Solved

DHCP/DNS issue

Posted on 2011-03-04
9
791 Views
Last Modified: 2012-05-11
I have an issue where my company is expanding into a new building.  The old building has an internal ip range from 192.168.8.1 - 192.168.9.254. Everything seems to work fine. They want to bring the majority of the servers, including DNS, to the new building where the internal ip range is from 192.168.23.1 - 192.168.24.254.  The subnet for both locations is 255.255.248.0. The gateway for the new location is 192.168.23.1. We set up the server to do both DNS and DHCP.  The DHCP ended up being a super scope that ranges from 192.168.16.1 to 23.254 on one scope and 24.1 - I think 30.254 on the other scope.  We have the 23.XXX set aside for our servers, printers, cameras etc and have set the 24.XXX set for the users.  I have gone into DNS and the NICs and changed the pointers and IP addresses to match the new location.  My clients seem to be getting the 24.XXX address from DHCP.  My issue is that they cannot access or ping anything on the 23.XXX portion of the network.  The servers can ping one another but not any clients and the clients cannot see the servers or anything on the 23.XXX portion of the network.  What am I missing?  Is it because of the super scope in DHCP?  
0
Comment
Question by:dustaine
  • 2
  • 2
  • 2
  • +3
9 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 100 total points
ID: 35042142
First and formost we need to address this:

192.168.23.1 - 192.168.24.254

This cannot be the range unless the subnet mask is 255.255.224.0 or less. If you use 255.255.248.0 then the following ranges apply:

192.168.16.0/21 - 192.168.16.1 to 192.168.23.254
192.168.24.0/21 - 192.168.24.1 to 192.168.31.254

So, if you use the 255.255.248.0 mask you'll have to make something a router to get between the two networks. I believe that to be the step you're missing. Unless you already have one?

Note: The Superscope is an administrative container, it gives you nothing other than a folder to put scopes in, it has no impact on how clients access individual scopes.

Chris
0
 
LVL 8

Assisted Solution

by:Toxacon
Toxacon earned 100 total points
ID: 35042146
Is the connection between the buildings routed or is it a bridged/LAN connection?

Based on that information you should verify your subnet mask and routing information in case of routed network.
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 100 total points
ID: 35042157
Why are you not using a class B network address space as you are trying to use a class B subnett?

192.168.x.x is a class C address range and your subnetmask should not exceed 255.255.255.0

You should technically now be configured using one of the class B ranges from
172.16.0.0 - 172.16.255.255
172.17.0.0 - 172.17.255.255
172.18.0.0 - 172.18.255.255

Then your netmask of 255.255.248.0 is acceptable and makes sense.

I assume you have a Single router that is the default gateway on both subnets and manages the routing between the two correctly already?
0
 
LVL 2

Assisted Solution

by:tyol
tyol earned 100 total points
ID: 35043188
hey all problems goes from MASK that don't correlates with IP addresses of servers and clients.

try mask 255.255.240.0 that includes all IP addresse from 192.168.16.0 thru 192.168.31.255
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 37

Expert Comment

by:Neil Russell
ID: 35043476
Do you understand IP address's and routers and netmasks?
0
 
LVL 2

Expert Comment

by:tyol
ID: 35043652
as for me - i do.

if dustaine want use that network - hi can use it.
actualy all 192.168.x.x range is private.
Yes it's not best choice but it can be :)

of cause without router or withuot routes on computers he can't acces computers from 192.168.8.x range, but he doesn't wrote about this problem
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 35044079

Classful addressing... it's been a long long time since that was the root of any problem. 192.168.0.0/16 is the private range in Class C. Convention and tradition may have us use masks /24 or more, but no rule in the network stack enforces that. There's nothing wrong with using the range above provided the mask does not prohibit acces between networks or a router is present to help out.

And yeah, 255.255.240.0, I miscounted that one earlier :)

Chris
0
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 100 total points
ID: 35047140
There are some significant IP subnetting problems here, as Chris alluded to.

If the subnet mask is truely 255.255.240.0, the first network ID is 192.168.8.0, and the broadcast IP is 192.168.15.255. The correct subnet mask for a useable range of 192.168.8.1-192.168.9.254 is 255.255.254.0.

For the second building, in order to have 192.168.23.1 and 192.168.24.1 in the same subnet, you actually need to go to a subnet mask of 255.255.224.0, which makes the network 192.168.16.1-192.168.31.254.

If dustaine wants to keep the subnets at 510 hosts, the subnet for the first building should be corrected to 255.255.254.0, and the network in the new building should be changed to 192.168.24.0 255.255.254.0 with usable IPs 192.168.24.1-192.168.25.254. The other option is to change the mask to 255.255.224.0, and then realize that the network really does go from 192.168.16.1-192.168.31.254.

The author can explore using a subnet calculator.
http://www.subnet-calculator.com/subnet.php?net_class=B

0
 

Author Comment

by:dustaine
ID: 35064355
You all have been really great in your assistance.  Honestly, I am just a Information Security person who had been put in charge of putting this together.  I remember some things from subnetting and figured the mask was the issue, especially when I saw the range as 16 - 23.  I figured the .23 wouldn't be able to talk to the .24 without some routing. The .23 and .24 are actually on the same network in the same building. The .8 network is in the building next door.  I am not really interested in the two building communicating except perhaps via vpn because of ITAR and other concerns. I was just momentarily stumped as to why on the same network .23 and .24 would not talk to one another then I remembered binary. lol.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
SQL Server 2008 R2 - Execution Plan 3 28
LINUX, CPANEL & WHM 5 21
Windows Share/Security permissions 20 39
Folder NTFS Permissions 14 67
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now