• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 287
  • Last Modified:

Need input on running multiple subnets on one LAN

I have a primary LAN subnet of 192.168.0.x. We are running out of IPs. I added and use 10.10.0.0/24. It works but I have concerns. Here is how I set it up.

1. I have a SonicWall Pro 3060. The LAN port is my gateway (192.168.0.250). I created an object 10.10.0.0/24.
2. Created a static ARP entry of 10.10.0.1 for the gateway which points to the same LAN interface on the SonicWall.
3. Allowed all traffic outbound from that subnet. Inbound abides by existing rules.
4. On my DHCP server I already had 192.168.0.0/24 so I created the 10.10.0.0/24 subnet then created a Superscope. Added both of them to the super scope.
5. Because I wanted to use Static DHCP I added the full range 10.10.0.0/24 then excluded 10.10.0.1, 10.10.0.3-10.10.0.254. Then reserved 10.10.0.2 using the MAC address of one of the PCs so everytime it connected to the LAN it gets that address.

I am wondering if I can do away with the Static ARP entry on the SonicWall and do all work on the DHCP server regarding the gateway. I did go into the scope options and change the router address from 10.10.22.1 to 192.168.0.250 and it seems to work but I still wonder if I am missing somthing or if there will be negative consequences later.

What do you all think about this setup?

Thanks
0
pbhcpa
Asked:
pbhcpa
  • 2
2 Solutions
 
lrmooreCommented:
I think that it may work most of the time, but is not ideal. Creating two separate IP subnets on the same wire creates some ARP issues as you already seem to be aware of, as well as broadcast issues.
A "better" way would be to use VLAN's and route between the vlans either with a L3 switch or on the sonicwall (don't know enough about the sonicwall to be much help there).
The issue with vlans becomes Windows and netbios broadcasts. Now you need name resolution between the subnets and a browse master per subnet...maybe even a dns server per vlan. DHCP would not be a superscope, but would be two individual scopes and you would have to use dhcp-relay or have 2 dhcp servers.
We do not recommend more than the 250 or so hosts that a single class C network supports on a single broadcast domain anyway, so breaking it up into logical vlan chunks will bring some efficiencies.

You could use what you have described here as a temporary measure until you can get everyone over to a 10.10.x.x IP address and then revert back to one big happy network by dropping all the 192.168.0.x addresses everywhere.

0
 
pbhcpaAuthor Commented:
Investigating the VLAN possibility with my SonicWall. May need input. Thanks.
0
 
pbhcpaAuthor Commented:
Using static ARP entries and Super Scopes on my DHCP server seem to be working fine but we may explore VLANs later on. Thanks for the direction.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now