Solved

created a scope 192.168.11.0 on the dhcp. the computers get the ip in the 11 range but cannot access internet and shared drives

Posted on 2008-09-30
7
601 Views
Last Modified: 2012-05-05
The ip range 192.168.10.0 is full on the dhcp, so i created a new scope (192.168.11.0).I included both ip ranges into a superscope.Also i added the details in the router's access list. New computers joining the domain get the ip in the 11.0 range but still they cannot access the internet and neither the shared drives and printers.What could be the problem?I s there another step which i missed?
0
Comment
Question by:ROD28
7 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
Comment Utility
Something needs to provide routing between subnets or you need to change the subnet mask on the router interface, DHCP scope and clients to 255.255.254.0?  What type of router?  If Cisco, you can apply the 192.168.11.0/24 subnet as a secondary address to the LAN interface.

int fa0/1
ip address 192.168.11.1 255.255.255.0 secondary
0
 

Author Comment

by:ROD28
Comment Utility
The router/firewall is Cisco T801. Attached i enclosed the router config for your information.I added the new ip range in the 140 access list as highlighted in the attachments.Thanks
Router-config.pdf
0
 
LVL 43

Expert Comment

by:JFrederick29
Comment Utility
Add the 192.168.11.0/24 subnet as a secondary on the VLAN2 interface.

conf t
int vlan2
ip address 192.168.11.1 255.255.255.0 secondary

Make sure 192.168.11.1 is the default gateway for the 192.168.11.x clients.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 43

Expert Comment

by:JFrederick29
Comment Utility
Looks like your access-list also is missing statements to allow the 192.168.11.0/24 hosts to resolve DNS externally and allow ICMP like the .10 subnet.

conf t
access-list 140 permit udp 192.168.11.0 0.0.0.255 any eq domain
access-list 140 permit icmp 192.168.11.0 0.0.0.255 any
0
 
LVL 23

Expert Comment

by:Mysidia
Comment Utility
Unless you have multiple subnets in the .10  scope, or a logical reason
for this subnet division; I would suggest thinking of using one DHCP scope
instead of 2.   You can define 2 pools in the scope,  one for some ips in the .10
range and one for some ips in the .11 range

192.168.10.0   as a /23   i.e. with netmask     255.255.254.0  
instead of 255.255.255.0
(use one big pool instead of 2 pools)

Change the subnets accordingly on your domains.

A downside is any devices with a static IP now also need the netmask updated
to 255.255.254.0


The disadvantage is the change may be harder;  the advantage is, going
forward, administration of one subnet is simpler than administration of two subnets.

Also, you can keep a simpler router configuration

permit udp 192.168.10.0        0.0.1.255   any eq domain
instead of

permit udp 192.168.10.0   0.0.0.255 any eq domain
permit udp 192.168.11.0   0.0.0.255 any eq domain

*Well,  given the limitations of  RIPv1, you appear to have in
that conf, you still need to advertise  two class C  networks.


0
 
LVL 7

Expert Comment

by:dkarpekin
Comment Utility
You should considere chage everything to bigger subnet- like 10.10.0.0 on 255.255.0.0 will ive you 65k adresses, group then lagicaly:
10.10.0.1-10.10.0.255  -servers darm
10.10.1.0-10.10.1.255 -office users
10.10.1.0-10.10.1.255 -contractors
10.10.1.0-10.10.1.255 -VPN users
10.10.1.0-10.10.1.255 -guests

and so on. much easy managed then
And have VLAN's set up

Something like this
http://netgear.com/Products/Switches/FullyManaged10_100_1000Switches/GSM7212.aspx
genral info
http://netgear.com/Solutions/BusinessSolutions/MainOffice.aspx

Some example VLAN usage you can find on EE, Cisco web or many others.............

http://www.tomax7.com/mcse/vlan_made_easy.htm

Of cause Cisco is top of the line,but Netgear might be more suitable for you.
0
 
LVL 7

Expert Comment

by:dkarpekin
Comment Utility
Sorry ,did not typed correctly......
10.10.0.1-10.10.0.255  -servers farm
10.10.1.0-10.10.1.255 -office users
10.10.2.0-10.10.2255 -contractors
10.10.3.0-10.10.3.255 -VPN users
10.10.4.0-10.10.4.255 -guests
...........................................
and so on
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now