Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Creating new subnet/DHCP range.

Posted on 2009-04-28
7
Medium Priority
?
982 Views
Last Modified: 2012-08-14
I have been tasked with creating another subnet with a range of DHCP addresses.

Currently we have all servers and workstations on 10.1.254.0  255.255.255.0.  Servers/Printers are configured with a static IP and reservations for them are on the DHCP server.  Workstations pull DHCP.

We are running out of IP addresses, so we want to create the 10.1.253.0 255.255.255.0 subnet.  Making this subnet the one with DHCP running for the workstations and the servers/printers remaining on the '254' subnet with no DHCP.

All hosts are on a stack of HP Procurve Switches that connect to a Cisco ASA to get out to the web.

Besides creating the range on the DHCP server and removing the '254' range from the pool, what else will need to be configured to make these subnets talk to each other?  

Do any routes need to be added to the ASA?    

I feel like I am forgetting something, perhaps how the DHCP server sitting on '254' will be able to provide addresses to workstation on the '253'?  But these will be on the same switch, so not a problem?

Thank you for any help.





0
Comment
Question by:tpearson1
  • 3
  • 2
  • 2
7 Comments
 
LVL 2

Accepted Solution

by:
majkiw earned 1000 total points
ID: 24251207
If the problem is just running out of IP addresses, then why don't you just change the network mask to 255.255.252.0? It will let you have IPs in range 10.1.252.0 - 10.1.254.254.
0
 

Author Comment

by:tpearson1
ID: 24251276
Would that be as simple as changing the Range on the DHCP server then changing the Subnet Mask on the Statically assigned hosts?

What other considerations or pitfalls could this cause?  


0
 
LVL 2

Expert Comment

by:majkiw
ID: 24251408
It should be as simple as that. That's the idea of network masks.
The only pitfall I can think of is that your router and DHCP server may be not capable of handling so much IPs.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 

Author Comment

by:tpearson1
ID: 24251428
majkiw:

Did you mean 10.1.252.0-10.1.255.254?

I apologize, its just been years since I calculated any subnets.

Thank you.
0
 
LVL 9

Expert Comment

by:Donboo
ID: 24255261
I generally dont recommend going below a /24 to keep broadcast at a minimum and also segmenting makes it easier to filter traffic in access-lists or creating routing policies.

But before you segment you should think about where you are going to route the vlans. Are you going to use a L3 switch (recommended) or are you gonna use the ASA?

If you use the ASA there are limits to consider like throughput and if you use Wake-On-Lan it wont work with the ASA as router.

No matter what, the ASA needs to know about all subnets in the internal network that wants to use the internet else it will drop the packets.
0
 

Author Comment

by:tpearson1
ID: 24269903
So if I do not want to drop below a /24 mask AND do not want to use VLAN tagging, what are my options?

The ProCurve 2650s are L3 switches.  

Provided I put a route in the ASA to route traffic on the new subnet to the internet, what else is left to do?

Thank you

0
 
LVL 9

Assisted Solution

by:Donboo
Donboo earned 1000 total points
ID: 24270509
You still need to make a VLAN for each /24 net you want to make.

You connect your L2/L3 devices via VLAN Trunks to a central L3 device, that will route the networks internal and you make from that L3 device a network where you attach the ASA, which has all the routes of the internal network pointing back to the L3 device IP address.

It is not a good practice at all to use more than 1 network on the same L2/VLAN so if you wont do the above your only option is to use a wider netmask and thus creating more broadcast and make your network more susceptible to errors.
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Enter Foreign and Special Characters Enter characters you can't find on a keyboard using its ASCII code ... and learn how to make a handy reference for yourself using Excel ~ Use these codes in any Windows application! ... whether it is a Micr…
Suggested Courses
Course of the Month15 days, 11 hours left to enroll

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question