running out of IP Address! help!

G

Guest

My company has a class C network 192.168.0.x and using AD with DHCP. Only
5% available and need to think of something quick. I read some articles
about segmenting 2 with a router 192.168.0.x /192.168.1.x 255.255.255.0 and
this should work. I'm sorta new to this and the only problem with this is
that we have a remote facility that already has a segment of 192.168.1.x
through a dedicated T1 using 2 cisco routers. The remote site is using the
cisco dhcp from the router to assign the 192.168.1.x IP's. Is it possible to
have another subnet while keeping my scope the same? maybe my HQ would have 2
physical segmets with 192.168.0.x / 192.168.2.x ? since my remote site
already have 192.168.1.x.
 
J

Jordan

The beauty of DHCP is that you can reconfigure the scope and reboot everyone
and the network will be all set - theoreticly!

Since you have .0 for a network and you need connectivity to .1 you can't
just expand your subnet mask. If you did not have connectivity to .1 then I
would have suggested adjusting the subnet to 255.255.248.0 which would have
given you access to .0 - .7 and adjust your scope to issue addresses in the
new IP range. But you can still do this and just change your IPs from .0 to
..8-.16

All the clients should just fall into place when you change the scope to
give out the new IP range however your real problem is getting all the other
static content into place. For instance if you have the direct connection
to .1 at the other company you have to configure everything to point to your
internal network numbers in the new range. If you have ISA server or Proxy
server it is a pain to get the LAT tables correct. RRAS is a pain to change
as well. You have also got to reconfigure your port forwarding on your
firewalls and routers if you have those.

You also could just segment your network a little. Since it looks like you
have about 200+ computers you could keep one DHCP server on one segment and
create a segment ending in .2 with a DHCP server and router in between. Put
half of the computers on the .2 segment. Preferably the ones that can hold
off on access to the other office while you work out the kinks.
 
P

Phillip Windell

Jordan said:
The beauty of DHCP is that you can reconfigure the scope and reboot everyone
and the network will be all set - theoreticly!

Since you have .0 for a network and you need connectivity to .1 you can't
just expand your subnet mask. If you did not have connectivity to .1 then I
would have suggested adjusting the subnet to 255.255.248.0 which would have
given you access to .0 - .7 and adjust your scope to issue addresses in the
new IP range. But you can still do this and just change your IPs from .0 to
.8-.16
Click to expand...

I wouldn't recommend that. Segments need to be kept below 300 hosts. The 24
bit segment is the perfect size at 254 hosts.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------
 
P

Phillip Windell

chris said:
My company has a class C network 192.168.0.x and using AD with DHCP. Only
5% available and need to think of something quick. I read some articles
about segmenting 2 with a router 192.168.0.x /192.168.1.x 255.255.255.0 and
this should work. I'm sorta new to this and the only problem with this is
that we have a remote facility that already has a segment of 192.168.1.x
through a dedicated T1 using 2 cisco routers.
Click to expand...

Then use a range that is not in use,...there are still 254 of them left.
And they don't have to be sequential, although it is nice if the are,...it
can simplify routing.

The remote site is using the
cisco dhcp from the router to assign the 192.168.1.x IP's. Is it possible to
have another subnet while keeping my scope the same? maybe my HQ would have 2
physical segmets with 192.168.0.x / 192.168.2.x ? since my remote site
already have 192.168.1.x.
Click to expand...

You just add a new *regular* Scope to the DHCP (No Superscopes!) for the new
segment you want to add. The LAN Router that you will use between this new
segment and the original segment will have to be configured to forward the
DHCP Queries from the hosts to the DHCP Server. That is all there is to it.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------
 
J

Jordan

I guess you could go with adding a router / routers and handle the
non-sequential IP ranges by routing the DHCP broadcasts through the routers,
but do you think that the performance hit would be noticeable by expanding
the hosts from 254 to 511 or even 1023?






Phillip Windell said:
Jordan said:
The beauty of DHCP is that you can reconfigure the scope and reboot everyone
and the network will be all set - theoreticly!

Since you have .0 for a network and you need connectivity to .1 you can't
just expand your subnet mask. If you did not have connectivity to .1
then I
would have suggested adjusting the subnet to 255.255.248.0 which would have
given you access to .0 - .7 and adjust your scope to issue addresses in the
new IP range. But you can still do this and just change your IPs from .0 to
.8-.16
Click to expand...

I wouldn't recommend that. Segments need to be kept below 300 hosts. The
24
bit segment is the perfect size at 254 hosts.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
Click to expand...
 
G

Guest

Thanks for all the response and its been very helpful. So all I need to do
is purchase 2 lan router and set it to forward DHCP queries and create
another scope on my DHCP server with 192.168.3.x? Its very similar to my
remote office setup with 192.168.1.x.

Do you have any suggestion of what product I should get? My network
currently consist of 3com and cisco. Thanks again for all of your inputs..
its greatly appreciated.
Phillip Windell said:
chris said:
My company has a class C network 192.168.0.x and using AD with DHCP. Only
5% available and need to think of something quick. I read some articles
about segmenting 2 with a router 192.168.0.x /192.168.1.x 255.255.255.0 and
this should work. I'm sorta new to this and the only problem with this is
that we have a remote facility that already has a segment of 192.168.1.x
through a dedicated T1 using 2 cisco routers.
Click to expand...

Then use a range that is not in use,...there are still 254 of them left.
And they don't have to be sequential, although it is nice if the are,...it
can simplify routing.

The remote site is using the
cisco dhcp from the router to assign the 192.168.1.x IP's. Is it possible to
have another subnet while keeping my scope the same? maybe my HQ would have 2
physical segmets with 192.168.0.x / 192.168.2.x ? since my remote site
already have 192.168.1.x.
Click to expand...

You just add a new *regular* Scope to the DHCP (No Superscopes!) for the new
segment you want to add. The LAN Router that you will use between this new
segment and the original segment will have to be configured to forward the
DHCP Queries from the hosts to the DHCP Server. That is all there is to it.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
Click to expand...
 
P

Phillip Windell

Jordan said:
I guess you could go with adding a router / routers and handle the
non-sequential IP ranges by routing the DHCP broadcasts through the routers,
but do you think that the performance hit would be noticeable by expanding
the hosts from 254 to 511 or even 1023?
Click to expand...

Well the 250-300 host "rule" is just sort of a guideline. It is not a
"concrete" limit. Since Ethernet is so broadcast dependent the more host on
the same wire the more inefficient it gets,..even if there is no users on
the machines. Slower systems like the older 10mbps networks would of course
be more noticable than a gigbit one,...it doesn't mean the gigabit one still
isn't becoming less efficient, but it just isn't noticable as soon.
Probably going to 400-450, maybe even 511 isn't that noticable depending on
what is actually being done on the LAN, but I don't think I would want to
chance 1023. Usually when you use the lower bit masks to get more host you
would be "supernetting" and the IP Range would get broken up into smaller
pieces futher down the line somewhere.

Again though, it is just principles,...I don't know of any "concrete"
limits.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------
 
P

Phillip Windell

chris said:
Thanks for all the response and its been very helpful. So all I need to do
is purchase 2 lan router and set it to forward DHCP queries and create
another scope on my DHCP server with 192.168.3.x? Its very similar to my
remote office setup with 192.168.1.x.
Click to expand...

The number of routers would be determined by the number of segments and the
number of physical Ethernet ports on the router (not counting VLAN
capability). I use an HP 5304xl which is a combination Switch and Router in
the same device. It has the capability to run 256 different subnets with
just the one router and can have 192 physical Ethernet ports on it. But we
have about $10,000 wrapped up in that thing.
Do you have any suggestion of what product I should get? My network
currently consist of 3com and cisco. Thanks again for all of your inputs..
its greatly appreciated.
Click to expand...

I have no specific suggestion,..but if you find one that has enough Ethernet
ports you can do it with only one router. Some are modular and have modules
that can be added to give them more ports. You don't have to "shoot for the
moon" with it,...just get what it takes to do the job. Many of the more
advance Switches out there are Layer3 Switches, which is just a Switch and
Router built into the same "box",...that is probably the cheapest way to go
since not only will it work as a router, but it works as a switch at the
same time.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------


Phillip Windell said:
chris said:
My company has a class C network 192.168.0.x and using AD with DHCP. Only
5% available and need to think of something quick. I read some articles
about segmenting 2 with a router 192.168.0.x /192.168.1.x
Click to expand...
255.255.255.0
and
this should work. I'm sorta new to this and the only problem with this is
that we have a remote facility that already has a segment of 192.168.1.x
through a dedicated T1 using 2 cisco routers.
Click to expand...

Then use a range that is not in use,...there are still 254 of them left.
And they don't have to be sequential, although it is nice if the are,...it
can simplify routing.

The remote site is using the
cisco dhcp from the router to assign the 192.168.1.x IP's. Is it
Click to expand...
possible
to
have another subnet while keeping my scope the same? maybe my HQ would have 2
physical segmets with 192.168.0.x / 192.168.2.x ? since my remote site
already have 192.168.1.x.
Click to expand...

You just add a new *regular* Scope to the DHCP (No Superscopes!) for the new
segment you want to add. The LAN Router that you will use between this new
segment and the original segment will have to be configured to forward the
DHCP Queries from the hosts to the DHCP Server. That is all there is to it.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
Click to expand...
Click to expand...
 
K

Kurt

Dell has some really nice Layer-3 switches in their powerconnect line that
are bargain-priced. A client recently bought one, brand new from Dell, on
sale for under $1000. This was a 24 port 10/100/1000 + 2 1000TX/SX combo
ports. I believe it could handle 4096 VLANs + router interfaces. If speed is
a concern, a layer-3 switch is the way to go. It'll route packets just as
fast as it can switch them. And it'll let you build that gigabit backbone
that Phillip was speaking of. You'd be hard pressed to exhaust a gigabit
backbone's capacity. My commercial metro-rings run on gigabit backbones,
carry traffic all around town and from the next town, and run in single
digit utilization percentages 20 out of 24 hours a day! I've never seen it
hit 20% capacity (and I graph it 24/7).

Now to another point about number of hosts per subnet. If it's all on one
wire, having subnets won't prevent broadcasts. Unless you contain the
broadcasts to wired segments or VLANs, a broadcast is a broadcast (as far as
network utilization goes). Now the computers will only process broadcasts
within their own subnet (the broadcast address of the 192.168.0/24 net is
different than the 192.168.1/24 net). But all _Ethernet_ broadcasts will
still hit every port and every device. If you VLAN it off, all broadcasts
will only hit ports that are members of that VLAN (or trunks), but will
still be propogated to the backbone. So unless you have a physical network
infrastructure designed to contain broadcasts, subnetting may not help all
that much.

....kurt

Phillip Windell said:
chris said:
Thanks for all the response and its been very helpful. So all I need to do
is purchase 2 lan router and set it to forward DHCP queries and create
another scope on my DHCP server with 192.168.3.x? Its very similar to my
remote office setup with 192.168.1.x.
Click to expand...

The number of routers would be determined by the number of segments and
the
number of physical Ethernet ports on the router (not counting VLAN
capability). I use an HP 5304xl which is a combination Switch and Router
in
the same device. It has the capability to run 256 different subnets with
just the one router and can have 192 physical Ethernet ports on it. But
we
have about $10,000 wrapped up in that thing.
Do you have any suggestion of what product I should get? My network
currently consist of 3com and cisco. Thanks again for all of your inputs..
its greatly appreciated.
Click to expand...

I have no specific suggestion,..but if you find one that has enough
Ethernet
ports you can do it with only one router. Some are modular and have
modules
that can be added to give them more ports. You don't have to "shoot for
the
moon" with it,...just get what it takes to do the job. Many of the more
advance Switches out there are Layer3 Switches, which is just a Switch and
Router built into the same "box",...that is probably the cheapest way to
go
since not only will it work as a router, but it works as a switch at the
same time.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------


Phillip Windell said:
My company has a class C network 192.168.0.x and using AD with DHCP.
Only
5% available and need to think of something quick. I read some articles
about segmenting 2 with a router 192.168.0.x /192.168.1.x 255.255.255.0
and
this should work. I'm sorta new to this and the only problem with this is
that we have a remote facility that already has a segment of 192.168.1.x
through a dedicated T1 using 2 cisco routers.

Then use a range that is not in use,...there are still 254 of them
left.
And they don't have to be sequential, although it is nice if the are,...it
can simplify routing.

The remote site is using the
cisco dhcp from the router to assign the 192.168.1.x IP's. Is it possible
to
have another subnet while keeping my scope the same? maybe my HQ
would
have 2
physical segmets with 192.168.0.x / 192.168.2.x ? since my remote
site
already have 192.168.1.x.

You just add a new *regular* Scope to the DHCP (No Superscopes!) for
the new
segment you want to add. The LAN Router that you will use between this new
segment and the original segment will have to be configured to forward the
DHCP Queries from the hosts to the DHCP Server. That is all there is
to it.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

what happens when a subnet mask doesn't match up 8
DHCP issue 1
Logical routing within physical network segment!! PLEASE HELP GIVING ADVICES!! 7
Running DHCP over WAN T1 4
1 DHCP and 2 subnet scope ? 2
Need Help on Wake on LAN? 1
Remote vpn 5
DHCP Server 4

Top