created a scope on the dhcp. the computers get the ip in the 11 range but cannot access internet and shared drives

Posted on 2008-09-30
Medium Priority
Last Modified: 2012-05-05
The ip range is full on the dhcp, so i created a new scope ( included both ip ranges into a superscope.Also i added the details in the router's access list. New computers joining the domain get the ip in the 11.0 range but still they cannot access the internet and neither the shared drives and printers.What could be the problem?I s there another step which i missed?
Question by:ROD28
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 43

Accepted Solution

JFrederick29 earned 2000 total points
ID: 22604471
Something needs to provide routing between subnets or you need to change the subnet mask on the router interface, DHCP scope and clients to  What type of router?  If Cisco, you can apply the subnet as a secondary address to the LAN interface.

int fa0/1
ip address secondary

Author Comment

ID: 22604556
The router/firewall is Cisco T801. Attached i enclosed the router config for your information.I added the new ip range in the 140 access list as highlighted in the attachments.Thanks
LVL 43

Expert Comment

ID: 22604589
Add the subnet as a secondary on the VLAN2 interface.

conf t
int vlan2
ip address secondary

Make sure is the default gateway for the 192.168.11.x clients.
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

LVL 43

Expert Comment

ID: 22604679
Looks like your access-list also is missing statements to allow the hosts to resolve DNS externally and allow ICMP like the .10 subnet.

conf t
access-list 140 permit udp any eq domain
access-list 140 permit icmp any
LVL 23

Expert Comment

ID: 22604753
Unless you have multiple subnets in the .10  scope, or a logical reason
for this subnet division; I would suggest thinking of using one DHCP scope
instead of 2.   You can define 2 pools in the scope,  one for some ips in the .10
range and one for some ips in the .11 range   as a /23   i.e. with netmask  
instead of
(use one big pool instead of 2 pools)

Change the subnets accordingly on your domains.

A downside is any devices with a static IP now also need the netmask updated

The disadvantage is the change may be harder;  the advantage is, going
forward, administration of one subnet is simpler than administration of two subnets.

Also, you can keep a simpler router configuration

permit udp   any eq domain
instead of

permit udp any eq domain
permit udp any eq domain

*Well,  given the limitations of  RIPv1, you appear to have in
that conf, you still need to advertise  two class C  networks.


Expert Comment

ID: 22605000
You should considere chage everything to bigger subnet- like on will ive you 65k adresses, group then lagicaly:  -servers darm -office users -contractors -VPN users -guests

and so on. much easy managed then
And have VLAN's set up

Something like this
genral info

Some example VLAN usage you can find on EE, Cisco web or many others.............


Of cause Cisco is top of the line,but Netgear might be more suitable for you.

Expert Comment

ID: 22605020
Sorry ,did not typed correctly......  -servers farm -office users -contractors -VPN users -guests
and so on

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month13 days, 17 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question