|
tech
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
need more ip'sIn my office, I'm running two physically different DCHP servers; one is handling the range of 192.168.1.1 - 192.168.1.100, the other is handling 192.168.1.101 - 192.168.254. This gives us the full range of 192.168.1.1 - 192.168.1.254, but we are running low on IP's now. We also have two remote plants, that'll I'll refer to as plant 1 and plant 2. We maintain a VPN connection to Plant 1 between two firewalls and they use the range of 192.168.2.x. Same for plant 2, but their IP range is 192.168.3.x. The LAN side of my firewall is set to 192.168.1.1/255.255.255.0. What would be the best solution to give my office network more IP's? If I made a new range of say 192.168.4.x, would they see the devices on the 192.168.1.x subnet and vise versa? All the nodes in my office log into the same domain. What issues will I encounter if I go this route? Thanx, Vinny "Vinny Hahn" <VinnyH***@discussions.microsoft.com> wrote in message 192.168.1.1 -news:60204B21-656C-4E66-A623-3A8836123506@microsoft.com... > Here's my scenario: > In my office, I'm running two physically different DCHP servers; one is > handling the range of 192.168.1.1 - 192.168.1.100, the other is handling > 192.168.1.101 - 192.168.254. This gives us the full range of > 192.168.1.254, but we are running low on IP's now. Well, let's just deal with this part of it and have it setup the way itshould be, so it will be more scalable. The rest you should be able to figure out after that. The "*" are only for emphasis on words, so I'm not "yelling". First configure both DHCP Server with *identical scopes*. Use the *full* IP Range in both Scopes (no Superscopes!). Use Exclusions in the Scopes to adjust which range of addresses each server is allowed to give out. I would also recommend putting both DHCP Servers in the same subnet together so that the LAN's router can easily and conviently relay the DHCP Queries to them. If you need to add another subnet, then just add another Scope for it, indentically on both DHCP Servers while using the Exclusions to control which addresess are given out just as was done with the previous Scopes. The reason the scopes should be identical is so that a DHCP Server does not falsely tell a Client that no such address exist when it really does exist on the other Server. The identical Scope coupled with the Exclusions allows the DHCP to understand that "yes" the address does exist but can't be retrieved here and must be retreived from the other Server. I'm sure there are more esoteric was to describe it, but that is the general idea. As an additional option you could just configure a separate independent DHCP Server for each subnet with the corresponding Scope and place it physcally in the subnet that it "serves". Be sure to turn off any DHCP Relaying in the router. On their own without the router relaying them, the Queries will stay in their own subnet. You say - "If you need to add another subnet, then just add another Scope
for it, indentically on both DHCP Servers while using the Exclusions to control which addresess are given out just as was done with the previous Scopes." This sounds good to me, but will devices assigned IP's in one scope, see the devices on the other? If I have 300 devices in my bulding and they all get IP's, some will be assigned from the 192.168.1.x scope and some from the 192.168.4.x scope, can they all still log into the domain and see all the printers and file servers and so forth no matter which range they're assigned an IP from? I need to make available more IP's and I need to make this transparent to the users. Thank you, Vinny Show quote "Phillip Windell" wrote: > "Vinny Hahn" <VinnyH***@discussions.microsoft.com> wrote in message > news:60204B21-656C-4E66-A623-3A8836123506@microsoft.com... > > Here's my scenario: > > In my office, I'm running two physically different DCHP servers; one is > > handling the range of 192.168.1.1 - 192.168.1.100, the other is handling > > 192.168.1.101 - 192.168.254. This gives us the full range of > 192.168.1.1 - > > 192.168.1.254, but we are running low on IP's now. > > Well, let's just deal with this part of it and have it setup the way it > should be, so it will be more scalable. The rest you should be able to > figure out after that. The "*" are only for emphasis on words, so I'm not > "yelling". > > First configure both DHCP Server with *identical scopes*. Use the *full* IP > Range in both Scopes (no Superscopes!). Use Exclusions in the Scopes to > adjust which range of addresses each server is allowed to give out. I would > also recommend putting both DHCP Servers in the same subnet together so that > the LAN's router can easily and conviently relay the DHCP Queries to them. > > If you need to add another subnet, then just add another Scope for it, > indentically on both DHCP Servers while using the Exclusions to control > which addresess are given out just as was done with the previous Scopes. > > The reason the scopes should be identical is so that a DHCP Server does not > falsely tell a Client that no such address exist when it really does exist > on the other Server. The identical Scope coupled with the Exclusions allows > the DHCP to understand that "yes" the address does exist but can't be > retrieved here and must be retreived from the other Server. I'm sure there > are more esoteric was to describe it, but that is the general idea. > > As an additional option you could just configure a separate independent DHCP > Server for each subnet with the corresponding Scope and place it physcally > in the subnet that it "serves". Be sure to turn off any DHCP Relaying in > the router. On their own without the router relaying them, the Queries will > stay in their own subnet. > > -- > > Phillip Windell [MCP, MVP, CCNA] > www.wandtv.com > > > "Vinny Hahn" <VinnyH***@discussions.microsoft.com> wrote in message Of course,...that's what routers do,... a "real" router that is,..I don'tnews:4EA362DC-3DD8-4D7F-999E-15F7E0F526D2@microsoft.com... > This sounds good to me, but will devices assigned IP's in one scope, see the > devices on the other? > IP's, some will be assigned from the 192.168.1.x scope and some from the > 192.168.4.x scope, can they all still log into the domain and see all the > printers and file servers and so forth no matter which range they're assigned > an IP from? mean some Internet Sharing Device. If you need more address, then create a new subnet using a standard 24bit mask and you will get another 254 host IPs. It requires a router (a "real" router, not an internet sharing device) between the subnets to route between them. The router would be configured to relay the DHCP Queries to the DHCP Server. The router includes the proper infomation in the query so the DHCP Server knows where it came from, and the DHCP is smart enough to know which Scope to get the address from. Thanx Phillip,
I'm going to look into these "routers" you're talking about. I guess my SonicWall wouldn't do the trick? Show quote "Phillip Windell" wrote: > "Vinny Hahn" <VinnyH***@discussions.microsoft.com> wrote in message > news:4EA362DC-3DD8-4D7F-999E-15F7E0F526D2@microsoft.com... > > This sounds good to me, but will devices assigned IP's in one scope, see > the > > devices on the other? > > IP's, some will be assigned from the 192.168.1.x scope and some from the > > 192.168.4.x scope, can they all still log into the domain and see all the > > printers and file servers and so forth no matter which range they're > assigned > > an IP from? > > Of course,...that's what routers do,... a "real" router that is,..I don't > mean some Internet Sharing Device. > > If you need more address, then create a new subnet using a standard 24bit > mask and you will get another 254 host IPs. It requires a router (a "real" > router, not an internet sharing device) between the subnets to route between > them. The router would be configured to relay the DHCP Queries to the DHCP > Server. The router includes the proper infomation in the query so the DHCP > Server knows where it came from, and the DHCP is smart enough to know which > Scope to get the address from. > > -- > > Phillip Windell [MCP, MVP, CCNA] > www.wandtv.com > > > "Vinny Hahn" <VinnyH***@discussions.microsoft.com> wrote in message No that is a "Firewall" not a router. That is an example of the dis-servicenews:1DC23F11-2F61-457C-8E0D-CF59B7B387C3@microsoft.com... > Thanx Phillip, > I'm going to look into these "routers" you're talking about. I guess my > SonicWall wouldn't do the trick? the SOHO market has done to the industry. Because they call thier "Internet sharing Devices" a Router when they are really a Low-end Firewall they have butchered the dictionary and now when some mentions "router" no what knows what they mean by it, because they all wrongly think that a router is some kind of "NAT box" instead of a Layer3 routing device between LAN Segments which is a what a real router really is. Thanx for the clarification Phillip. Does this "true" router have to be a
physical hardware device, or can it be a piece of software installed on the network somewhere? Maybe on one or both of the DHCP servers? Can you give me a good source for these kinds of products? Some brand names that I should look for? I checked a few websites for routers, but all turn up are the usual home network type DSL/Cable routers. Thanx, Vinny Show quote "Phillip Windell" wrote: > "Vinny Hahn" <VinnyH***@discussions.microsoft.com> wrote in message > news:1DC23F11-2F61-457C-8E0D-CF59B7B387C3@microsoft.com... > > Thanx Phillip, > > I'm going to look into these "routers" you're talking about. I guess my > > SonicWall wouldn't do the trick? > > No that is a "Firewall" not a router. That is an example of the dis-service > the SOHO market has done to the industry. Because they call thier "Internet > sharing Devices" a Router when they are really a Low-end Firewall they have > butchered the dictionary and now when some mentions "router" no what knows > what they mean by it, because they all wrongly think that a router is some > kind of "NAT box" instead of a Layer3 routing device between LAN Segments > which is a what a real router really is. > > -- > > Phillip Windell [MCP, MVP, CCNA] > www.wandtv.com > > > It is usually a hardware device, although any "NT" based Windows OS can
function as a router with two or more Nics in the machine. The old NT4 (even Workstation) could work as a router all on its own,...Windows Server2000 and 2003 use the RRAS Service to do it. (works the same for 2003) 299810 - HOW TO: Configure Windows 2000 to Be a Router http://support.microsoft.com/default.aspx?scid=kb;en-us;299810 Show quote "Vinny Hahn" <VinnyH***@discussions.microsoft.com> wrote in message news:E32D78D0-8F15-4312-B755-F5C90805191A@microsoft.com... > Thanx for the clarification Phillip. Does this "true" router have to be a > physical hardware device, or can it be a piece of software installed on the > network somewhere? Maybe on one or both of the DHCP servers? Can you give > me a good source for these kinds of products? Some brand names that I should > look for? I checked a few websites for routers, but all turn up are the > usual home network type DSL/Cable routers. > > Thanx, > Vinny > > "Phillip Windell" wrote: > > > "Vinny Hahn" <VinnyH***@discussions.microsoft.com> wrote in message > > news:1DC23F11-2F61-457C-8E0D-CF59B7B387C3@microsoft.com... > > > Thanx Phillip, > > > I'm going to look into these "routers" you're talking about. I guess my > > > SonicWall wouldn't do the trick? > > > > No that is a "Firewall" not a router. That is an example of the dis-service > > the SOHO market has done to the industry. Because they call thier "Internet > > sharing Devices" a Router when they are really a Low-end Firewall they have > > butchered the dictionary and now when some mentions "router" no what knows > > what they mean by it, because they all wrongly think that a router is some > > kind of "NAT box" instead of a Layer3 routing device between LAN Segments > > which is a what a real router really is. > > > > -- > > > > Phillip Windell [MCP, MVP, CCNA] > > www.wandtv.com > > > > > > Hi Phillip.
The knowledge base link you sent me doesn't work. It looks like Microsoft took the article offline for some reason. I haven't made it work yet but here is what I've done so far: I setup a test server with RRAS. It has two nics. I statically assigned an IP from each subnet to each nic. I tried changing a few settings in the RRAS setup, and tried creating static routes between the two subnets, but nothing works. I'm sure I'm doing something wrong, but I can't find specific info on the internet for this. Does RRAS need to be installed on the DHCP servers themselves? Both of my DCHP servers are DC's, the primary, and a backup. I've read somewhere that it is not a good idea to route using a DC. The test server I am using is neither a DCHP server nor a DC. Also, both nics in this server are plugged into the same switch. Does this matter? I know I'm missing something here but I can't figure it out. Can you give me any advice on what I'm doing wrong and how to make it work? Thanx, Vinny Show quote "Phillip Windell" wrote: > It is usually a hardware device, although any "NT" based Windows OS can > function as a router with two or more Nics in the machine. The old NT4 > (even Workstation) could work as a router all on its own,...Windows > Server2000 and 2003 use the RRAS Service to do it. > > (works the same for 2003) > 299810 - HOW TO: Configure Windows 2000 to Be a Router > http://support.microsoft.com/default.aspx?scid=kb;en-us;299810 > > > -- > > Phillip Windell [MCP, MVP, CCNA] > www.wandtv.com > > > "Vinny Hahn" <VinnyH***@discussions.microsoft.com> wrote in message > news:E32D78D0-8F15-4312-B755-F5C90805191A@microsoft.com... > > Thanx for the clarification Phillip. Does this "true" router have to be a > > physical hardware device, or can it be a piece of software installed on > the > > network somewhere? Maybe on one or both of the DHCP servers? Can you > give > > me a good source for these kinds of products? Some brand names that I > should > > look for? I checked a few websites for routers, but all turn up are the > > usual home network type DSL/Cable routers. > > > > Thanx, > > Vinny > > > > "Phillip Windell" wrote: > > > > > "Vinny Hahn" <VinnyH***@discussions.microsoft.com> wrote in message > > > news:1DC23F11-2F61-457C-8E0D-CF59B7B387C3@microsoft.com... > > > > Thanx Phillip, > > > > I'm going to look into these "routers" you're talking about. I guess > my > > > > SonicWall wouldn't do the trick? > > > > > > No that is a "Firewall" not a router. That is an example of the > dis-service > > > the SOHO market has done to the industry. Because they call thier > "Internet > > > sharing Devices" a Router when they are really a Low-end Firewall they > have > > > butchered the dictionary and now when some mentions "router" no what > knows > > > what they mean by it, because they all wrongly think that a router is > some > > > kind of "NAT box" instead of a Layer3 routing device between LAN > Segments > > > which is a what a real router really is. > > > > > > -- > > > > > > Phillip Windell [MCP, MVP, CCNA] > > > www.wandtv.com > > > > > > > > > > > > "Vinny Hahn" <VinnyH***@discussions.microsoft.com> wrote in message I hate that. I'll check on that later, send a few emails. The article doesnews:9B047C5B-4967-4496-A567-2FD4DBCD6698@microsoft.com... > The knowledge base link you sent me doesn't work. It looks like Microsoft > took the article offline for some reason. appear to be gone. > I setup a test server with RRAS. It has two nics. I statically assigned You don't need static routes for networks that are directly connected to thean > IP from each subnet to each nic. I tried changing a few settings in the RRAS > setup, and tried creating static routes between the two subnets, but nothing > works. I'm sure I'm doing something wrong, but I can't find specific info on > the internet for this. "router" because it already knows about them. Static routes are only for networks that is more than one "hop" away. > Does RRAS need to be installed on the DHCP servers themselves? Both of my That is correct. Do not do that.> DCHP servers are DC's, the primary, and a backup. I've read somewhere that > it is not a good idea to route using a DC. > The test server I am using is It should not prevent it from working but it is a bad idea. Network segments> neither a DCHP server nor a DC. Also, both nics in this server are plugged > into the same switch. Does this matter? should be physically sparated and distinct. Essentially with RRAS you just install it (assuming the Nics already installed) and enable "routing". There are no static routes and there is really nothing else to do. You use the "DHCP Agent" in RRAS to handle the DHCP Queries. The details are in the Help for RRAS,..just go to the Search Tab in Help and query "DHCP" and you will see it along with the setps to configure it. But I only used RRAS as an example,...you can also use a regular hardware based LAN Router if you want. Use whatever works best according to what you have or can afford to get. How much trouble would it be for you to move to a class B Subnet?
"Vinny Hahn" <VinnyH***@discussions.microsoft.com> wrote in message 192.168.1.1 -news:60204B21-656C-4E66-A623-3A8836123506@microsoft.com... > Here's my scenario: > In my office, I'm running two physically different DCHP servers; one is > handling the range of 192.168.1.1 - 192.168.1.100, the other is handling > 192.168.1.101 - 192.168.254. This gives us the full range of Show quote > 192.168.1.254, but we are running low on IP's now. > > We also have two remote plants, that'll I'll refer to as plant 1 and plant > 2. > > We maintain a VPN connection to Plant 1 between two firewalls and they use > the range of 192.168.2.x. > > Same for plant 2, but their IP range is 192.168.3.x. > > The LAN side of my firewall is set to 192.168.1.1/255.255.255.0. > > What would be the best solution to give my office network more IP's? > > If I made a new range of say 192.168.4.x, would they see the devices on the > 192.168.1.x subnet and vise versa? All the nodes in my office log into the > same domain. What issues will I encounter if I go this route? > > Thanx, > Vinny That could be done, but there are some problems with it. A LAN looses
efficiency once it gets over 250-300 hosts (your mileage may vary). An un-split Class B would would give it over 65,000 hosts,...so it would have to be split up,...but after doing that,..it would have been easier to just add an additional Class C segment of 254. This would keep the number of Hosts per segment effectively below 250. Show quote "Preacher Man" <SLaw***@bouldincorp.com> wrote in message news:%237dM5mgFFHA.392@TK2MSFTNGP14.phx.gbl... > How much trouble would it be for you to move to a class B Subnet? > > > "Vinny Hahn" <VinnyH***@discussions.microsoft.com> wrote in message > news:60204B21-656C-4E66-A623-3A8836123506@microsoft.com... > > Here's my scenario: > > In my office, I'm running two physically different DCHP servers; one is > > handling the range of 192.168.1.1 - 192.168.1.100, the other is handling > > 192.168.1.101 - 192.168.254. This gives us the full range of > 192.168.1.1 - > > 192.168.1.254, but we are running low on IP's now. > > > > We also have two remote plants, that'll I'll refer to as plant 1 and plant > > 2. > > > > We maintain a VPN connection to Plant 1 between two firewalls and they use > > the range of 192.168.2.x. > > > > Same for plant 2, but their IP range is 192.168.3.x. > > > > The LAN side of my firewall is set to 192.168.1.1/255.255.255.0. > > > > What would be the best solution to give my office network more IP's? > > > > If I made a new range of say 192.168.4.x, would they see the devices on > the > > 192.168.1.x subnet and vise versa? All the nodes in my office log into > the > > same domain. What issues will I encounter if I go this route? > > > > Thanx, > > Vinny > >  |
|||||||||||||||||||||||
Other interesting topics