Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Expanding network to another subnet

Posted on 2014-03-21
12
Medium Priority
?
807 Views
Last Modified: 2014-05-13
Hello,
     I manage a small business network and we are running out of IPs. I am wondering what the best practice would be for expanding into another subnet? I currently have a sonicwall NSA220 router and a Windows Server 2003 DHCP server. What I would like to do is have another subnet for new workstations and servers, and have these subnets talk to each other. What would be the best way to go about this?

Thanks!
0
Comment
Question by:indigo6
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +4
12 Comments
 
LVL 30

Expert Comment

by:pgm554
ID: 39946792
0
 

Expert Comment

by:sweetness34
ID: 39946824
I would either expand the subnet which you will have to setup a new  DHCP scope on windows 2003 or create the other subnet and run DHCP on the Sonicwall or if the Sonicwall supports IP  helper addresses configure an addition DHCP scope for the new subnet on Windows 2003.
0
 
LVL 37

Expert Comment

by:bbao
ID: 39946895
> So you are using up all 253 class C  IP's?

hehe, that doesn't sound like a small business?

how are the client computers connected to the network? wireless or wired to other switches then to the router?

generally, i think there are two approaches depending on your cost, time and security considerations.

the first is to simply add one more subnet, define the router to relay DHCP to the new subnet or even enable the router's DHCP services against the new subnet.

another approach is to refine the whole network per your organisation structure and server infrastructure, this may allow the network to support your business for an even longer time.

for example, move all servers to one or more subnets hence more protection could be applied based on security zones (subnets). the same principle may apply to the client computers too depending on different security levels for different departments or groups. a central router is used to interconnect all subnets with proper firewall rules applied per security and performance considerations.

of course the latter approach may cost you more on money and time, but may streamline the network to meet your business needs in the near future.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 71

Expert Comment

by:Qlemo
ID: 39947349
The most simple approach is to just expand your subnet mask by one or more bits. Instead of /24 (255.255.255.0) use /23 (255.255.254.0) or /22 (255.255.252.0). Each bit doubles the available amount of IPs.
You can set that up directly in the DHCP scope and options.

However, too many devices in the same subnet cause a lot of "noise", reducing the available bandwidth. That does not happen if using separate subnets connected by routers.
0
 

Author Comment

by:indigo6
ID: 39947940
Ok, thanks! I think I want to go with a second subnet. What I would like to do in theory is have another DHCP pool on a different server for all the new dynamically assigned addresses, and then have my existing subnet be just for my servers, etc. Can I do this with just one router? How would I configure my sonicwall if so?
0
 
LVL 37

Expert Comment

by:bbao
ID: 39948010
how many servers do you have?

is a single class C subnet big enough for all your client computers?

how many zones does your SonicWALL support for routing?
0
 

Author Comment

by:indigo6
ID: 39948077
We have a quite a few servers, but we are a print shop so we also have quite a few statically assigned devices like platemakers and digital presses. A single class C will be sufficient.

I'm not sure how many zones, it is a NSA220
0
 
LVL 31

Expert Comment

by:masnrock
ID: 39948569
While I do concur with expanding changing your network from a standard class C to having a 23 bit subnet mask, there are two approaches you can take to create a second subnet:
1) Configure one of the LAN ports with a new subnet
2) Create a VLAN

The first one tends to be simpler as long as it is easy for you to do a physical separation of the network equipment, otherwise the VLAN approach is the only feasible solution.

To do choice #1, you configure one of the ports to be part of a new separate subnet (say port X2 has an IP address on subnet 192.168.0.0/24), then you can create a new DHCP server if necessary.

Choice #2 involves creating a virtual interface, as well as configuring your switches to understand the VLANs.
0
 
LVL 17

Expert Comment

by:vivigatt
ID: 39950580
Another subnet means that you have to configure your router(s) for this second subnet, and that the "new" devices will have to connect to the "new" subnet one way or another.
You will also need to configure ip-helper addresses (DHCP relay) on your routing devices so that the DHCP discover packets sent by DHCP clients to broadcast addresses on the new subnet are forwarded to your DHCP server (broadcasts are not routed and broadcasts sent on one subnet do not reach hosts in another subnet).

Expanding the subnet mask by 1 or 2 bits is certainly an easier path if networking/routing/subnetting/vlans is not something you want to play with.

Check this article for some more details and operations :
http://support.microsoft.com/kb/255999
0
 

Author Comment

by:indigo6
ID: 39951260
Ok, I certainly agree that expanding the subnet would be easier. However I have more than 100 manually configured devices that I would have to change the subnet mask on. So I'm note sure which solution would actually be easier. Also, I'm not sure if all my switches support VLANs.
0
 
LVL 17

Accepted Solution

by:
vivigatt earned 2000 total points
ID: 39951611
Depending on your routing devices, you MAY keep the statically configured devices with their current config (at least temporarily).
If this works, this is how I see things:
when one of your "static devices" (Node A) sends a packet to another node (node B) in your LAN, if node B is in the "subnet range" of the current subnet mask (between 192.168.1.1 and 192.168.1.254 for instance), everything stays the same, Node A resolves node B's address using ARP and sends packets directly to it.
Now if Node B is in the "new range" (let's say  its address is 192.168.2.100), node A is still using the old subnet mask (255.255.255.0) and then "thinks" that node B's is in another subnet. It then sends the packet to its default router. The router receives the packet and... forward it to Node B. This is not very clean, this adds an hop to the path the packets take, this put some pressure on the router but this may leave you some time and flexibility to change the "static nodes" subnet mask on an ad-hoc basis or without having to do them all in a row.
When you change the static nodes config, maybe you can configure them as DHCP clienst and use DHCP reservations to make sure they always get the same IP address.

Now, that being said, if you just can extend your scope for it to have more available addresses, this would be ideal. No subnet change, you just extend your scope. Let's say that you currently have, in the 192.168.1.0/255.255.255.0 network, the following scope : 192.168.1.100-192.168.1.199. If you can use the scope 192.168.1.50-192.168.1.254, you then have more than doubled your pool of available addresses.
0
 

Author Closing Comment

by:indigo6
ID: 40062279
This solution was the most complete, thank you!
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
In this article, we’ll look at how to deploy ProxySQL.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question