Running out of ip's 192.168.100.x

Ok, so you have 254 address now, 100 users how many network printers, servers, etc?

You could just change the netmask to 255.255.0.0 giving you a bunch more range of IPs.  That may open it up too much for your liking though.  

about 10 network printers, 30 servers.  I'm sure we can get away with just adding another 254 but it only makes sense to add more then that.  Could i add 192.168.x.x? or should i not seeing as i have 192.168.100.x already and that could cause problems?

Chad

by changing your netmask to 255.255.0.0 you open up the entire 192.168.x.x range.

If i changed the netmask to that would everything stay in tact? we have at least 75 devices/servers with static addressing?  Its probably best to leave the existing network intact and add another that i could move the users to then route between?

You could then use different subnetting if you wanted to partition off specific groups.

how would i route between the networks? what would i be changing?  I would assume just the mask on the dhcp server.

othing except the netmask.  It just allows you to use more ip address' from 192.168.0.1 to 192.168.254.254.   Yes, you need to change the netmask in your IP pool on the server and then ensure all the computers obtain new leases from the server.  

I would ensure I increase the static ip range for future growth also.  In our company we use the x.x.0.1 to x.x.0.x for servers, and x.x.99.x for routers, x.x.30.x for printers, x.x.50.x for specialty IP addressed equipment such as scan to pdf copiers.

Depending on how you setup your IP ranges you can remove those you don't want from the pool.  

interesting.  now if i understand correct there would be no need for anything to route between them because the netmask states the ip range 192.168.0.1 - 254.254 so everything will see everything.

For some reason i can't see it being that easy.  There has to be some sort of drawback.  We have a few remote networks via vpn as well.  Will those be affected?

I will have to change the netmask on all static devices right?

is there anything i must watch out for? i am scared i will take my network down.

By opening up the range your VPNs may be affected but I am assuming you are currently having them assigned in the same IP range.  You just need to ensure that everything you currently assign will not be adversly affected by added more IP address to the IP pool.  You could specify smaller ranges to limit that keeping the 255.255.x.x netmask.  

You will need to ensure the static devices have the same netmask yes.  

Drawback is opening more IP address to your network.  More opportunity for people to plug in devices you do not want on the network such as rogue wireless routers etc.

Correct on the routing.  Since all you are changing is the netmask those items currently on your network will still see everything else.  

It would be more tricky if you were subnetting into groups which would take more setup planning but from what you are saying you just have a basic setup without anything to complicated.  Keep it simple.....

ps.  which makes it easier to document also.  

You don't have multiple sites or anything like that?

Just the VPN which shouldn't be a big hassle.  Just be sure to document what you have now so you can be sure you change everything in the right order to ensure it works after.  You will also want to test each of these components after the change to ensure they are working correctly.  

we have recently installed another dc in the US but DHCP and everything is on that side.  its a really small office, only 10 ppl.

This sounds like a big change that should probably be done to get everything setup nice and clean.  

What about moving the users to another range and routing between? Not the best route? I am just scared that changing the netmask will cause a ton of problems with the existing network? its been in place for years and there are a lot of static addresses that i may not even know about.  

I understand its hard for you to advise not knowing the exact structure! but everything you have said so far makes sense.

Chad

I would not open up 192.168 to a /16.  This would bring a multitude of problems the least of which being device/ip management and broadcast issues.  The best solution for expandibility and management would be a new vlan.  You could use your dhcp server as a router between the two networks but I highly would not reccomend this setup (usually only done because of financial constraints).  An additional vlan does require configurable router/switches but it sounds like you may need it at some point and I believe that your switches will work fine.  You can use the same dhcp server for a new vlan so you won't need a new server.

Davino,

That sounds interesting.  Could you elaborate on what would need to be done in order to do this?  My understanding would be create a VLAN on the 3560 but how would i get dhcp from the existing server into the new vlan on the cisco? add another NIC and plug it into the vlan?

Chad

30 Servers, umm. Quite a Big Network. I wonder why you still not using Subnetting as you have lotsa Computers. And another thing is evident is that you dont have the proper documentation of this network.  

Thanks for the help makana.  Glad you have such a helpful answer.  

There is no documentation on the network.  I am new to this network and i am trying to get it to where it should be.

Chad

Your best bet for ease of management and scalability is to set a another scope on your dhcp server 192.168.200.0 255.255.255.0 I would not open up the range to 16 bits as this will give you 64516 addresses which is alot to manage
set a vlan on the 3560 in this range and it will route between the two subnets problem solved
for the specifics on the vlan go to http://www.cisco.com/en/US/products/hw/switches/ps637/products_configuration_guide_chapter09186a00800d9d3e.html

We use subnetting on ours but we have 5 major offices.  Subnetting allows us to use a different range at each office and route internal packets locally without affecting our WAN traffic.  

If you do the subnetting you can still use the netmask of 255.255.0.0 just using the subnetting on your router to eliminate some of the traffic.

I would also advise against the 192.168.0.0/16 as that would mean you would not be able to route to any other 192.168 in your company ever again.

I would think about using the 172.16.x.x range and start subnetting as other people have suggested.  The advantage of the 172 class be addresses is you will not run out at 254 users and you can have many other subnets.  You can also use the class A 10 addresses.

PS. yes, could create a VLAN on the 3560 as per my option 2

Wow, guys thanks for the awesome answers and the fast responses!

To me, it seems that creating a VLAN and segmenting the users to it would be the best strategy, but i have a few questions on that with DHCP.  We have our current DHCP server on 192.168.100.x, would i be adding a second NIC to it and plugging that into the new VLAN and configuring it for a new range 192.168.200.x /22 or /24 would seem sufficient.  Also if that is correct, what is the gateway on this new NIC? itself?

I'm sure there needs to be some forwarding setup on this machine?

Again, thanks for all the answers. I have upped the points so i can give credit to everyone.

The standard way to handle DHCP with multiple vlans is to implement "DHCP forwarding" which is configured on different ways on different platforms.

In a nutshell, DHCP requests are broadcasts which wouldn't normally be forwarded on by a routing process (router).  However, you can tell your router to forward DHCP requests onward or specifically to an IP request.  Then you set up multiple scopes on your DHCP server and it determines where the request is coming from and responds with an appropriate IP address from the correct scope.

Dualhoming a server on multiple vlans is not advised except for very specific needs of an application.  

Sorry, typo.

or specifically to IP address.

as it has been said, you will need a router or some configurable layer 3 device between.  with a cisco router this is done with a "ip helper-address <dhcp server ip>" within the vlan configuration.

interface vlan <vlan#> or sub-interface
ip address 172.16.x.x 255.255.255.0
ip helper-address <ip address of dhcp server>

Clients on Vlan <vlan#> will have a gateway of the ip specified on this interface (if the router is configured correctly).  Hope this helps!

Ok here is what i have done and tested.  If you could let me know if there is anything that needs changing.

I have created a second VLAN on the 3560 with the ip 192.168.200.201.  I have setup a second NIC on the existing DHCP server and plugged it into the second VLAN.

Second NIC settings
IP : 192.168.200.20
Mask : 255.255.255.0
Default gateway : 192.168.200.201
DNS : 192.168.100.5

I have setup an IP forwarder on the 3560 to forward to our gateway on 192.168.100.x

When i plug in a pc on the new VLAN i get an ip from the new 192.168.200.x and everything seems to work fine.  Would this be correct?

Chad

I would NOT dual home the DHCP server AND do DHCP Forwarding/IP Helper.  Pick one.  Right now, it's conceiveable that the server could get requests from both "directions" directly through the NIC on vlan200 and also through the NIC on vlan100.

This is new to me, could you elaborate a bit?

Well - on the one hand, you've set up dhcp helper on the vlan200 right?  Which forwards dhcp replies onto the 192.168.100.0 vlan to the dhcp server 192.168.100.x.

AND you've got the DHCP server sitting on the 192.168.200.0 network with an IP of 192.168.200.x

So, a device on 192.168.200.0 issues a BROADCAST for a DHCP address.  The routing process gets it and the NIC on the DHCP server gets it.  Which one gets it first would be unpredictable - it is conceivable that the DHCP request could be forwarded onto the 192.168.100.0 vlan and sent via unicast to the 192.168.100.x ip (DHCP server)

So, lets say the "native vlan dhcp request" was slightly delayed.

Now, you have TWO DHCP REQUESTS from the SAME machine arriving at the DHCP server on two different netorks - the NIC on vlan100, AND the NIC on vlan200.

I don't like this design because your traffic flow is too unpredictable.  At the least, it causes unnecessary traffc.

ahhhhh makes sense.  I'm not sure its a DHCP helper that was setup though.  under IP routing i enabled default route forwarding.  So i would assume any packets it didn't know are being sent to another router that knows everything on the 192.168.100.x network is.

does that make sense? or am i loosing my mind?

The command on a Cisco is "ip helper".  Default route forwarding is something else.

Ok its not the IP helper.  Basically i have the second VLAN and the dhcp server's second NIC plugged into it.  there are no dhcp helpers.  My only real question is the default gateway on the second NIC in the DHCP server.  should it be the cisco's ip?  192.168.200.201 as stated above?

I have left the ip forwarding on for now, but i will be creating a few static routes.

Chad

Sounds fine to me.

It should be whatever the default gateway is for the vlan200 - I assume it's the 192.168.200.201

Thank you for points.  Hope you have a sound solution in hand to continue with.

Thanks :)

Thanks for the points :)