Dual DHCP Scopes with different subnets on one server?? Possible??

yoda-g2 · 08-10-2005, 11:00 AM

I'm looking at setting up a second scope on one of our Server 2k3 boxes, we currently have one complete range in there x.x.32.1 - x.x.32.254, and I need to add x.x.34.1 - x.x.34.254. They are different address ranges but all our routers etc have already been configured for it. (We've just been statically assigning them for two years now.)

When I tried to do this in the NT days I had no luck getting it to work. I havn't attempted it yet on the w2k3 box, I thought I'd ask for insight.

The server its going on is currently assigned an x.x.32.x number, will I need to put in a second nic with a 34.x address?

Thanks for any advise!

This ad is not displayed to registered members.
Register your free account today and become a member on Yotatech!

yoda-g2 · 08-10-2005, 11:34 AM

Hmmm, I think I got it. I'm experimenting with superscopes, lets see how this works....

4Hummer · 08-10-2005, 12:02 PM

Two NIC's makes it easier, You can use SuperScopes but they are a PITA.

I have 4 Nics in my websever right now. Each bound to a set of IP's

4RUNR · 08-10-2005, 01:21 PM

Quote:

Originally Posted by yoda-g2

They are different address ranges but all our routers etc have already been configured for it.

You mean the routers had DHCP relaying set up?

yoda-g2 · 08-10-2005, 02:08 PM

Quote:

Originally Posted by 4RUNR

You mean the routers had DHCP relaying set up?

No, just that the gateway and subnet info is already in place, just to rule that out as an issue. Each of our networks that are seperated by a router has its own w2k3 server with DHCP enable. We don't relay DHCP requests at all.

Basically I'm running two subnets on one physical network. No segments, VPN's, etc.

Quote:

Originally Posted by 4Hummer

Two NIC's makes it easier, You can use SuperScopes but they are a PITA.

I have 4 Nics in my websever right now. Each bound to a set of IP's

If you go the multiple NIC route, how do you assign each individual scope to a specific NIC?

4RUNR · 08-10-2005, 04:03 PM

Quote:

Originally Posted by yoda-g2

Basically I'm running two subnets on one physical network.

So you have x.x.32.1-254/24 and x.x.34.1-254/24 on the same broadcast domain?

yoda-g2 · 08-10-2005, 04:33 PM

Quote:

Originally Posted by 4RUNR

So you have x.x.32.1-254/24 and x.x.34.1-254/24 on the same broadcast domain?

Yup. Sorry I should refresh up on my tech lingo.

I just tried using a Superscope and shrunk both pools down to 15 addresses for testing purposes, then fired up a 30 system lab. The primary block (32.x) filled up first then moved on the the next block (34.x).

The only minor issue I ran into is when joining the domain with a new machine that grabbed a "new" 34.x address, I had to use the FQDN to even see the domain. On a system with the "old" 32.x I just used the shorter Netbios name. No big deal, just more typing. (And no, we don't use WINS).

With these test scenario results I'm assuming I should be fine. When school starts up in a few weeks and 300+ systems fire up in this building I don't want ANY surprises.

4RUNR · 08-10-2005, 04:43 PM

You could have just added another block of IPs on the DHCP server and it will work just fine. No need for extra network cards.

Why not renumber the network and 'do it right' before school starts? All nodes on the same network. Easier to troubleshoot, especially once it’s full of whiny users.

MvCrash · 08-20-2005, 04:44 AM

Quote:

Originally Posted by 4RUNR

You could have just added another block of IPs on the DHCP server and it will work just fine. No need for extra network cards.

Why not renumber the network and 'do it right' before school starts? All nodes on the same network. Easier to troubleshoot, especially once it’s full of whiny users.

I agree completely but also this comes to mind:

Why not use a non-routable addresses (trusted network) on PC's and use NAT/PAT on your border routers and firewalls? If you use PAT, you only need one routable address. NAT/PAT require logging if your interested in security but they are flat files so they don't get very large quickly.
You can assign two subnets on most decent routers and firewalls and that increases your security also.

yoda-g2 · 08-20-2005, 10:56 AM

Quote:

Originally Posted by 4RUNR

You could have just added another block of IPs on the DHCP server and it will work just fine. No need for extra network cards.

Why not renumber the network and 'do it right' before school starts? All nodes on the same network. Easier to troubleshoot, especially once it’s full of whiny users.

Hmm, not sure if I follow the renumbereing thing. We have over 350 sytems in the bulding, so one block just won't cut it, I have to use two seperate net numbers. (They are both class C's...)

Please explain, I want to make sure I'm not missing something really obvious

yoda-g2 · 08-20-2005, 11:02 AM

Quote:

Originally Posted by MvCrash

I agree completely but also this comes to mind:

Why not use a non-routable addresses (trusted network) on PC's and use NAT/PAT on your border routers and firewalls? If you use PAT, you only need one routable address. NAT/PAT require logging if your interested in secruity but they are flat files so they don't get very large quickly.
You can assign two subnets on most decent routers and firewalls and that increases your security also.

We already have over 750 systems set up on public addresses over 4 sites, which includes numerous print servers, file servers, and useres that need specific public IP's for firewall clearance, etc, etc... I would love to go NAT but the overhead of changing our entire infrastructure just isn't feasible with our limited staff (two of us) and our ever growing 'to do ' list.

Thanks for all the input though, I love hearing what approaches other IT dudes take. It's soooooo easy to get stuck in you own way of thinking when you work in the same place for too long. Always nice to get some different insight.

4RUNR · 08-20-2005, 11:30 AM

Quote:

Originally Posted by yoda-g2

Hmm, not sure if I follow the renumbereing thing. We have over 350 sytems in the bulding, so one block just won't cut it, I have to use two seperate net numbers. (They are both class C's...)

Please explain, I want to make sure I'm not missing something really obvious

Uhhh. Subnetting 101...

Make all desktops say have IPs between x.x.32.1 and x.x.33.254 with a netmask of 255.255.254.0. That's enough for 510 systems/IPs, same broadcast domain, no need for unnecessary tricks with routing.

MvCrash · 08-22-2005, 04:57 AM

Quote:

Originally Posted by 4RUNR

Uhhh. Subnetting 101...

Make all desktops say have IPs between x.x.32.1 and x.x.33.254 with a netmask of 255.255.254.0. That's enough for 510 systems/IPs, same broadcast domain, no need for unnecessary tricks with routing.

I think your on subnetting 102. Subnetting 101 is just 24 bit masks.

MvCrash · 08-22-2005, 05:06 AM

Quote:

Originally Posted by yoda-g2

We already have over 750 systems set up on public addresses over 4 sites, which includes numerous print servers, file servers, and useres that need specific public IP's for firewall clearance, etc, etc... I would love to go NAT but the overhead of changing our entire infrastructure just isn't feasible with our limited staff (two of us) and our ever growing 'to do ' list.

Thanks for all the input though, I love hearing what approaches other IT dudes take. It's soooooo easy to get stuck in you own way of thinking when you work in the same place for too long. Always nice to get some different insight.

With only two techs, DHCP and NAT would be your best friends. Set all your machines to use DHCP. In DHCP, you can set the system to put specific IP's onto specific MAC addresses, this way some machines always pick up the same IP. The you do the same thing in the Firewall/Border router. This solves the problem you have with specific machines getting specific access.
So machine A starts, broadcasts its MAC to the server and picks up specific IP address 10.1.10.2. (non Routable) The the user makes a request to the internet and then the firewall translates the address from the non-routable to a IP address within the routable addresses that are assigned to your place by IANA.
Sounds complicated but its really not. AND everytime you get a new machine, no hardcoding the IP's, you plug it into the wall and the LAN and the server assigns the IP, Default Gateway, subnet and DNS numbers. Makes things easier in the long run.

Print servers are a nitemare. Assign specific IP's to the printers and then create an IP port on each machine. This way if the Print server breaks, everyone can keep printing. Makes it a little more difficult to switch printers, All you need to do is assign seperate IP Ports for printers.

I know it works on a system of 73 sites!!

08-10-2005, 11:34 AM	#2 (permalink)
yoda-g2 Contributing Member Join Date: Feb 2003 Location: Spokane, WA Posts: 570	Hmmm, I think I got it. I'm experimenting with superscopes, lets see how this works.... __________________ The Money Pit: '96 FZJ80 - Locked \| Safari Turbo w/ Intercooler \| Unichip \| 3" Exhaust \| IPT VB \| OME 3" Lift \| ARB & Kaymar \| Winch \| DBA Slotted X-Drilled Rotors \| Aussie Drawers \| HID's \| BFG AT's... '78 FJ40 - Finally got my Mustard Baby!!! - Resto Project... Clicky for Pics!

08-10-2005, 12:02 PM	#3 (permalink)
4Hummer Registered User Join Date: Jul 2004 Location: Canada Posts: 1,975	Two NIC's makes it easier, You can use SuperScopes but they are a PITA. I have 4 Nics in my websever right now. Each bound to a set of IP's __________________ Michael 1991 4Runner 22RE. CHOP www.obsessiveoffroadclub.com

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Server problems?	Dublin	Off Topic Talk	4	02-28-2007 05:53 PM
Low Light Rifle Scopes	AgRunner06	Off Topic Talk	42	12-13-2004 09:19 PM
Server will be down	Corey	95.5-2004 Tacomas & 96-2002 4Runners	0	01-18-2003 10:54 AM

08-10-2005, 04:43 PM	#8 (permalink)
4RUNR Guest Join Date: Jun 2003 Location: North Pole Posts: 1,619	You could have just added another block of IPs on the DHCP server and it will work just fine. No need for extra network cards. Why not renumber the network and 'do it right' before school starts? All nodes on the same network. Easier to troubleshoot, especially once it’s full of whiny users.