I'm looking at setting up a second scope on one of our Server 2k3 boxes, we currently have one complete range in there x.x.32.1 - x.x.32.254, and I need to add x.x.34.1 - x.x.34.254. They are different address ranges but all our routers etc have already been configured for it. (We've just been statically assigning them for two years now.)

When I tried to do this in the NT days I had no luck getting it to work. I havn't attempted it yet on the w2k3 box, I thought I'd ask for insight.

The server its going on is currently assigned an x.x.32.x number, will I need to put in a second nic with a 34.x address?

Thanks for any advise!

 

Hmmm, I think I got it. I'm experimenting with superscopes, lets see how this works....

 

Two NIC's makes it easier, You can use SuperScopes but they are a PITA.

I have 4 Nics in my websever right now. Each bound to a set of IP's

 

You mean the routers had DHCP relaying set up?

 

No, just that the gateway and subnet info is already in place, just to rule that out as an issue. Each of our networks that are seperated by a router has its own w2k3 server with DHCP enable. We don't relay DHCP requests at all.

Basically I'm running two subnets on one physical network. No segments, VPN's, etc.


If you go the multiple NIC route, how do you assign each individual scope to a specific NIC?

 

So you have x.x.32.1-254/24 and x.x.34.1-254/24 on the same broadcast domain?

 

Yup. Sorry I should refresh up on my tech lingo.

I just tried using a Superscope and shrunk both pools down to 15 addresses for testing purposes, then fired up a 30 system lab. The primary block (32.x) filled up first then moved on the the next block (34.x).

The only minor issue I ran into is when joining the domain with a new machine that grabbed a "new" 34.x address, I had to use the FQDN to even see the domain. On a system with the "old" 32.x I just used the shorter Netbios name. No big deal, just more typing. (And no, we don't use WINS).

With these test scenario results I'm assuming I should be fine. When school starts up in a few weeks and 300+ systems fire up in this building I don't want ANY surprises.

 

You could have just added another block of IPs on the DHCP server and it will work just fine. No need for extra network cards.

Why not renumber the network and 'do it right' before school starts? All nodes on the same network. Easier to troubleshoot, especially once it’s full of whiny users.

 

I agree completely but also this comes to mind:

Why not use a non-routable addresses (trusted network) on PC's and use NAT/PAT on your border routers and firewalls? If you use PAT, you only need one routable address. NAT/PAT require logging if your interested in security but they are flat files so they don't get very large quickly.
You can assign two subnets on most decent routers and firewalls and that increases your security also.

 

Hmm, not sure if I follow the renumbereing thing. We have over 350 sytems in the bulding, so one block just won't cut it, I have to use two seperate net numbers. (They are both class C's...)

Please explain, I want to make sure I'm not missing something really obvious

 

We already have over 750 systems set up on public addresses over 4 sites, which includes numerous print servers, file servers, and useres that need specific public IP's for firewall clearance, etc, etc... I would love to go NAT but the overhead of changing our entire infrastructure just isn't feasible with our limited staff (two of us) and our ever growing 'to do ' list.

Thanks for all the input though, I love hearing what approaches other IT dudes take. It's soooooo easy to get stuck in you own way of thinking when you work in the same place for too long. Always nice to get some different insight.

 

Uhhh. Subnetting 101...

Make all desktops say have IPs between x.x.32.1 and x.x.33.254 with a netmask of 255.255.254.0. That's enough for 510 systems/IPs, same broadcast domain, no need for unnecessary tricks with routing.

 

I think your on subnetting 102. Subnetting 101 is just 24 bit masks.

 

With only two techs, DHCP and NAT would be your best friends. Set all your machines to use DHCP. In DHCP, you can set the system to put specific IP's onto specific MAC addresses, this way some machines always pick up the same IP. The you do the same thing in the Firewall/Border router. This solves the problem you have with specific machines getting specific access.
So machine A starts, broadcasts its MAC to the server and picks up specific IP address 10.1.10.2. (non Routable) The the user makes a request to the internet and then the firewall translates the address from the non-routable to a IP address within the routable addresses that are assigned to your place by IANA.
Sounds complicated but its really not. AND everytime you get a new machine, no hardcoding the IP's, you plug it into the wall and the LAN and the server assigns the IP, Default Gateway, subnet and DNS numbers. Makes things easier in the long run.

Print servers are a nitemare. Assign specific IP's to the printers and then create an IP port on each machine. This way if the Print server breaks, everyone can keep printing. Makes it a little more difficult to switch printers, All you need to do is assign seperate IP Ports for printers.

I know it works on a system of 73 sites!!