Windows Server 2003, DHCP - Out of IP addresses

One of the folks in the office saw this message today:

“IP address conflict. Another computer on this network has the same IP address as this computer.”  

I checked DHCP, and sure enough, every single IP was issued today.  I have a /24 network, and I'm out of IPs.  Over the last 2 years I've reduced the DHCP lease duration from 5 days to 4, to 3, to 2, and now I'm down to 1.  

The obvious fix seems to be to change the subnet mask on the network.  (I'm thinking of going with /16).  The effort required to do so, however, would be considerable.  

Anyone have any clever workarounds?  Or, do I need to bite the bullet and change the subnet mask?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Arguably just as much work, but do you have the capability to VLAN it out to multiple separate subnets? That might be a better solution in the long run than using a /16 for a few hundred addresses.
Absolutely...  You can do a "SuperNet"...  

Create another DHCP scope for another /24 address, so for example, if you were using 192.168.1.x before, create another scope for 192.168.2.x now, and configure it basically the same way as your other DHCP scope is configured.

THEN, create a "SuperNet", and add both of the subnet scopes into the supernet.  What this will do is to tell the server that it can answer DHCP requests from that physical subnet with addresses from EITHER range of addresses.

SO.,.   Now, the potentially tough part is that now you'll have to have a default gateway for the second subnet.  For example, a 192.168.2.x machine wont be able to talk directly to a 192.168.1.x machine (or gateway) so to get to the Internet, that would be a problem...

If you're using a Cisco router, then you can add a command like:

Router Config Int# ip address SECONDARY

The "Secondary" will tell it to add a SECOND address to the same NIC...

If your default gateway is a Windows PC, such as the server itself (and probably is, if you're using SBS or ISA), then you can just give your windows server a second IP address on the same NIC, and it will route between the 2 LAN subnets.   You might have to (or want to) install the "Routing and Remote access" component as a "LAN router" if you absolutely need peer to peer access between the subnets (like workstation to workstation)  otherwise  you might be able to get away with just the secondary IP address.

Another way is that if you have a lot of printers which ONLY have to talk to the server, then you can just move the PRINTERS to the new subnet, not worry about the Supernet, and not worry about the RRAS, and just understand that the SERVER will be able to talk to the printers because it has an address on both subnets, but the workstations wont be able to talk straight to the printers (They dont have to, as long as you're using a server based queue)

Of course, the CLEANEST solution would be to get rid of the DHCP scope, change the subnet mask to /23 ( and then re-create a DHCP scope with the bigger range, but if you do that, then you'll need to go to all your static machines and change the subnet mask too.

If this doesn't make sense, let me know what your WAN connectivity is using and how much control you have over it, and maybe I can recommend something else, but I've done all of the above in a pinch, and it's worked well...


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jdanaAuthor Commented:
Steve and  Duff614,

Wow.  Terrific responses.  

I have a Cisco ASA 5505 firewall associated with the network, and, candidly, it's the one device in the network that makes me nervous to configure.  I'm a really developer who has a part time gig as a network administrator with my big client.

I'm not sure if this is an appropriate question to pose on EE, but what the hell, it can't hurt to ask.  Do either of you work with Cisco firewalls?  If not, do you know of a good contractor that does?  (I could remote them in.)  This is one project I'd like to tackle with some assistance.
Ahh!  Cool..  YEs - I have a 5505 here at home too..  (Gotta have a good lab, right?!)  so I think I can walk you through what you might need..

Can  you copy your ASA config into here?  Be careful to block out any passwords, and even any EXTERNAL ip addresses, just to be safe..  Like, if your external ip was, maybe you could do a global search/replace to change that to or something.

Do you use the GUI to program the ASA, or do you use the command line?  Personally I'm more of a command-line guy, but if you use the GUI, I can try to simulate what you're doing, and come up with some steps in the GUI..
jdanaAuthor Commented:

I figured out the lease issue.  (There was a little stupidity on my part.)  Thanks for the terrific suggestions.  I saved them to my master cheat sheet.

I appreciate the offer as well.  

You have an ASA 5505 at home.  That's pretty funny.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.