Solved

DHCP/DNS issue

Posted on 2011-03-04
9
794 Views
Last Modified: 2012-05-11
I have an issue where my company is expanding into a new building.  The old building has an internal ip range from 192.168.8.1 - 192.168.9.254. Everything seems to work fine. They want to bring the majority of the servers, including DNS, to the new building where the internal ip range is from 192.168.23.1 - 192.168.24.254.  The subnet for both locations is 255.255.248.0. The gateway for the new location is 192.168.23.1. We set up the server to do both DNS and DHCP.  The DHCP ended up being a super scope that ranges from 192.168.16.1 to 23.254 on one scope and 24.1 - I think 30.254 on the other scope.  We have the 23.XXX set aside for our servers, printers, cameras etc and have set the 24.XXX set for the users.  I have gone into DNS and the NICs and changed the pointers and IP addresses to match the new location.  My clients seem to be getting the 24.XXX address from DHCP.  My issue is that they cannot access or ping anything on the 23.XXX portion of the network.  The servers can ping one another but not any clients and the clients cannot see the servers or anything on the 23.XXX portion of the network.  What am I missing?  Is it because of the super scope in DHCP?  
0
Comment
Question by:dustaine
  • 2
  • 2
  • 2
  • +3
9 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 100 total points
ID: 35042142
First and formost we need to address this:

192.168.23.1 - 192.168.24.254

This cannot be the range unless the subnet mask is 255.255.224.0 or less. If you use 255.255.248.0 then the following ranges apply:

192.168.16.0/21 - 192.168.16.1 to 192.168.23.254
192.168.24.0/21 - 192.168.24.1 to 192.168.31.254

So, if you use the 255.255.248.0 mask you'll have to make something a router to get between the two networks. I believe that to be the step you're missing. Unless you already have one?

Note: The Superscope is an administrative container, it gives you nothing other than a folder to put scopes in, it has no impact on how clients access individual scopes.

Chris
0
 
LVL 8

Assisted Solution

by:Toxacon
Toxacon earned 100 total points
ID: 35042146
Is the connection between the buildings routed or is it a bridged/LAN connection?

Based on that information you should verify your subnet mask and routing information in case of routed network.
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 100 total points
ID: 35042157
Why are you not using a class B network address space as you are trying to use a class B subnett?

192.168.x.x is a class C address range and your subnetmask should not exceed 255.255.255.0

You should technically now be configured using one of the class B ranges from
172.16.0.0 - 172.16.255.255
172.17.0.0 - 172.17.255.255
172.18.0.0 - 172.18.255.255

Then your netmask of 255.255.248.0 is acceptable and makes sense.

I assume you have a Single router that is the default gateway on both subnets and manages the routing between the two correctly already?
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 2

Assisted Solution

by:tyol
tyol earned 100 total points
ID: 35043188
hey all problems goes from MASK that don't correlates with IP addresses of servers and clients.

try mask 255.255.240.0 that includes all IP addresse from 192.168.16.0 thru 192.168.31.255
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35043476
Do you understand IP address's and routers and netmasks?
0
 
LVL 2

Expert Comment

by:tyol
ID: 35043652
as for me - i do.

if dustaine want use that network - hi can use it.
actualy all 192.168.x.x range is private.
Yes it's not best choice but it can be :)

of cause without router or withuot routes on computers he can't acces computers from 192.168.8.x range, but he doesn't wrote about this problem
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 35044079

Classful addressing... it's been a long long time since that was the root of any problem. 192.168.0.0/16 is the private range in Class C. Convention and tradition may have us use masks /24 or more, but no rule in the network stack enforces that. There's nothing wrong with using the range above provided the mask does not prohibit acces between networks or a router is present to help out.

And yeah, 255.255.240.0, I miscounted that one earlier :)

Chris
0
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 100 total points
ID: 35047140
There are some significant IP subnetting problems here, as Chris alluded to.

If the subnet mask is truely 255.255.240.0, the first network ID is 192.168.8.0, and the broadcast IP is 192.168.15.255. The correct subnet mask for a useable range of 192.168.8.1-192.168.9.254 is 255.255.254.0.

For the second building, in order to have 192.168.23.1 and 192.168.24.1 in the same subnet, you actually need to go to a subnet mask of 255.255.224.0, which makes the network 192.168.16.1-192.168.31.254.

If dustaine wants to keep the subnets at 510 hosts, the subnet for the first building should be corrected to 255.255.254.0, and the network in the new building should be changed to 192.168.24.0 255.255.254.0 with usable IPs 192.168.24.1-192.168.25.254. The other option is to change the mask to 255.255.224.0, and then realize that the network really does go from 192.168.16.1-192.168.31.254.

The author can explore using a subnet calculator.
http://www.subnet-calculator.com/subnet.php?net_class=B

0
 

Author Comment

by:dustaine
ID: 35064355
You all have been really great in your assistance.  Honestly, I am just a Information Security person who had been put in charge of putting this together.  I remember some things from subnetting and figured the mask was the issue, especially when I saw the range as 16 - 23.  I figured the .23 wouldn't be able to talk to the .24 without some routing. The .23 and .24 are actually on the same network in the same building. The .8 network is in the building next door.  I am not really interested in the two building communicating except perhaps via vpn because of ITAR and other concerns. I was just momentarily stumped as to why on the same network .23 and .24 would not talk to one another then I remembered binary. lol.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A procedure for exporting installed hotfix details of remote computers using powershell
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question