need more ip's

[Guest]

Here's my scenario:
In my office, I'm running two physically different DCHP servers; one is
handling the range of 192.168.1.1 - 192.168.1.100, the other is handling
192.168.1.101 - 192.168.254. This gives us the full range of 192.168.1.1 -
192.168.1.254, but we are running low on IP's now.

We also have two remote plants, that'll I'll refer to as plant 1 and plant
2.

We maintain a VPN connection to Plant 1 between two firewalls and they use
the range of 192.168.2.x.

Same for plant 2, but their IP range is 192.168.3.x.

The LAN side of my firewall is set to 192.168.1.1/255.255.255.0.

What would be the best solution to give my office network more IP's?

If I made a new range of say 192.168.4.x, would they see the devices on the
192.168.1.x subnet and vise versa? All the nodes in my office log into the
same domain. What issues will I encounter if I go this route?

Thanx,
Vinny

 

[Phillip Windell]

Here's my scenario:
In my office, I'm running two physically different DCHP servers; one is
handling the range of 192.168.1.1 - 192.168.1.100, the other is handling
192.168.1.101 - 192.168.254. This gives us the full range of 192.168.1.1 -
192.168.1.254, but we are running low on IP's now.

Well, let's just deal with this part of it and have it setup the way it
should be, so it will be more scalable. The rest you should be able to
figure out after that. The "*" are only for emphasis on words, so I'm not
"yelling".

First configure both DHCP Server with *identical scopes*. Use the *full* IP
Range in both Scopes (no Superscopes!). Use Exclusions in the Scopes to
adjust which range of addresses each server is allowed to give out. I would
also recommend putting both DHCP Servers in the same subnet together so that
the LAN's router can easily and conviently relay the DHCP Queries to them.

If you need to add another subnet, then just add another Scope for it,
indentically on both DHCP Servers while using the Exclusions to control
which addresess are given out just as was done with the previous Scopes.

The reason the scopes should be identical is so that a DHCP Server does not
falsely tell a Client that no such address exist when it really does exist
on the other Server. The identical Scope coupled with the Exclusions allows
the DHCP to understand that "yes" the address does exist but can't be
retrieved here and must be retreived from the other Server. I'm sure there
are more esoteric was to describe it, but that is the general idea.

As an additional option you could just configure a separate independent DHCP
Server for each subnet with the corresponding Scope and place it physcally
in the subnet that it "serves". Be sure to turn off any DHCP Relaying in
the router. On their own without the router relaying them, the Queries will
stay in their own subnet.

 

[Guest]

You say - "If you need to add another subnet, then just add another Scope
for it,
indentically on both DHCP Servers while using the Exclusions to control
which addresess are given out just as was done with the previous Scopes."

This sounds good to me, but will devices assigned IP's in one scope, see the
devices on the other? If I have 300 devices in my bulding and they all get
IP's, some will be assigned from the 192.168.1.x scope and some from the
192.168.4.x scope, can they all still log into the domain and see all the
printers and file servers and so forth no matter which range they're assigned
an IP from? I need to make available more IP's and I need to make this
transparent to the users.

Thank you,
Vinny

 

[Phillip Windell]

This sounds good to me, but will devices assigned IP's in one scope, see the
devices on the other?
IP's, some will be assigned from the 192.168.1.x scope and some from the
192.168.4.x scope, can they all still log into the domain and see all the
printers and file servers and so forth no matter which range they're assigned
an IP from?

Of course,...that's what routers do,... a "real" router that is,..I don't
mean some Internet Sharing Device.

If you need more address, then create a new subnet using a standard 24bit
mask and you will get another 254 host IPs. It requires a router (a "real"
router, not an internet sharing device) between the subnets to route between
them. The router would be configured to relay the DHCP Queries to the DHCP
Server. The router includes the proper infomation in the query so the DHCP
Server knows where it came from, and the DHCP is smart enough to know which
Scope to get the address from.

 

[Guest]

Thanx Phillip,
I'm going to look into these "routers" you're talking about. I guess my
SonicWall wouldn't do the trick?

 

[Preacher Man]

How much trouble would it be for you to move to a class B Subnet?

 

[Phillip Windell]

Thanx Phillip,
I'm going to look into these "routers" you're talking about. I guess my
SonicWall wouldn't do the trick?

No that is a "Firewall" not a router. That is an example of the dis-service
the SOHO market has done to the industry. Because they call thier "Internet
sharing Devices" a Router when they are really a Low-end Firewall they have
butchered the dictionary and now when some mentions "router" no what knows
what they mean by it, because they all wrongly think that a router is some
kind of "NAT box" instead of a Layer3 routing device between LAN Segments
which is a what a real router really is.

 

[Phillip Windell]

That could be done, but there are some problems with it. A LAN looses
efficiency once it gets over 250-300 hosts (your mileage may vary). An
un-split Class B would would give it over 65,000 hosts,...so it would have
to be split up,...but after doing that,..it would have been easier to just
add an additional Class C segment of 254. This would keep the number of
Hosts per segment effectively below 250.

 

[Guest]

Thanx for the clarification Phillip. Does this "true" router have to be a
physical hardware device, or can it be a piece of software installed on the
network somewhere? Maybe on one or both of the DHCP servers? Can you give
me a good source for these kinds of products? Some brand names that I should
look for? I checked a few websites for routers, but all turn up are the
usual home network type DSL/Cable routers.

Thanx,
Vinny

 

[Phillip Windell]

It is usually a hardware device, although any "NT" based Windows OS can
function as a router with two or more Nics in the machine. The old NT4
(even Workstation) could work as a router all on its own,...Windows
Server2000 and 2003 use the RRAS Service to do it.

(works the same for 2003)
299810 - HOW TO: Configure Windows 2000 to Be a Router
http://support.microsoft.com/default.aspx?scid=kb;en-us;299810

 

[Guest]

Hi Phillip.
The knowledge base link you sent me doesn't work. It looks like Microsoft
took the article offline for some reason. I haven't made it work yet but
here is what I've done so far:
I setup a test server with RRAS. It has two nics. I statically assigned an
IP from each subnet to each nic. I tried changing a few settings in the RRAS
setup, and tried creating static routes between the two subnets, but nothing
works. I'm sure I'm doing something wrong, but I can't find specific info on
the internet for this.
Does RRAS need to be installed on the DHCP servers themselves? Both of my
DCHP servers are DC's, the primary, and a backup. I've read somewhere that
it is not a good idea to route using a DC. The test server I am using is
neither a DCHP server nor a DC. Also, both nics in this server are plugged
into the same switch. Does this matter?

I know I'm missing something here but I can't figure it out. Can you give
me any advice on what I'm doing wrong and how to make it work?

Thanx,
Vinny

It is usually a hardware device, although any "NT" based Windows OS can
function as a router with two or more Nics in the machine. The old NT4
(even Workstation) could work as a router all on its own,...Windows
Server2000 and 2003 use the RRAS Service to do it.

(works the same for 2003)
299810 - HOW TO: Configure Windows 2000 to Be a Router
http://support.microsoft.com/default.aspx?scid=kb;en-us;299810


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Thanx for the clarification Phillip. Does this "true" router have to be a
physical hardware device, or can it be a piece of software installed on the
network somewhere? Maybe on one or both of the DHCP servers? Can you give
me a good source for these kinds of products? Some brand names that I should
look for? I checked a few websites for routers, but all turn up are the
usual home network type DSL/Cable routers.

Thanx,
Vinny

 

[Phillip Windell]

The knowledge base link you sent me doesn't work. It looks like Microsoft
took the article offline for some reason.

I hate that. I'll check on that later, send a few emails. The article does
appear to be gone.

I setup a test server with RRAS. It has two nics. I statically assigned an
IP from each subnet to each nic. I tried changing a few settings in the RRAS
setup, and tried creating static routes between the two subnets, but nothing
works. I'm sure I'm doing something wrong, but I can't find specific info on
the internet for this.

You don't need static routes for networks that are directly connected to the
"router" because it already knows about them. Static routes are only for
networks that is more than one "hop" away.

Does RRAS need to be installed on the DHCP servers themselves? Both of my
DCHP servers are DC's, the primary, and a backup. I've read somewhere that
it is not a good idea to route using a DC.

That is correct. Do not do that.

The test server I am using is
neither a DCHP server nor a DC. Also, both nics in this server are plugged
into the same switch. Does this matter?

It should not prevent it from working but it is a bad idea. Network segments
should be physically sparated and distinct.

Essentially with RRAS you just install it (assuming the Nics already
installed) and enable "routing". There are no static routes and there is
really nothing else to do. You use the "DHCP Agent" in RRAS to handle the
DHCP Queries. The details are in the Help for RRAS,..just go to the Search
Tab in Help and query "DHCP" and you will see it along with the setps to
configure it.

But I only used RRAS as an example,...you can also use a regular hardware
based LAN Router if you want. Use whatever works best according to what you
have or can afford to get.