resubnetting

I'm almost out of IP's 87% so I need to plan for expansion to allow about
50 more ip's.
If I resubnet I will have to redo the IP setup for all static IP's,
including the mask.
what would be the sequence to do this?
DHCP server
Router
all other servers
Access points
Printers

Last, let's say my current scope is 192.168.0.60 192.168.0.255 mask 255 255
255.0
What should the new scope look like in order to increase IP's?

Note all devices below 192.168.0.60 are static IP's.

IP Segments should not be larger than the normal /24 mask creates which is
254 Hosts.

If you need more hosts, add a LAN Router, add a new IP Segment of 254 Hosts
which give you a total of 508 Hosts.

There will be no changes to the existing Segment,...life will go on as
normal.

Ethernet begins to degrades at around 250-300 Host. It is of course less
noticeable with a full Gigabit LAN but the degradation still exists. A /24
bit mask gives you 254 Hosts which is the perfect size,...keep it at that.

When adding a new segment,...on the DHCP you simply create a new normal
Scope for it (no Superscopes!). That's it,..done there. Then on the LAN
Router just configure it to forward DHCP Queries to the DHCP Server.

After finished you can move whatever machines you want to the new Segment at
your leisure.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/p...s/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/e...epartners.mspx
-----------------------------------------------------

"Will Sellers" <(E-Mail Removed)> wrote in message
news:uNW5k.2347$ul.478@trndny08...
> I'm almost out of IP's 87% so I need to plan for expansion to allow about
> 50 more ip's.
> If I resubnet I will have to redo the IP setup for all static IP's,
> including the mask.
> what would be the sequence to do this?
> DHCP server
> Router
> all other servers
> Access points
> Printers
>
> Last, let's say my current scope is 192.168.0.60 192.168.0.255 mask 255
> 255 255.0
> What should the new scope look like in order to increase IP's?
>
> Note all devices below 192.168.0.60 are static IP's.
>
>

For the sake of simplicity... we have a 48 port switch
connected to the switch is our DHCP server 1 nic card
and a dual band T1 router to the Internet.
What I am trying to understand is where the LAN Router is plugged in.
If I add a new IP segment say 198.168.1.0, will my mask need to be changed?
So if I follow your advice, will the DHCP issue IP's on the new segment as
needed?


"Phillip Windell" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> IP Segments should not be larger than the normal /24 mask creates which is
> 254 Hosts.
>
> If you need more hosts, add a LAN Router, add a new IP Segment of 254
> Hosts which give you a total of 508 Hosts.
>
> There will be no changes to the existing Segment,...life will go on as
> normal.
>
> Ethernet begins to degrades at around 250-300 Host. It is of course less
> noticeable with a full Gigabit LAN but the degradation still exists. A
> /24 bit mask gives you 254 Hosts which is the perfect size,...keep it at
> that.
>
> When adding a new segment,...on the DHCP you simply create a new normal
> Scope for it (no Superscopes!). That's it,..done there. Then on the LAN
> Router just configure it to forward DHCP Queries to the DHCP Server.
>
> After finished you can move whatever machines you want to the new Segment
> at your leisure.
>
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or
> Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Troubleshooting Client Authentication on Access Rules in ISA Server 2004
> http://download.microsoft.com/downlo...7/ts_rules.doc
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/p...s/default.mspx
>
> Microsoft ISA Server Partners: Partner Hardware Solutions
> http://www.microsoft.com/forefront/e...epartners.mspx
> -----------------------------------------------------
>
> "Will Sellers" <(E-Mail Removed)> wrote in message
> news:uNW5k.2347$ul.478@trndny08...
>> I'm almost out of IP's 87% so I need to plan for expansion to allow
>> about 50 more ip's.
>> If I resubnet I will have to redo the IP setup for all static IP's,
>> including the mask.
>> what would be the sequence to do this?
>> DHCP server
>> Router
>> all other servers
>> Access points
>> Printers
>>
>> Last, let's say my current scope is 192.168.0.60 192.168.0.255 mask 255
>> 255 255.0
>> What should the new scope look like in order to increase IP's?
>>
>> Note all devices below 192.168.0.60 are static IP's.
>>
>>
>
>

"Will Sellers" <(E-Mail Removed)> wrote in message
news:ZQg6k.2440$ul.663@trndny08...
> For the sake of simplicity...

I'm afraid there is no simplicity with this stuff,...it can get complicated.
If you have less than 240 hosts I would not even mess with this unless I
knew for a fact that I would grow beyond 254 hosts. I have done it
needlessly in the past and even broken down the new segment into even more
smaller pieces,....and it just wasn't worth the trouble,...but is even more
trouble to "undo". So I have had to leave it that way.

> we have a 48 port switch
> connected to the switch is our DHCP server 1 nic card
> and a dual band T1 router to the Internet.

What about the Firewall? Something has to be NATing your LAN Addresses.
The T1 Routers tend to just be just simple (no-NAT) routers running on
Public IP#s,...the Firewall sits between them and the LAN.

> What I am trying to understand is where the LAN Router is plugged in.
> If I add a new IP segment say 198.168.1.0, will my mask need to be
> changed?
> So if I follow your advice, will the DHCP issue IP's on the new segment as
> needed?

To clairfy, nothing will involve the T1 router. The LAN Router is something
that you will have to buy/add.

One interface on the LAN Router gets an IP for the existing LAN segment
(just pick a number) and it will plug into one of your existing LAN Switches
(doesn't matter where).

The opposite Ethernet Interface will get an IP# from a completely new IP
Segment (avoid low numbers like "1" or "0" in the third octet). The router
interface will plug into a new Switch that you will have to buy/add unless
you are familar with VLANs and can split up an existing Switch into
segments. I would discourage the use of VLANs unless you are really familar
with doing this stuff, in which case you probably would never have had to
post to this group in the first place.

Now this new LAN Router will become the new Default Gateway for the entire
LAN (all segments that it touches). The Default Gateway of the Router
itself will be the Firewall NAT Device.

The Firewall NAT Device will need two things:
1. A Static Route that tells it to use the LAN Router to reach the new
Segment on the opposite side.
2. It will need the IP Range of all (both?) of the LAN Segments added to the
Local Address Table so that it properly interprets those addresses as
originating from the LAN and not the Internet

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

Thanks for the informative response.
I still like your lan router approach since this config will go away in a
year.
Our new replacement network will include layer 3 switches.
I do understand your comment about the 254 hosts. un fortunately we will
exceed that when we add a new grade level at our school.
We currently have 25-27 IP's available. unfortunately many of our laptop
users consume two IP's because they don't turn off their wireless when
plugged into the network. Asking teachers to be cognizant of this is an
exercise in futility.


"Phillip Windell" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "Will Sellers" <(E-Mail Removed)> wrote in message
> news:ZQg6k.2440$ul.663@trndny08...
>> For the sake of simplicity...
>
> I'm afraid there is no simplicity with this stuff,...it can get
> complicated. If you have less than 240 hosts I would not even mess with
> this unless I knew for a fact that I would grow beyond 254 hosts. I have
> done it needlessly in the past and even broken down the new segment into
> even more smaller pieces,....and it just wasn't worth the trouble,...but
> is even more trouble to "undo". So I have had to leave it that way.
>
>> we have a 48 port switch
>> connected to the switch is our DHCP server 1 nic card
>> and a dual band T1 router to the Internet.
>
> What about the Firewall? Something has to be NATing your LAN Addresses.
> The T1 Routers tend to just be just simple (no-NAT) routers running on
> Public IP#s,...the Firewall sits between them and the LAN.
>
>> What I am trying to understand is where the LAN Router is plugged in.
>> If I add a new IP segment say 198.168.1.0, will my mask need to be
>> changed?
>> So if I follow your advice, will the DHCP issue IP's on the new segment
>> as needed?
>
> To clairfy, nothing will involve the T1 router. The LAN Router is
> something that you will have to buy/add.
>
> One interface on the LAN Router gets an IP for the existing LAN segment
> (just pick a number) and it will plug into one of your existing LAN
> Switches (doesn't matter where).
>
> The opposite Ethernet Interface will get an IP# from a completely new IP
> Segment (avoid low numbers like "1" or "0" in the third octet). The
> router interface will plug into a new Switch that you will have to buy/add
> unless you are familar with VLANs and can split up an existing Switch into
> segments. I would discourage the use of VLANs unless you are really
> familar with doing this stuff, in which case you probably would never have
> had to post to this group in the first place.
>
> Now this new LAN Router will become the new Default Gateway for the entire
> LAN (all segments that it touches). The Default Gateway of the Router
> itself will be the Firewall NAT Device.
>
> The Firewall NAT Device will need two things:
> 1. A Static Route that tells it to use the LAN Router to reach the new
> Segment on the opposite side.
> 2. It will need the IP Range of all (both?) of the LAN Segments added to
> the Local Address Table so that it properly interprets those addresses as
> originating from the LAN and not the Internet
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or
> Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>

"Will Sellers" <(E-Mail Removed)> wrote in message
news:XbC6k.12700$1x.9435@trndny06...
> Thanks for the informative response.
> I still like your lan router approach since this config will go away in a
> year.
> Our new replacement network will include layer 3 switches.
> I do understand your comment about the 254 hosts. un fortunately we will
> exceed that when we add a new grade level at our school.

Create the new LAN segment as I described. Have it ready and functioning. It
doesn't matter if nothing is using it yet.

You only need one Layer3 Switch,..the rest of the switches that connect with
it only need to be Layer2. The Layer3 switch simply replaces one router and
one switch with a single unit,...you wouldn't need LAN Routers around every
corner so for the same reason you don't need Layer3 switches around every
corner,...you simply put one where the LAN Router would have been.

> We currently have 25-27 IP's available. unfortunately many of our laptop
> users consume two IP's because they don't turn off their wireless when
> plugged into the network. Asking teachers to be cognizant of this is an
> exercise in futility.

Then tell them to not plug into the wired system. That should be simple
enough for them to understand. They *will* have connectivity problems by
having two nics in the same machine on the same subnet. A host should only
be identified by a single IP# per subnet,...and preferably not more than one
subnet in 95% of the cases.

You only other option there is to ad yet more subnets and have all the WAPs
on dedicated subnets so that none of the wireless connections are the same
subnet as any of the wired ones. However then the machines will have two
Default Gateways if they connect to both at once and that is a disaster as
well,...SO,...

.....you will just have to be more persistant in educating the educators who
are supposed to be smart enough to educate others :-)


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


>
> "Phillip Windell" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> "Will Sellers" <(E-Mail Removed)> wrote in message
>> news:ZQg6k.2440$ul.663@trndny08...
>>> For the sake of simplicity...
>>
>> I'm afraid there is no simplicity with this stuff,...it can get
>> complicated. If you have less than 240 hosts I would not even mess with
>> this unless I knew for a fact that I would grow beyond 254 hosts. I have
>> done it needlessly in the past and even broken down the new segment into
>> even more smaller pieces,....and it just wasn't worth the trouble,...but
>> is even more trouble to "undo". So I have had to leave it that way.
>>
>>> we have a 48 port switch
>>> connected to the switch is our DHCP server 1 nic card
>>> and a dual band T1 router to the Internet.
>>
>> What about the Firewall? Something has to be NATing your LAN Addresses.
>> The T1 Routers tend to just be just simple (no-NAT) routers running on
>> Public IP#s,...the Firewall sits between them and the LAN.
>>
>>> What I am trying to understand is where the LAN Router is plugged in.
>>> If I add a new IP segment say 198.168.1.0, will my mask need to be
>>> changed?
>>> So if I follow your advice, will the DHCP issue IP's on the new segment
>>> as needed?
>>
>> To clairfy, nothing will involve the T1 router. The LAN Router is
>> something that you will have to buy/add.
>>
>> One interface on the LAN Router gets an IP for the existing LAN segment
>> (just pick a number) and it will plug into one of your existing LAN
>> Switches (doesn't matter where).
>>
>> The opposite Ethernet Interface will get an IP# from a completely new IP
>> Segment (avoid low numbers like "1" or "0" in the third octet). The
>> router interface will plug into a new Switch that you will have to
>> buy/add unless you are familar with VLANs and can split up an existing
>> Switch into segments. I would discourage the use of VLANs unless you are
>> really familar with doing this stuff, in which case you probably would
>> never have had to post to this group in the first place.
>>
>> Now this new LAN Router will become the new Default Gateway for the
>> entire LAN (all segments that it touches). The Default Gateway of the
>> Router itself will be the Firewall NAT Device.
>>
>> The Firewall NAT Device will need two things:
>> 1. A Static Route that tells it to use the LAN Router to reach the new
>> Segment on the opposite side.
>> 2. It will need the IP Range of all (both?) of the LAN Segments added to
>> the Local Address Table so that it properly interprets those addresses as
>> originating from the LAN and not the Internet
>>
>> --
>> Phillip Windell
>> www.wandtv.com
>>
>> The views expressed, are my own and not those of my employer, or
>> Microsoft,
>> or anyone else associated with me, including my cats.
>> -----------------------------------------------------
>>
>>
>
>