500 DHCP Leases on SonicWall TZ105

Hello experts,

My question is very simple (or so I hope). I need to be able to configure my SonicWall to hand out more than 255 DHCP leases. This is for a public wireless network, so I'm not concerned about them communicating between subnets, and I actually prefer they weren't able to. There will be no administrative/sensitive traffic on the LAN, only from the WAN connection for management. How do I properly configure a SonicWall TZ105 running the 5.9.1 firmware to hand out more than 255 DHCP leases seamlessly on interface 0, 2, 3 and 4 (because there's one WAP connected to each interface)? I would expect at any given time there may be 500 users on this network, so ideally over 1000 available leases would be perfect.

I'm looking for exact instructions, not general, "set your Subnet Mask to and configure to". I did try that and it kept throwing errors about the gateway not being in the range and etc... If a SonicWall TZ105 can't do that, it's okay, please recommend a router you think would work for this.

If the seamless functionality isn't available due to the different interfaces, that's okay too. I'll get a PoE switch and plug it into one port.

I've found previous little information on doing this from Google searches, hence my post here!

Thank you!
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AkinsdNetwork AdministratorCommented: may be unrealistic for a local subnet. That's way too many addresses, that's over 65,000 hosts. and configure to

These don't match up and reason for the errors you're getting.
Your range for subnet is -

What you need is an average of 500 hosts per subnet but if you want up to 1,000 with the hope that you have a robust enough network, then that's also doable but that would be the max I'll recommend. You'd be better off creating multiple subnets instead.

For 500 (510 to be exact),
Network ID
Range: -
Your gateway could be or depending on your preference

For 1000 (1022 to be exact)
Network ID
Range: -
Gateway:  (or depending on your preference)
dwilliams4391Author Commented:
Here's the exact error with the settings you've described:

"Error: The range start and end match different interface".

I understand that is effectively 65,000 leases. I don't expect that to work regardless of the scenario. I wouldn't actually configure it that way, I was just using an example.
dwilliams4391Author Commented:
I should also clarify, there won't be 1000 active users on it at once. This wireless network is in a public space and there may be that much traffic over the period of 1 hour (which is what I've set the DHCP lease time to) on their mobile devices. This isn't a scenario where it's a conference space with an expectation of that many users constantly at one time.
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

AkinsdNetwork AdministratorCommented:
The gateway would be the address you would configure on the interface. Another interface cannot have an address within the same range you're configuring.
"Error: The range start and end match different interface"
This means there's an address on the interface of your router that fall within that range. The router won't allow that configuration

The /23 subnet (512 hosts) would suffice then.

Do a show ip int b on your device and post the result. I'll tell you where you're getting your conflict from

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dwilliams4391Author Commented:
While your comment didn't directly solve my question, it did help to point out the obvious to me that I kept missing - I have to set the Subnet Mask to on the Interfaces page AS WELL AS the DHCP Server configuration...

Much appreciated...

Other comments are welcome if anyone has anything to add.

Do you have a good resource on information regarding the /23 and etc (I usually see this from ISPs on their static IP blocks they provision for us)? I seemed to have a hard time finding information on what those translate to.
AkinsdNetwork AdministratorCommented:
These are referred to as notation bits.
There are 32 bits in the IPv4 addressing scheme divided into 4 octets of 8 bits each.
11111111 11111111 11111111 11111111
the bits represented by their values are
128 64 32 16 8 4 2 1  128 64 32 16 8 4 2 1  128 64 32 16 8 4 2 1  128 64 32 16 8 4 2 1
If you add all 128 64 32 16 8 4 2 1, you'll get 255
eg means all the first 24 bits are turned on = 11111111 11111111 11111111 00000000
This is a /24 network. The bits that are turned on represent the Network
For a /23, this is 11111111 11111111 11111110 00000000
First 23 bits are turned on.
For a /30 11111111 11111111 11111111 11111100
First 30 bits are turned on

dwilliams4391Author Commented:
That actually makes more sense than any other description I've read or heard...

Much appreciated!

Thank you.
AkinsdNetwork AdministratorCommented:
You're welcome
Blue Street TechLast KnightCommented:
Hi dwilliams4391,

Can you post another question regarding more details about this project, like the /23 translation, etc.? I'd like to delve into this more. There are many issues I see with this question that weren't addressed.

1. First off, a TZ105 is built to handle a small remote location office/home - it can handle maybe 5-10 concurrent users. I wouldn't use this device for what you are trying to achieve and we haven't even broached what the WAP specs are (I highly doubt they are robust enough). The rest of my points below reference your TZ105 but that is only to say that SonicWALL rocks and can do a ton (actually Best of Breed)...its just your model is far to under-gunned, IMO, to handle you needs.

2. You can configure a NGFW (Next Generation Firewall), which your TZ105 is with one large subnet spread between many ports via PortShielding. e.g., LAN (6500 addresses) could be distributed on ports X0, X2-X4. PortShielding essentially virtualizes the physical ports so that they behave in many different ways...one being they can act as one port, etc.

3. When you are asking how to essential protect segments of the network from each other (cross traffic between Zones (LAN and WLAN), etc.) you are referring to a term called Security Contexting. Again, your TZ105 can do this. You can segregate and completely isolate all traffic from each other or you can allow certain types of traffic to communicate between Zones and block all the rest. An example might be where you want the WLAN to print to the only printer available which is located in the LAN. You can do just that and block all other traffic from the LAN except print traffic allocated to that specific printer.

4. You can provide a ton of features with Guest Wireless options to protect from bandwidth bleeding due to unattended hogs crashing your wireless. Also, depending on the type of conference and logistics of it you may want to think about Security Isolation and Security Contexting between devices. Events like these are easy pickings when you provide "free" WiFi. Hacker's paradise...just sayin. :)

5. This is more food for thought since I don't know all the details but consider bandwidth limitations and your availability to it from the provider of the space. Let's say the conference has the ability to provide you with a 5x5 Mbps line...with 1,000 users that's a paltry 200 Mb per user. Now that is in a perfect world or at least one with bandwidth management in place, which again your TZ105 can do, but more realistically if you don't set bandwidth management you could have only one idiot on YouTube watching maybe a counter part to a lecture topic and boom your bandwidth just got flattened. It may be a better/richer experience to not provide WiFi if a third world country can out perform your conference. Again, food for thought...you may have access to a larger pipe but irrespectively, run the numbers and consider bandwidth management so at least everyone can use the access evenly.

6. Subnet calculations...can be easily done by an online tool like this for planning: http://www.subnet-calculator.com/

7. You asked for detailed how-to instructions...

Let me know!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.