ChrisAlavoine
asked on
DHCP multiple subnets
Hi there,
I have inherited a /24 network which is rapidly running out of IP addresses.
I want to do some subnet separation and need some dhcpd.conf advice.
We have a Cisco ASA 5510 controlling all the routing and an Ubuntu 8.04 Domain Controller running dhcpd to give out addresses.
I would like to keep the existing subnet for statically assigned servers and add several more /24 subnets for Phone, DHCP pool and VPN (this is already implemented on the ASA).
This is my current subnet declaration in dhcpd.conf:
subnet 192.168.16.0 netmask 255.255.255.0 {
option domain-name "blahblah.co.uk";
option routers 192.168.16.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.16.255;
option domain-name-servers 192.168.16.3;
option ntp-servers 192.168.16.2;
option netbios-name-servers 192.168.16.2;
option netbios-node-type 8;
range 192.168.16.32 192.168.16.235;
option option-176 "MCIPADD=192.168.16.11,MCP
}
I would welcome any suggestions on the best way to achieve this. It's been a while since I've done any advanced dhcpd.conf work.
Thanks in advance,
c:)
I have inherited a /24 network which is rapidly running out of IP addresses.
I want to do some subnet separation and need some dhcpd.conf advice.
We have a Cisco ASA 5510 controlling all the routing and an Ubuntu 8.04 Domain Controller running dhcpd to give out addresses.
I would like to keep the existing subnet for statically assigned servers and add several more /24 subnets for Phone, DHCP pool and VPN (this is already implemented on the ASA).
This is my current subnet declaration in dhcpd.conf:
subnet 192.168.16.0 netmask 255.255.255.0 {
option domain-name "blahblah.co.uk";
option routers 192.168.16.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.16.255;
option domain-name-servers 192.168.16.3;
option ntp-servers 192.168.16.2;
option netbios-name-servers 192.168.16.2;
option netbios-node-type 8;
range 192.168.16.32 192.168.16.235;
option option-176 "MCIPADD=192.168.16.11,MCP
}
I would welcome any suggestions on the best way to achieve this. It's been a while since I've done any advanced dhcpd.conf work.
Thanks in advance,
c:)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I had also considered configuring a spare port on the Cisco as the default gate for an extra subnet.
One question about the shared-network statement:
Should I not remove the range statement from my original subnet (192.168.16.0)?
c:)
One question about the shared-network statement:
Should I not remove the range statement from my original subnet (192.168.16.0)?
c:)
> Should I not remove the range statement from my original subnet (192.168.16.0)?
You may leave it or remove, depending do you need it to be included in dhcp pool. If you will include multiple 'range' statements in shared networks - IP address/network assignment will be not predictable, but once IP address is 'leased', it will be assigned to the same machine later across reboots.
> I'll be able to add the extra ifconfig statements without some clever network bridging (or maybe I'm wrong here?)
You are wrong. Network bridging and virtual machine NIC drivers work on lower level, so you may add extra IP addresses.
> Any other options you can think of?
Add more network interfaces/VLANs for every new network, in that case you will not use 'shared' configuration
You may leave it or remove, depending do you need it to be included in dhcp pool. If you will include multiple 'range' statements in shared networks - IP address/network assignment will be not predictable, but once IP address is 'leased', it will be assigned to the same machine later across reboots.
> I'll be able to add the extra ifconfig statements without some clever network bridging (or maybe I'm wrong here?)
You are wrong. Network bridging and virtual machine NIC drivers work on lower level, so you may add extra IP addresses.
> Any other options you can think of?
Add more network interfaces/VLANs for every new network, in that case you will not use 'shared' configuration
ASKER
What do you think about the idea of using the spare interface on the Cisco? I could create a /22 (or maybe /23 would be sufficient) and then include that subnet in my dhcpd.conf.
c:)
c:)
Without knowing your network topology I can't advice anything.
You cant assign intersected networks/netmasks to different ports on Cisco.
So if one port's networl will be a 'supernet' of another - cisco will not even allow you to do it.
You cant assign intersected networks/netmasks to different ports on Cisco.
So if one port's networl will be a 'supernet' of another - cisco will not even allow you to do it.
If you will change network mask - topology will be stay same, you don't need extra ports VLANs etc, just change netmask everywhere (on every device)...
There may be another problem with too many 'broadcast' overhead. So it may be even better to create multiple isolated networks and route them.
There may be another problem with too many 'broadcast' overhead. So it may be even better to create multiple isolated networks and route them.
ASKER
Thanks for your comments.
I'm going to go with your netmask suggestion. Change it to /22 to give me 1024 addresses. This will also solve a lot of VPN routing problems we've been having.
Broadcast overhead should be ok as our Cisco Switches should be able to handle that amount of traffic.
Thanks again.
I'm going to go with your netmask suggestion. Change it to /22 to give me 1024 addresses. This will also solve a lot of VPN routing problems we've been having.
Broadcast overhead should be ok as our Cisco Switches should be able to handle that amount of traffic.
Thanks again.
ASKER
I should have mentioned that the Ubuntu Domain Controller running dhcpd is a Vitual Machine so I don't think I'll be able to add the extra ifconfig statements without some clever network bridging (or maybe I'm wrong here?)
If I go for the network mask to change to a /22 this will break the settings on quite a few site to site VPN tunnels.
Any other options you can think of?
c:)