Noob basic network segmenting help

Hi,

I would like to break down the existing network in our building into a
subnet per floor to allow more hosts and more management of traffic

If I put a router on each floor for each new subnet what are the
implications for DHCP, domain controllers, etc? How does a host on one
subnet get a DHCP address in the correct range from a domain controller
on a different subnet?

Can someone point me to some good documentation/suggest methods to look at?

Thanks

"£Jim" <(E-Mail Removed)> wrote in message
news:eUO%(E-Mail Removed)...

> I would like to break down the existing network in our building into a
> subnet per floor to allow more hosts and more management of traffic
>
> If I put a router on each floor for each new subnet what are the
> implications for DHCP, domain controllers, etc? How does a host on one
> subnet get a DHCP address in the correct range from a domain controller on
> a different subnet?

It'd be cheaper to use one Router with enough Interfaces for each segment.

The number of segments should be tied to how many clients you have,...not
how many floors you have,...floors are irrelevant. Do one segment for every
200+/- hosts.

Ethernet begins to degrade around 250-300 hosts,..so keep a simple /24 mask
(255.255.255.0) which gives the perfect size of 254 host.

A good way to have a multi-interface Router is to buy a Layer3 Switch and
group the ports into "interfaces" associated with each segment. Do it as a
"hub and spoke" design with the Switch/Router as the logical "center".

DHCP is a no-brainer. Create a *regular* normal Scope for each subnet. No
superscopes!!! Then configure the DHCP Helper address(s) on the Router so
that the router forwards the DHCP Queries to the DHCP Server. That's
it,...there is nothing else with the DHCP.

Don't know of any documentation. This is just too "typical" for any
documentation to come to mind. It's like asking for documentation to "cross
the street". I think the most complex part for you will be documentation
for whatever Switch/Router you buy,...and that may get a bit complex.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

Phillip Windell wrote:
> "£Jim" <(E-Mail Removed)> wrote in message
> news:eUO%(E-Mail Removed)...
>
>> I would like to break down the existing network in our building into a
>> subnet per floor to allow more hosts and more management of traffic
>>
>> If I put a router on each floor for each new subnet what are the
>> implications for DHCP, domain controllers, etc? How does a host on one
>> subnet get a DHCP address in the correct range from a domain controller on
>> a different subnet?
>
> It'd be cheaper to use one Router with enough Interfaces for each segment.
>
> The number of segments should be tied to how many clients you have,...not
> how many floors you have,...floors are irrelevant. Do one segment for every
> 200+/- hosts.
>
> Ethernet begins to degrade around 250-300 hosts,..so keep a simple /24 mask
> (255.255.255.0) which gives the perfect size of 254 host.
>
> A good way to have a multi-interface Router is to buy a Layer3 Switch and
> group the ports into "interfaces" associated with each segment. Do it as a
> "hub and spoke" design with the Switch/Router as the logical "center".
>
> DHCP is a no-brainer. Create a *regular* normal Scope for each subnet. No
> superscopes!!! Then configure the DHCP Helper address(s) on the Router so
> that the router forwards the DHCP Queries to the DHCP Server. That's
> it,...there is nothing else with the DHCP.
>
> Don't know of any documentation. This is just too "typical" for any
> documentation to come to mind. It's like asking for documentation to "cross
> the street". I think the most complex part for you will be documentation
> for whatever Switch/Router you buy,...and that may get a bit complex.
>
Thanks. Floors is just a convenient way for me to identify hosts quickly
and allow for expansion, but I like the idea of a single L3 switch. Any
recommendation for a management priced box that could do it?

So the DHCP is smart enough to hand out the right subnet addresses then,
that's good.

Bit of a harsh comment on the documentation We all have to learn
somewhere. I'm not averse to reading howstuffworks or dummies...

"£Jim" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>>
> Thanks. Floors is just a convenient way for me to identify hosts quickly
> and allow for expansion, but I like the idea of a single L3 switch. Any
> recommendation for a management priced box that could do it?

I know but you don't "want" the IP#s of the machines to actually "mean"
anything. That is a bad path to walk down. It is easy to create a
subnet,...but it is very difficult to "undo" it after you find it wasn't
such a good idea. I've been-there-done-that and after 6 years I have
never been able to undo it without more work than I am willing to get into.

> So the DHCP is smart enough to hand out the right subnet addresses then,
> that's good.

Yes it is. The real work is done by the router when it forwards the
queries.

> Bit of a harsh comment on the documentation We all have to learn
> somewhere. I'm not averse to reading howstuffworks or dummies...

I wasn't being harsh,..I was being serious. I know of no documentation for
that, short of taking a general "networking class" in a local college. I
have never seen anykind of "how-to" for that because every situation is
different and if you read something that doesn't really apply to the
situation you will make a really big mess.

The best documentation you will find will be the Router's documentation,...
seriously,...what you are asking for is "created" by the router,...the rest
is just plugging the cables into the right switch ports.

There are some common mistakes though. So follow these principles below.
At the risk of sounding harsh :-),...I tend to be very adament about
these,...I am suggesting them for specific reasons,...and it takes a *lot*
for me to change and suggest something different (but sometimes it happens).

1. The LAN Router in a "hub & spoke" layout is the Default Gateway of
*everything* on the LAN except for the Firewall which uses the
Internet
Router as its Default Gateway.

2. The most important thing is the above #1 if you skimmed over that one
:-)
A lot of people want to blow that one off or argue with it.

3. The LAN Router then uses the Firewall for its Default Gateway

4. The firewall product needs two things after #1 thru #3:

A. All the IP Ranges of all the subnets on the LAN need to be added
to the Local Address Table (LAT). Your firewall may have other
names
for that, but it is the same idea. Some "home-user" toy firewalls
are not
capable of doing this because they are strictly designed for a
single-subnet
home network.

B. The firewall needs a Static Route that tells it to use the LAN
Router as
the "gateway" to get to anywhere else on the LAN. Some "home-user"
toy
firewalls are not capable of doing this because they are strictly
designed for
a single-subnet home network.

5. DNS. Well this is even more important than #1,...even though it is
#5. If you
have an Active Directory Domain (who doesn't?) then the AD/DNS
Servers
are the *only* ones that should ever appear in the network setting
of any
Host on the LAN. The ISP's DNS IP#s should never appear on any Host
anywhere,...ever,...not even the Firewall.

6. DNS part-2. Add the ISP's DNS to the Forwarders List within the
sonfig of
the DNS Service runnig on the AD/DNS Servers.

7. DNS part-3. Make sure that the Firewall allows the AD/DNS Server to
make outbound DNS Queries anonymously. Make sure that the Firewalll
allows it *only* for those machines and none others in order to
"weed-out"
machines that may have rogue DNS Settings. You can also limit the
Destination to the specific IP#s of the ISP's DNS.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------