?
Solved

Incorrect Subnet Mask from DHCP router

Posted on 2009-04-20
5
Medium Priority
?
1,123 Views
Last Modified: 2012-05-06
I have changed the layout of my network around, and am having trouble with the DHCP on my router.  I have the network set up so that the servers and employee computers have static IP's in the 192.168.1.x subnet and any guests or clients that come into the office and connect to the internet are assigned IP's in the 192.168.0.x subnet.  My router is currently 192.168.0.1 with a 255.255.254.0 subnet mask and all the employee computers and servers also have a 255.255.254.0 subnet so they are able to access the internet.  Here is where my problem is though.  On my router, i have Enabled the DHCP to hand out addresses between 192.168.0.1 and 192.168.0.100 with a 255.255.255.0 subnet.  When i was testing it i kept getting an IP in the right range, but a subnet of 255.255.254.0.  I have no idea why it is giving out the wrong subnet mask.  I want it so that any dynamic connections to our network will be able to talk to the router, but not the servers and employee computers (hence the separate subnets).  Any idea's why this might be happening?
0
Comment
Question by:JMRSoftware
  • 3
5 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 24187179
Do you have two routers? You must have two routers to use the scenario you are using unless you have a VLAN setup because the router's internal IP address can't run two different subnets.
0
 
LVL 4

Expert Comment

by:red_nectar
ID: 24193379
Firstly you only THINK you have two subnets.  192.168.0.0 255.255.254.0 is ONE subnet beginning at 192.168.0.1 and ending with 192.168.1.254.  
However, your subnet spans two class C NETWORKS the 192.168.0.0/24 and the 192.168.1.0/24 networks, so to be precise, your subnet is actually a supernet - but lets not get caught up with terminolgy.  The fact that you have asked your router (I presume the router is the DHCP server) to hand out addresses with range x-y with mask z means that it will hand out addresses in that range, but if the range is part of one of that router's own directly connected subnets, it will outsmart you and hand out the mask that is assigned to its interface, which is what you would normally want to do.
You say that what you really want to do is have guests and clients on one subnet that is isolated from your internal network, but still have access to the gateway that is on your internal network.  The scenario you described above would have achieved that, albeit somewhat non-conventional.
So what can you do?  There are a number of possibilities depending on the type of router you are using and the other devices that you have at your disposal.
1.  You could stick with regular /24 subnets (255.255.255.0) and keep the clients and internals separated, and assign a secondary IP addresss to the router (if your router supports secondary IPs).  This would probably be the simplest.  If you want to get sophisticated you could run each subnet on a different vlan - again assuming your equipment supports all this, but don't even think about this if you don't know what you are doing.
2. You could set up a different DHCP server on the 192.168.1.0/24 network and turn DHCP off on your router and stick with the un-conventional design you described above.  Unconventional does necessarily mean BAD, but it does mean troubleshooting will be harder, especially for any 3rd party that needs to troubleshoot.
3. You could get another router to put between the guests and the internet gateway - if you are using wireless you'll probably find your wirelss AP is a router anyway.  In this design the 2nd gateway gets a static IP address on its WAN interface of (eg) 192.168.0.2/24 and you set up DHCP and NAT for your guest clients on the wireless side and LAN ports (if your wireless router has some LAN ethernet ports).  The DISADVANTAGE with this design is that your guests willhave to plug into specific ports, rather than any old port as is the case with the other designs.  You will also have to do some filtering to make sure that your guests can't get to 192.168.1.x addresses.

To move forward, you'll need to let us know the following:
1. What router are you using (brand model, number of ports)
2. What DHCP server are you using (is it the router or another device - if another device you should be able to make it work)
3. How many internal clients? How many servers? How many guests?
4. If you are using any wireless - How many internal wireless? Any guests wireless? What wireless Access Point/router are you using
0
 

Author Comment

by:JMRSoftware
ID: 24194900
Hi Red Nectar, thank you very much for all that information.  I think we are going to go with your third option there as our router is being used for DHCP and it does not support a secondary IP.  As for your inquiries about our equipment, we are using a Peplink Balance 200 with 4 LAN ports and 2 WAN ports and DHCP enabled.  The network consists of 7 servers and roughly 70 clients.  The amount of guests varies, as we usually have them during board meetings, or if customers bring their laptops into the office.  There is no wireless for guests or employees, so theres no hardware to report there.  Thanks again for your help.
0
 
LVL 4

Expert Comment

by:red_nectar
ID: 24203551
OK - with option 3 you have to be a little bit careful because a guest will have access to your internal network unless you a) do some specific filtering to prevent this or b) do something tricky with the IP address range to prevent this - just like you were aiming to before - in fact if you can get your intermediate device to hand out IP addresses with a mask of 255.255.254.0 that would do it.  Your network might look a bit like this:

netdiag1.bmp
0
 
LVL 4

Accepted Solution

by:
red_nectar earned 1000 total points
ID: 24203712
There might be a problem with your new router in that it might not like having the ip address 192.168.0.2 and 192.168.1.1 with a 255.255.254.0 (/23) mask (because these IP addresses overlap the same address space - 192.168.0.1 through to 192.168.1.254).  If this is the case, change the mask on the new router to /24 (255.255.255.0) for the guests network interface, and to /30 (255.255.255.252) on the 192.168.0.2 interface.  In fact I think I like this solution better than the one above.  In this scenario, if the New Router receives a packet addressed to a server (say 192.168.0.10) then it will see that IP as being NOT local, and send the pkt to Existing Router which will probably NOT fwd it back to 192.168.0.10 because that would mean passing it back out the interface that it arrived on.  Most routers that claim any firewall features will behave this way. So a better diagrm might be:

netdiag1.bmp
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question