Networking DHCP growth

pts.
Tags:
Active Directory
Availability
Cabling
Career Development
Cisco
DataCenter
DHCP
DNS
Firewalls
Forensics
Hardware
Hubs
Incident response
Intrusion management
Microsoft Windows
Network monitoring
Network security
Networking
Networking services
Routers
Security
Switches
Tech support
Training
VPN
Wireless
Okay, probably a simple question for a lot, but my experience has been more along the lines of many offices, with a typical setup of a border router (cisco, firewall (watchguard, new cisco ASA's, Windows 2003 server DC, exchange server, etc....) I have been doing this a while now and have been working with everything, but one piece has not had to be done, but I see it coming. My typical 192.168.40.X/24 192.168.30.x/24, etc have always been good, with offering up enough IP's through DHCP. Now we are going to be expanding to some new office space and I am trying to plan how everything will work nicely. Like I said I have been working with this stuff for a while, but haven't seen this explained in a real way scenerio. I have read the CCNA book and many others, but haven't really found what I am looking for. I am just trying to get a good picture either by being pointed in the right direction (link, book) or by someone explaining it in a straight facts way. We currently have about 10 offices all connected together and everything is working good. I just need a to the point lesson in how this part works in regard to networking. Ideally I would like everyone even if on different networks, but within the same building to be no different then if it was just one network inside the building. For example, say floor 1 is on the 192.168.1.x network and the 2nd floor is 192.168.2.x. I'd like this to work, but does that also mean I now need to deal with Ipsec tunnels between the other offices an this new network? Thanks for any help.

Answer Wiki

Thanks. We'll let you know when a new response is added.

You can do this but what is your defining need to segment each floor on a different subnet… using a bigger 192.168.0.34/23 (510 addresses) or even a a class b network of 192.168.0.0/16 which will give you 2^16 – 2 addresses.

To give a seperate subnet to each floor you would need to
have good switches with vlan’ing and layer 3 routing..

Establish a vlan for each floor and then your core switch would provide layer 3 routing between vlans. You would then need a dhcp server on each floor (or have the switch provide dhcp-relay.

Since modern switches already do a lot of segmentation on the fly the overhead to having several hundred nodes on the same segment isn’t really prohibitive enough to make it worth the headache every time someone grabs a machine from one floor and moves it to another. Unless your using apps that do a lot of network broadcast or you are trying to segment traffic for security reasons there isn’t really a great need for lots of vlans.

Many IT people like to put them in but it really translates into extra work and/or cisco consultants to configure them… and 4 hours spent in the middle of the night trying to fix a problem only to find out that someone plugged the server into the wrong vlan or the router was missing one route between one segment and another… A five minute fix when your thinking about it but you’ll also have to remember how everything was set up when your making changes at 3am 2 years from now.

Discuss This Question: 5  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Micajc
    You can do this but what is your defining need to segment each floor on a different subnet... using a bigger 192.168.0.34/23 (510 addresses) or even a a class b network of 192.168.0.0/16 which will give you 2^16 - 2 addresses. To give a seperate subnet to each floor you would need to have good switches with vlan'ing and layer 3 routing.. Establish a vlan for each floor and then your core switch would provide layer 3 routing between vlans. You would then need a dhcp server on each floor (or have the switch provide dhcp-relay. Since modern switches already do a lot of segmentation on the fly the overhead to having several hundred nodes on the same segment isn't really prohibitive enough to make it worth the headache every time someone grabs a machine from one floor and moves it to another. Unless your using apps that do a lot of network broadcast or you are trying to segment traffic for security reasons there isn't really a great need for lots of vlans. Many IT people like to put them in but it really translates into extra work and/or cisco consultants to configure them... and 4 hours spent in the middle of the night trying to fix a problem only to find out that someone plugged the server into the wrong vlan or the router was missing one route between one segment and another... A five minute fix when your thinking about it but you'll also have to remember how everything was set up when your making changes at 3am 2 years from now.
    0 pointsBadges:
    report
  • Astronomer
    Kevin: Since you already have multiple subnets, the routing issues of adding another subnet should be fairly trivial. In particular, if you have just one campus router, you shouldn't have to do anything special to allow the subnets to see each other. You didn't say how you are currently providing DHCP services. I would recommend using two DHCP servers to provide IPs to each subnet so if one goes down, you won't have loss of service. Microsoft allows for this by providing superscopes so the DHCP servers don't step on each other. You would need to configure a DHCP proxy like iphelper to support each subnet. If you would like more details, let me know. With each generation, it seems windows is gradually getting less chatty, but I still don't see a good reason not to stick with class C subnets to partition broadcasts. I'm not sure what the question about IPSec means. If you are setting up IPSec tunnels between offices on a single campus/network, you shouldn't need anything special. On the other hand, if this is about going out to the internet, the issues for any new subnet should be similar to what you already do for the existing private ranges. If you use IPSec to connect 192.168.x.x networks between campuses then you need some mechanism to tell the remote routers about the new subnets. This can be done statically or by using a routing protocol like RIP or OSPF. I hope this addresses your question. rt
    15 pointsBadges:
    report
  • petkoa
    Hi, kevins74 Did you look at a 802.1d bridging solution for your networks residing in the same building? We have this in place and it works OK. In fact, we are using a home-made bridge on a Linux box, and if you feel comfortable enough with Linux, you may try this. Linux bridging code is quite powerfull: supports spanning tree protocol which allows for redundancy and can pass the bridged packets through the firewall chains and/or traffic shapers of the kernel. This solution also allows for rapid switching from bridging to routing model and back; this was our primary intent - to be able to quickly separate networks in case of an infestation of a workstation, or some other workstation-induced problems. Though, in this case you should be very cautious about machines which get static IPs (from DHCP server or manually configured) - the last time we separated our "floor networks" it appeared that some such host has moved to other floors and they got problems... BR, Petko
    3,120 pointsBadges:
    report
  • Mortree
    Or if you got to deal with nasty old classful routers that do not allow CIDR networks -- you could convert to using 172.16.x.y subnets. Really your question/problem is not clear. What is your fear? Are you wanting to avoid buying more routers and you have used all the ports on existing routers?
    0 pointsBadges:
    report
  • Mortree
    Or if you got to deal with nasty old classful routers that do not allow CIDR networks -- you could convert to using 172.16.x.y subnets. Really your question/problem is not clear. What is your fear? Are you wanting to avoid buying more routers and you have used all the ports on existing routers?
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following