope and create a new scope for another subnet, adding a new IP to the device, and .. making changes to our router/switch (we run cisco 2800 routers and dell managed switches), which I guess I'll have to talk to network company to do I guess.

Any holes in my plan?

 

[zetsway]

Thanks for the responses guys. I'm looking I think primarily at Creating a superscope for a multinet(supernet?), based on the responses and what I'm trying to accomplish. I should have had more details.

We are out of IPs in that subnet range (192.168.4.x). Router, switches, servers and vendor devices, workstations, cameras, and wireless APs leave me with about 14 IPs remaining, which can strain down to about 2-3 when all the workstations are in use. I've taken the DHCP scope as far as I can without interfering with any static devices, lowered the lease time, etc. It's one of our larger campuses, though we plan on doing this for our other major campuses.

When I said 4 up 20 I meant we're creating a subnet by counting 20 up, so .4 we're adding 20 to create subnet 192.168.24.x (and for facility 6 192.168.26.x), we are currently using up to 192.168.18.x as far as our subnets on the WAN go. I'm only looking to add another 255 IPs.

Seems like what I'll have to do is create a superscope on that DHCP server, bring in the current scope and create a new scope for another subnet, adding a new IP to the device, and .. making changes to our router/switch (we run cisco 2800 routers and dell managed switches), which I guess I'll have to talk to network company to do I guess.

Any holes in my plan?

In ref to your switch.....If you have managed switches and you really didn't add any VLANs or port sniffing or VOIP than you shouldn't have to do anything.

In ref to your router....If you are using an ASA there should be a GUI and if you have cisco support than they can do it for you. I do that all the time. I screw something up call cisco and they remote in to my pc and I open putty and they do their magic

In ref to your DHCP plan.....do it after hours

 

[imagoon]

Ok let me first state: You cannot supernet unless the ranges are neighbors. What you plan do is create another network, they will require a router between them to operate properly. You likely need to use vlans in the switches or isolate the networks at the router. You will likely want or need a gig router or a layer 3 switch core to handle the routing. By adding x.24.x you are just adding more ranges and not supernetting. You will need to create a new DHCP scope for the x.24.x and add the range to the routing tables. Note that something small like an 1841 will not likely perform well in this environment.

You absolutely do not want to just export the new range in the network. You need to plan switch configuration updates, router updates, core changes, potential changes to your application layer (IE MS AD will need to updated to include the range (ie sites and services.) You will need to decide which devices go on which segment etc. Expect ton of time configuring devices.

I have done stuff like this when migrating from our old 192.168.x.x address schemes to a 10.x.x.x scheme when we 'went corporate'. You will need to review your loading requirement etc. Something like Cisco 3750G layer 3 to handle routing depending on load etc.

Likely you will be exporting either sub interfaces on your border router or providing a route to the core switches. The core switches would handle the inter-vlan traffic.

 

[Cooky]

Couple of things...
1.
You should really limit your subnets / broadcast domains to /23, and nothing bigger.
This will isolate any broadcast storm or other L2 issues in each subnet, and not spill over to the others.
2.
I advise you to work out a better IP scheme while it's not too late.
The current scheme of 192.168.x.y/24 for each location doesn't scale very well, as you've seen.
It also makes it impossible to summarize each facility/location.
It's best to assign each location into a much bigger subnet, something in the 10.x.y.z range.
Then divi up that subnet into smaller ones, and not mix up servers, phones, vendor devices, and user workstations in the same subnet.

 

[mrCide]

Trust me, there are a lot of things i would love to redo and restructure, but we're in Healthcare and similar services and my boss would have a good laugh if I told him this. Unfortunate but until it causes a melt down it will not change.

 

[xSauronx]

Trust me, there are a lot of things i would love to redo and restructure, but we're in Healthcare and similar services and my boss would have a good laugh if I told him this. Unfortunate but until it causes a melt down it will not change.

well...go on and melt it down before you have to fix a huge headache later?

 

[RadiclDreamer]

Couple ideas, if you are using all the addresses and want to expand, add a secondary address to the router, create a new dhcp range with the new secondary set of addresses and then set the secondary address to the primary. That way all new clients will come from a new router address and pickup the new scope and the old subnet will still route until the leases run out. Now you will still need to route the new subnet etc. But this is something that should be handled by someone who knows your network.

I first suggest trying to see if you can make do on what you have