• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 267
  • Last Modified:

Segragate IP Ranges per building

Hello All, we have a dilemma at our office. We are running out of IP's because the old IT staff decided to use 255.255.255.0 as the subnet. Pretty soon we will be changing our network over to 255.0.0.0 to open us up. The question is, how do we (using windows servers) separate each of our 3 buildings into separate ip ranges. For instance building 135 would utilize ip ranges 192.168.135.x (workstations) as well as 192.168.136.x (alternate ip devices). We would want to make the same configuration change at the other two buildings, building 160 would have ip ranges 160 and 161 building 150 would use 150 and 151. This is a layer 2 network using a microwave for connectivity.
How would we separate those networks using windows server?

Thanks everyone.
0
CKabs
Asked:
CKabs
  • 5
  • 5
  • 2
  • +1
3 Solutions
 
Krzysztof PytkoActive Directory EngineerCommented:
You can't do that using Windows Server. You need to implement VLANs or divide network range for some sub-networks and then in each bulding use IPHelper or DHCP Relay Agent to send DHCP requests to DHCP server in another building or place one DHCP server per building to accomplosh that.

Windows DHCP service doesn't iclude anything to split networks to issue IP leases. It answers to broadcast address using options defined in scope/server

Regards,
Krzysztof
0
 
pritamduttCommented:
I would suggest you to begin with evaluating your current Network Infrastructure to look for VLAN capable switches which will allow you to define VLANs.

Once you have VLANs defined, with appropriate DHCP Server configuration,  you could create different DHCP Scopes on Windows Server to manage your network.

So, the first step would be to check your Network Hardware (Switches/Routers) and their VLAN capabilities.

Hope this helps!

Regards,
0
 
CKabsAuthor Commented:
iSiek:
Sorry what i meant when i said windows server was to utilize DHCP in windows server. I should have made that clear. So your suggestion is to set up a DHCP server in our main bldg 135 then use DHCP relay to foward all requests to that DHCP server. However where/how would i define only that traffic coming from say bldg 160 to use only the specified ip ranges?
P,S i was under the impression IPHelper is used on layer 3...

pritamdutt:
I was struggling with the idea of using VLAN's it does seem to be our easiest answer. Our switches def support it. The part i was missing is, how do we get two vlans to communicate. Also how do i config dhcp so it assigns different ip ranges to each VLAN?

Thanks so far everyone.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
Krzysztof PytkoActive Directory EngineerCommented:
Yes, that was I mean :]
OK, for DHCP Relay Agent, you need to have at least one 2003/2008 server per building. On 2003 Active "Routing and Remote Access" role and there you will find DHCP Relay Agent
http://technet.microsoft.com/en-us/library/cc782859%28WS.10%29.aspx

for 2008 use also RRaS console
http://technet.microsoft.com/en-us/library/dd469685.aspx

sorry for IPHelper, I forgot that it's based on IP not MAC ;)

Krzysztof
0
 
pritamduttCommented:
CKabs,

As part of VLAN Configuration you specify the following:
-VLAN IP Address assigned on the routing switch
-VLAN Subnet Address assigned on the routing switch
- Configure DHCP Relay/Boot Prelay by specified your DHCP Server IP
- Enabled DHCP Relay for applicable VLANs
- Enable IpForwarding/Routing

Once you have done this as part of DHCP Packet information sent to DHCP Server, it will allocate the IP Address of range assigned to a requesting VLAN.

This is best and manageable method.

Hope this helps.
0
 
pritamduttCommented:
0
 
pritamduttCommented:
Any updates? Did it work?
0
 
pwindellCommented:
We are running out of IP's because the old IT staff decided to use 255.255.255.0

Then the company should have kept them since they knew what they were doing.  Ethernet degrades at around 250-300 hosts.  They should never be larger than 254 Host segments.



0
 
CKabsAuthor Commented:
Hey pritamdutt,
Sorry for the extended delay on my response. I have reviewed the information provided with my manager. We both feel using VLAN's to segregate our buildings is an unnecessary step. It has been brought to my attention that we could preform this action using a DC at each site which we then setup a dhcp server on as well using that dhcp server to issue IP addresses within the scope we define. Do any of you commenter's know how this would work? Or if it would work correctly?
Also just some thoughts on the VLAN, normally this is used to separate departments/floors for security purpose's. I am struggling with the idea of using VLAN's to segregate our buildings. Since VLAN's use MAC addresses to sort traffic to its intended port, how does the ip assignment come into play? How would I assign a created VLAN to retrieve IP from a specific scope thus preforming the desired action.

pwindell:
This website is used for instruction on topics less known then the person posting. Keep your negative comments to your self. Unless you have something informative to post then please do not spam my Topic with your negative comments.

Thanks.
0
 
pwindellCommented:
pwindell:
This website is used for instruction on topics less known then the person posting. Keep your negative comments to your self. Unless you have something informative to post then please do not spam my Topic with your negative comments.


I've been on this site for years.  I'm quite familiar with what the site is for and from time to time influence what is actually kept in the site's database and what is thrown out.   I'm not spamming anything of yours.  My comments aren't negative, although they may be a bit blunt.   Pritamdutt  has given to best and correct advice.  My comment is meant to enforce what he said by stating why the Network should be broken into multiple segments rather than roll the mask back to  an /8 bit mask which is the worst thing anyone could do.  Ethernet looses efficiency at around 250-300 Hosts, so it is an easy simply principle to follow,...for every 200 Hosts create a new /24bit IP Segment.

These threads are for other people to search for solutions, and because of that I cannot let bad practices go into the site's database as if they are the correct solution, and I am referring to your desire to roll the mask back to /8 bits.  People searching these threads need to understand that this is bad and that it should not be done.

The primary reason for segmenting is not for security, that is only a secondary side benefit.  The primary reason is the reduce the negative effects of broadcasts to save bandwidth. In fact that is why an IP Segment is also called a Broadcast Domain.  If you have WAN links or VPNs between the buildings then this becomes even more critical because those links run at a slower speed to begin with and their performance can more easily be damaged.

Even if you do some filtering at Layer2 that does not allow you to over-load the segment by rolling back the mask.  The Layer2 Filtering will likely still allow a packet sent to ff-ff-ff-ff-ff-ff which is broadcast address after it has been applied to Layer2.
0
 
pwindellCommented:
Here's a simple 5 building layout that can support 2048 IPs with only a single LAN Router at each facility and will not overload the segments.  A Layer3 capable Switch can serve as the LAN Router in each building,...so if you have any of those that will save you money. The Switch Icons (and their labels) represent each IP Segment.  The IP#s of individual devices are not shown.  

The 4 WAN segment routing is Supernetted to carry 512 addresses. The labels on the WAN links indicate the Route Table entry and are not the address used on the actual WAN Interfaces which would be /30bit point-to-point segment from a completely different address set.

 Corp-Layout-with-4-branches.
0
 
pwindellCommented:
Not a lot of details given on the WAN links because the distance and the line technology all effect how it is handled.   Depending on the equipment and the situation a Layer3 switch may not be able to act as both a LAN Router and a WAN Router at the same time which could mean having separate Routers for the WAN and LAN.
0
 
pritamduttCommented:
Hi,

It is purely call of an organization on making a choice on technology to be deployed.

If you wish to use Separate DCs with DHCP Servers for each building make that you have a router installed at each building at where your Microwave Connection is terminated and is connected to local network in the building.

Once you have achieved the above, you need to do following steps:
1. DROP all DHCP traffic on the router; DHCP Traffic is targeted for port 67. This would prevent any possibility of incorrect IP getting assigned to any machine.
2. Great the machine in Building 160 has received IP from DHCP Server at building 160, but this machine is not able to talk to server in BUILDING 161. Now how do we do this? This can be achieved using
- a) Defining the IP Address of the router as Gateway in DHCP Configuration for the Clients.
- b) Defining routes in the router for other available IP Address Ranges on the network. Please note this can be done using either RIP or Static Routing, as may be the choice of implementer.

Hope this helps....

Regards,

0
 
pwindellCommented:
It is purely call of an organization on making a choice on technology to be deployed.

Yes,..and quite often those calls are bad ones.  Too many consultants also make bad ones, often driven by what the consultant wants to sell to the client because of whatever marketing is driving the consultant's company.

My goal here is to always give the most efficient, most straight forward network design, that falls within what can be feasibly explained in simple Forum Messages (since we can actually be on site).
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 5
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now