Add new subnet to DHCP? Possible Problems?

We currently have the following in our sites and directories as subnets
on our network. We are running out of space on the .1 subnet. DHCP is
setup to only issue address from this subnet (several different scopes
and exclusions but all from this subnet). I have inherited this and
don't know why these addresses were picked, but

1. can I simply add a scope of .2.1 - .2.128 to give us more room for
client PCs.
2. Is there any other MS/AD that needs to be updated, such as DNS
3. how does this affect group policies? Can users from different
subnets be on the same policy?

Also I am sure that the router needs to be checked to ensure that it is
setup to route these addresses, but I will reserve that for another
topic and after I have had a chance to check it out.

192.168.1.0
192.168.2.0
192.168.20.0
192.168.30.0

First your DHCP should use one scope for a whole subnet. There is no reason
to have multiple scopes doing 1 piece of the subnet each. The Scope should
use the entire subnet range and then use Exclusions to limit the range down
to what you actually want to be dynamically given out.

If you are running out of addresses then add a LAN router to the LAN and
build another IP Segment. Create a Scope for it on the existing DHCP Server
and set the LAN Router to forward the DHCP Queries from the new segment to
the DHCP Server.
All done,...that is all there is to that,...no voodoo,...no magic tricks.

I don't recommend making the existing subnet bigger than 254 Host. Ethernet
begins to become in ineffiecient when you get above 250-300 host,...so stay
with a 24 bit mask segment (254 hosts).

You should go with a high number on the new segment such as ".52" (consider
changing the current one in the future). The lower ones .0 thru .10 (or
so) are heavily over-used and if you use VPN in the future you *will* run
into address conflicts (like users VPN'ing from Hotels using .0, .1, .2,
etc.).

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com



<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> We currently have the following in our sites and directories as subnets
> on our network. We are running out of space on the .1 subnet. DHCP is
> setup to only issue address from this subnet (several different scopes
> and exclusions but all from this subnet). I have inherited this and
> don't know why these addresses were picked, but
>
> 1. can I simply add a scope of .2.1 - .2.128 to give us more room for
> client PCs.
> 2. Is there any other MS/AD that needs to be updated, such as DNS
> 3. how does this affect group policies? Can users from different
> subnets be on the same policy?
>
> Also I am sure that the router needs to be checked to ensure that it is
> setup to route these addresses, but I will reserve that for another
> topic and after I have had a chance to check it out.
>
> 192.168.1.0
> 192.168.2.0
> 192.168.20.0
> 192.168.30.0
>

Phillip Windell wrote:
> First your DHCP should use one scope for a whole subnet. There is no reason
> to have multiple scopes doing 1 piece of the subnet each. The Scope should
> use the entire subnet range and then use Exclusions to limit the range down
> to what you actually want to be dynamically given out.

I am not sure why it was setup this way, but I do plan to correct it.

> If you are running out of addresses then add a LAN router to the LAN and
> build another IP Segment. Create a Scope for it on the existing DHCP Server
> and set the LAN Router to forward the DHCP Queries from the new segment to
> the DHCP Server.
> All done,...that is all there is to that,...no voodoo,...no magic tricks.

I think I understand where you are going with adding the router, and
that is in the works when we add another buiding to our network in a
few months, but for now we are down to 3 dhcp address and I just wanted
to know if there was a quick, probably short term, way to add
addresses. Such as simply adding another scope in a different subnet.
But does another subnet require a router?

> I don't recommend making the existing subnet bigger than 254 Host. Ethernet
> begins to become in ineffiecient when you get above 250-300 host,...so stay
> with a 24 bit mask segment (254 hosts).

Thanks for the info, I had thought about trying to supernet, but I knew
there had to be an easier/better way.

> You should go with a high number on the new segment such as ".52" (consider
> changing the current one in the future). The lower ones .0 thru .10 (or
> so) are heavily over-used and if you use VPN in the future you *will* run
> into address conflicts (like users VPN'ing from Hotels using .0, .1, .2,
> etc.).

I have already discussed this with my boss. We are planning on
changing this over the next few months.

> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com

"trading_jacks" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...

> I think I understand where you are going with adding the router, and
> that is in the works when we add another buiding to our network in a
> few months, but for now we are down to 3 dhcp address and I just wanted
> to know if there was a quick, probably short term, way to add
> addresses.

No. Nothing that won't "add to the mess" and make it even more difficult to
correct later. Simple, straight-forward, logical designs should always be
the goal.

> Such as simply adding another scope in a different subnet.
> But does another subnet require a router?

Yes, but you can build a temporary router out of an old Linux box or old NT4
workstation box if you have to. NT4 workstation would be the easiest to work
with.

When you do buy a router for the future project, buy a Layer3 Switch,...they
are a switch and router build into the same box and they can handle "gobs"
of interfaces (subnets) while a traditional router may only have 4 (or so)
interfaces

> > I don't recommend making the existing subnet bigger than 254 Host.
Ethernet
> > begins to become in ineffiecient when you get above 250-300 host,...so
stay
> > with a 24 bit mask segment (254 hosts).
>
> Thanks for the info, I had thought about trying to supernet, but I knew
> there had to be an easier/better way.

That would have been "multi-netting". Yes, that is a valid method,...yes
there is always a better way than that,...multi-netting is Evil.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

>
> > Such as simply adding another scope in a different subnet.
> > But does another subnet require a router?
>
> Yes, but you can build a temporary router out of an old Linux box or old NT4
> workstation box if you have to. NT4 workstation would be the easiest to work
> with.
>

Do you have any good sites with good instructions on how to accomplish
this in either NT4 or a common distribution of linux?

And thanks for all your help!

"trading_jacks" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> > Yes, but you can build a temporary router out of an old Linux box or old
NT4
> > workstation box if you have to. NT4 workstation would be the easiest to
work
> > with.
> >
>
> Do you have any good sites with good instructions on how to accomplish
> this in either NT4 or a common distribution of linux?

No, but it isn't hard.
(can't help with linux, but the priciples are the same)

With NT4 you:
1. Have a nic in the machine for each IP Segment,..properly addressed
2. Go into the Properties of Net'Hood
3. Properties of TCP/IP
4. On the Routing Tab enable the checkbox that says "IP Forwarding",
...whala!,...instant router.
5. On the DHCP Relay Tab add the IP#(s) of your DHCP Server(s).

On the DHCP Server:
Create a *normal*, separate, distinct, fully configured Scope for each
IP Segment

Routing Scheme
1. All LAN Hosts point to the LAN Router as the Default Gateway, using
the proper IP of the interface that "faces" their Segment
2. The LAN Router uses the Firewall Device as the Default Gateway
(assuming you use a traditional NAT device)
3. The Internet NAT Device must have "static routes" added that tell it
to use the LAN Router as the path for all the internal LAN Segments. It
needs that to know how to find it's way back to the client making the
initial internet request.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com