Does my network have a bear pit?

About 5 months ago we had a network engineering consultant totally redo our
entire company network from the ground up, and since then I've noticed that
one specific address, 192.168.6.255 seems like a bear pit for anyone who gets
it. They can get the IP, everything looks right, and you can ping them. But
they can't reach any network services or the internet. Our DHCP range is
192.168.6.200 - 7.255 with a subnet mask of 255.255.254.0. I'm not nearly as
educated in TCP/IP as an engineer would be, but it seems to me there
shouldn't be a dead spot at 6.255.

Can anyone shed some light on why this might be happening?

"Phydeux" <(E-Mail Removed)> wrote in message
news:A4AE658D-43D7-4037-9971-(E-Mail Removed)...
> About 5 months ago we had a network engineering consultant totally redo our
> entire company network from the ground up, and since then I've noticed that
> one specific address, 192.168.6.255 seems like a bear pit for anyone who gets
> it. They can get the IP, everything looks right, and you can ping them. But
> they can't reach any network services or the internet. Our DHCP range is
> 192.168.6.200 - 7.255 with a subnet mask of 255.255.254.0. I'm not nearly as
> educated in TCP/IP as an engineer would be, but it seems to me there
> shouldn't be a dead spot at 6.255.
>
> Can anyone shed some light on why this might be happening?

Make sure an incorrect mask isn't being used somewhere. A /24bit mask will
treat the address as a broadcast address. You shouldn't be using that subnet
scheme anyway.

You shouldn't have IP Segment with more than 250-300 hosts. In other words you
should not be running a /23 bit mask. You should be running a /24 bit mask and
if there are more than 254 total hosts then you should run two IP Segments
(/24bit mask, 254 hosts each) with a router between them. The consultant should
have been smart enough to do this since he had to best rare opportunity that
could ever be given someone,...rebuilding a network from the ground up. A lot
of people would kill for an opportunity like that,..and hopefully they wouldn't
blow it.

The [correct] purpose of a 23 bit mask is to supernet two IP segments together
for routing purposes with the intent of splitting them back apart further down
the line with another router.

Here's an example:
<subnet 1> /24bit
|
[Router1]
|
<subnet2> /24bit
|
[Router2]
/ \
/ \
<subnet3> <subnet4> both /24bit

The supernetted route on Rotuer1 would look like:
192.168.6.0 mask 255.255.254.0 <Router2 IP# on Subnet2>

In this example Router1 would have a single route that "supernets" subnet3 and
subnet4 into a single "route". Once it gets to Router2, the Router2 separates
them into two separate /24 bit-254host IP subnets.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------

Ok, I followed you up to "/24 bit mask" and you lost me. I don't understand
subnetting very well, but I kinda follow what you mean by .255 being seen as
a broadcast address. So if I understand you correctly, the 6.200-255 range
should be on a separate subnet from the 7.X range and then routed together?

Unfortunately I don't believe we have the routers required to do that, just
managed switches. And at this point they've probably laid out all the IT
dollars they really want to for the time being. Perhaps I can talk my CIO
into backing the 6.X exclusion range down a bit. I don't see why we need 199
addresses reserved for static devices. Either that or I may see if we can
just exclude 6.255 from the pool.

Any other suggestions?

"Phillip Windell" wrote:

> "Phydeux" <(E-Mail Removed)> wrote in message
> news:A4AE658D-43D7-4037-9971-(E-Mail Removed)...
> > About 5 months ago we had a network engineering consultant totally redo our
> > entire company network from the ground up, and since then I've noticed that
> > one specific address, 192.168.6.255 seems like a bear pit for anyone who gets
> > it. They can get the IP, everything looks right, and you can ping them. But
> > they can't reach any network services or the internet. Our DHCP range is
> > 192.168.6.200 - 7.255 with a subnet mask of 255.255.254.0. I'm not nearly as
> > educated in TCP/IP as an engineer would be, but it seems to me there
> > shouldn't be a dead spot at 6.255.
> >
> > Can anyone shed some light on why this might be happening?
>
> Make sure an incorrect mask isn't being used somewhere. A /24bit mask will
> treat the address as a broadcast address. You shouldn't be using that subnet
> scheme anyway.
>
> You shouldn't have IP Segment with more than 250-300 hosts. In other words you
> should not be running a /23 bit mask. You should be running a /24 bit mask and
> if there are more than 254 total hosts then you should run two IP Segments
> (/24bit mask, 254 hosts each) with a router between them. The consultant should
> have been smart enough to do this since he had to best rare opportunity that
> could ever be given someone,...rebuilding a network from the ground up. A lot
> of people would kill for an opportunity like that,..and hopefully they wouldn't
> blow it.
>
> The [correct] purpose of a 23 bit mask is to supernet two IP segments together
> for routing purposes with the intent of splitting them back apart further down
> the line with another router.
>
> Here's an example:
> <subnet 1> /24bit
> |
> [Router1]
> |
> <subnet2> /24bit
> |
> [Router2]
> / \
> / \
> <subnet3> <subnet4> both /24bit
>
> The supernetted route on Rotuer1 would look like:
> 192.168.6.0 mask 255.255.254.0 <Router2 IP# on Subnet2>
>
> In this example Router1 would have a single route that "supernets" subnet3 and
> subnet4 into a single "route". Once it gets to Router2, the Router2 separates
> them into two separate /24 bit-254host IP subnets.
>
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft, or
> anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
>

"Phydeux" <(E-Mail Removed)> wrote in message
news:1D049BA9-D184-4053-89DD-(E-Mail Removed)...
> a broadcast address. So if I understand you correctly, the 6.200-255 range
> should be on a separate subnet from the 7.X range and then routed together?

Um,..no,..yes,..no,..well, it just isn't that simple

> Unfortunately I don't believe we have the routers required to do that, just
> managed switches.

About any switch that is produced that cost more than $100 is managed. All that
means it that is has some kind of firmaware on it with some mean to connect to
it (telnet, serial port, web browser). However some of them are called Layer3
Switches because they have an actual LAN Router built into the same hardware.
In such a case it will act as the LAN router.

> And at this point they've probably laid out all the IT
> dollars they really want to for the time being. Perhaps I can talk my CIO
> into backing the 6.X exclusion range down a bit. I don't see why we need 199
> addresses reserved for static devices. Either that or I may see if we can
> just exclude 6.255 from the pool.
>
> Any other suggestions?

Before we chase problems that don't exist yet,....how many hosts are on the
LAN,..total. I don't care what address they use,...just how many addresses are
actually litterally used by a device?


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------

Roughly 140 hosts, including servers, workstations, printers, switches, and
print servers. And we usually have no more than a dozen guest wireless users
at a time. Though I think they were trying to build in room for growth later.

As for switches, we use a series of Intel 510T switches, some with a fiber
uplink, and an Intel fiber router.


"Phillip Windell" wrote:

> "Phydeux" <(E-Mail Removed)> wrote in message
> news:1D049BA9-D184-4053-89DD-(E-Mail Removed)...
> > a broadcast address. So if I understand you correctly, the 6.200-255 range
> > should be on a separate subnet from the 7.X range and then routed together?
>
> Um,..no,..yes,..no,..well, it just isn't that simple
>
> > Unfortunately I don't believe we have the routers required to do that, just
> > managed switches.
>
> About any switch that is produced that cost more than $100 is managed. All that
> means it that is has some kind of firmaware on it with some mean to connect to
> it (telnet, serial port, web browser). However some of them are called Layer3
> Switches because they have an actual LAN Router built into the same hardware.
> In such a case it will act as the LAN router.
>
> > And at this point they've probably laid out all the IT
> > dollars they really want to for the time being. Perhaps I can talk my CIO
> > into backing the 6.X exclusion range down a bit. I don't see why we need 199
> > addresses reserved for static devices. Either that or I may see if we can
> > just exclude 6.255 from the pool.
> >
> > Any other suggestions?
>
> Before we chase problems that don't exist yet,....how many hosts are on the
> LAN,..total. I don't care what address they use,...just how many addresses are
> actually litterally used by a device?
>
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft, or
> anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
>

"Phydeux" <(E-Mail Removed)> wrote in message
news:B4D7FC49-8CBA-4E4D-9662-(E-Mail Removed)...
> Roughly 140 hosts, including servers, workstations, printers, switches, and
> print servers. And we usually have no more than a dozen guest wireless users
> at a time. Though I think they were trying to build in room for growth later.
>
> As for switches, we use a series of Intel 510T switches, some with a fiber
> uplink, and an Intel fiber router.

Oh, heck,...with only just 140 hosts all you have to do is make sure that none
of them use a number higher than 192.168.6.254,...if there are then change them.
You can adjust the Exclusions in the existing Scope to block out anything higher
than 192.168.6.254 and leave it for a couple days and it will allow the DHCP
clients to adjust gracefully. Then manually change the "static"
machines/devices to a number below 192.168.6.254 if you have to. Anything
already below that number you won't have to touch.

....Then after giving it a a few days for the DHCP Clients to gracefully
adjust...
You can't change the Mask on an existing Scope so you will have to delete and
recreate the DHCP Scope using:

192.168.6.1 -- 192.168.6.254
Mask 255.255.255.0
<then whatever other specs, exclusions, reservations, etc>
This will solve your mystery behavior with that address as well.

When you finally hit over 200 Hosts then build in a router and new segment into
the LAN with 192.168.7.x/24 and you will get another 254 hosts. Your Fiber
Router *may* be able to serve as the LAN,...I don't know,..I don't know anything
about that device and how you have the topology designed.

I understand wanting room for growth, but the way it was done isn't the way to
approach it. All that does is build "future problems" into the system and get
you into a situation where it gets harder to fix the longer it goes and the more
machines that get added.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------

Thanks, I've passed along your notes to my CIO. Hopefully he'll consider
moving our exclusions from 200 to 100 IPs.



"Phillip Windell" wrote:

> "Phydeux" <(E-Mail Removed)> wrote in message
> news:B4D7FC49-8CBA-4E4D-9662-(E-Mail Removed)...
> > Roughly 140 hosts, including servers, workstations, printers, switches, and
> > print servers. And we usually have no more than a dozen guest wireless users
> > at a time. Though I think they were trying to build in room for growth later.
> >
> > As for switches, we use a series of Intel 510T switches, some with a fiber
> > uplink, and an Intel fiber router.
>
> Oh, heck,...with only just 140 hosts all you have to do is make sure that none
> of them use a number higher than 192.168.6.254,...if there are then change them.
> You can adjust the Exclusions in the existing Scope to block out anything higher
> than 192.168.6.254 and leave it for a couple days and it will allow the DHCP
> clients to adjust gracefully. Then manually change the "static"
> machines/devices to a number below 192.168.6.254 if you have to. Anything
> already below that number you won't have to touch.
>
> ....Then after giving it a a few days for the DHCP Clients to gracefully
> adjust...
> You can't change the Mask on an existing Scope so you will have to delete and
> recreate the DHCP Scope using:
>
> 192.168.6.1 -- 192.168.6.254
> Mask 255.255.255.0
> <then whatever other specs, exclusions, reservations, etc>
> This will solve your mystery behavior with that address as well.
>
> When you finally hit over 200 Hosts then build in a router and new segment into
> the LAN with 192.168.7.x/24 and you will get another 254 hosts. Your Fiber
> Router *may* be able to serve as the LAN,...I don't know,..I don't know anything
> about that device and how you have the topology designed.
>
> I understand wanting room for growth, but the way it was done isn't the way to
> approach it. All that does is build "future problems" into the system and get
> you into a situation where it gets harder to fix the longer it goes and the more
> machines that get added.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft, or
> anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
>

"Phydeux" <(E-Mail Removed)> wrote in message
news9B91881-F802-4A2E-AE26-(E-Mail Removed)...
> Thanks, I've passed along your notes to my CIO. Hopefully he'll consider
> moving our exclusions from 200 to 100 IPs.

???
The Exclusiong Range you would add would be:
192.168.6.255 through 192.168.7.254

Leave it for several days until there aren't anymore active leases within that
range. If you have trouble getting some to fresh to a lower number then reboot
the involved client and it will be forced to get a lower IP#.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------