sglantos
asked on
Creating more IP addresses on a class c network?
Hello,
I am running Active Directory on a 2008 server environment. We are running out of usable IP addresses and I need to setup a new subnet... I have three questions:
1. Can I use the same gateway address and DNS info for all subnets?
2. Besides creating a new subnet in Sites and Services and adding a new scope in DHCP (under a superscope), what else needs to be done in AD? (The new scope can be activated in DHCP just fine and clients will connect, but have no internet access).
3. How can I make sure all new IP addresses have full Internet access?
Thanks in advance,
I am running Active Directory on a 2008 server environment. We are running out of usable IP addresses and I need to setup a new subnet... I have three questions:
1. Can I use the same gateway address and DNS info for all subnets?
2. Besides creating a new subnet in Sites and Services and adding a new scope in DHCP (under a superscope), what else needs to be done in AD? (The new scope can be activated in DHCP just fine and clients will connect, but have no internet access).
3. How can I make sure all new IP addresses have full Internet access?
Thanks in advance,
ASKER
Thanks SparkyBoy,
Here is a snapshot of my setup:
Router to Internet (controlled by ISP)
Cisco ASA 5510 acting as internal router, Firewall/VPN and gateway
Switches/Hubs/etc.
3 Domain Controllers
Servers and PCs
Subnets created 192.168.2.0/24 and 192.168.3.0/24
First subnet is primary and active...
So you are recommending:
I create a new zone in DNS (perhaps a subzone like sub.domain.com) and then do what with it?
Set up a new route in the ASA 5510 to route between the new subnets?
As you may tell I am a novice with AD and subnets...
Thanks in advance
Here is a snapshot of my setup:
Router to Internet (controlled by ISP)
Cisco ASA 5510 acting as internal router, Firewall/VPN and gateway
Switches/Hubs/etc.
3 Domain Controllers
Servers and PCs
Subnets created 192.168.2.0/24 and 192.168.3.0/24
First subnet is primary and active...
So you are recommending:
I create a new zone in DNS (perhaps a subzone like sub.domain.com) and then do what with it?
Set up a new route in the ASA 5510 to route between the new subnets?
As you may tell I am a novice with AD and subnets...
Thanks in advance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I have a good solution, but what kind of router or firewall do you have on your network?
ASKER
Cisco ASA 5510 is the internal router/firewall
To answer your last question, you would create a new zone within DNS. Also to include reverse lookup zone. This would specify the new range of subnet you are creating.
Regards DHCP, you will need to give some thought as to how you would deliver addresses for your second subnet, though if you consider my last post re increasing the size of your subnet and scope, you will resolve this.
Your internal router would need to be capable of having multiple logical or physical interfaces (ie. one ip address for each subnet).
Once that is configured you would configure routes between the two subnets. Those interfaces would be the gateway for each subnet.
SparkyBoy.
Regards DHCP, you will need to give some thought as to how you would deliver addresses for your second subnet, though if you consider my last post re increasing the size of your subnet and scope, you will resolve this.
Your internal router would need to be capable of having multiple logical or physical interfaces (ie. one ip address for each subnet).
Once that is configured you would configure routes between the two subnets. Those interfaces would be the gateway for each subnet.
SparkyBoy.
http://technet.microsoft.com/en-us/library/cc757614%28WS.10%29.aspx
check out example 2.. You should just have to add the additional IP's to the LAN side of your cisco.
check out example 2.. You should just have to add the additional IP's to the LAN side of your cisco.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks to all of you for the great responses... I think I like the changing the mask option the best. Less of a possibility for massive problems.
One last question (I think). Is there an alternative to going around to every host and changing the subnet mask? Can such a change made within the subnets section of AD sites and services? And if so, will that change all the static settings on hosts?
Thanks again
One last question (I think). Is there an alternative to going around to every host and changing the subnet mask? Can such a change made within the subnets section of AD sites and services? And if so, will that change all the static settings on hosts?
Thanks again
For the DHCP machines, you just change the scope/server properties.
For the static machines, you could try and script something with WMI or Netsh.exe (I'm not a big fan of either, but those are the ways to do it.).
You will be fine not changing them *yet*.. except the machines on the old subnet mask will not be able to talk to the machines on the 'expanded' part of the subnet until they are switched. (The return packets won't know where to go, and there's no direct router involved).
Priority order though:
1. Firewall
2. Routers & switches
3. DC's
4. other data servers
5. other workstations/printers
6. Then add the new machines on the expanded subnet
That should keep it all pretty seamless.
Coralon
For the static machines, you could try and script something with WMI or Netsh.exe (I'm not a big fan of either, but those are the ways to do it.).
You will be fine not changing them *yet*.. except the machines on the old subnet mask will not be able to talk to the machines on the 'expanded' part of the subnet until they are switched. (The return packets won't know where to go, and there's no direct router involved).
Priority order though:
1. Firewall
2. Routers & switches
3. DC's
4. other data servers
5. other workstations/printers
6. Then add the new machines on the expanded subnet
That should keep it all pretty seamless.
Coralon
ASKER
Thanks all again...
So, I changed the subnet to /23 in AD and on the DCs... Setup a brand new DHCP scope that includes the new addresses as well as the old ones with proper exclusions for static IPs. It is now the only scope in DHCP.
I presume I need to do the same thing on my ASA 5510 Ethernet 0/1 (internal connection as well)?
And one other question while I am at it... tried setting up a new host towards the high end of the subnet, using the old addresses for the DNS and gateway routers. A warning came up about the duifferent subnets, but plowed on anyway.
But the new host cannot ping any hosts in the original subnet... ideas?
Thanks again.
So, I changed the subnet to /23 in AD and on the DCs... Setup a brand new DHCP scope that includes the new addresses as well as the old ones with proper exclusions for static IPs. It is now the only scope in DHCP.
I presume I need to do the same thing on my ASA 5510 Ethernet 0/1 (internal connection as well)?
And one other question while I am at it... tried setting up a new host towards the high end of the subnet, using the old addresses for the DNS and gateway routers. A warning came up about the duifferent subnets, but plowed on anyway.
But the new host cannot ping any hosts in the original subnet... ideas?
Thanks again.
You'll need to ensure that all host are in the same subnet (have same subnet address).
You will also need to change the subnet mask of the router.
Check that all hosts are registered within the new dns scope you've created (renew ip addr).
SparkyBoy.
You will also need to change the subnet mask of the router.
Check that all hosts are registered within the new dns scope you've created (renew ip addr).
SparkyBoy.
I know I'm a late comer into this, but I don't usually recommend changing your subnet mask to increase your address space. By increasing the number of addresses on the subnet you also increase the amount of broadcast traffic and the number of transmit slots if you don't use switching: i.e. simplified: there are 1024 time slots a card can transmit on. If 2 cards try at once then they have to go back, pick another slot and try again. Each time this happens you have a collision. Switches reduce this by handling the traffic for you if configured correctly.
The more devices you have, the more chance you use up bandwidth by collisions. You also have talkative devices that eat up traffic on that subnet. If you have more devices, you have more chatter.
Also, One thing I did not see if you have 2 separate subnets, you need to forward the DHCP through the router for the new subnet to your DHCP server. Otherwise the new subnet will not get addresses. The DHCP server determines what address to hand out based on the traffic from the router.
The more devices you have, the more chance you use up bandwidth by collisions. You also have talkative devices that eat up traffic on that subnet. If you have more devices, you have more chatter.
Also, One thing I did not see if you have 2 separate subnets, you need to forward the DHCP through the router for the new subnet to your DHCP server. Otherwise the new subnet will not get addresses. The DHCP server determines what address to hand out based on the traffic from the router.
2 - You will need to create a new zone within DNS to allow the addtional subnet;
3 - The server acting the DNS role should have its default gateway set to your router. It's DNS forward should specify your ISP DNS addresses. All clients, via DHCP, should be set to use your DNS server as it's primary DNS.
Hope this gives some help,
SparkyBoy.