New /23 DHCP Scope Issues

giga797
giga797 used Ask the Experts™
on
We were running out of ip addresses on our network, decided to expand our subnet 192.168.2.1/24 to 192.168.2.1/23 so we can have another 255 addresses.  Everything works fine for the any users that get dhcp within the 192.168.2.1-254  addresses but anyone with 192.168.3.1-254 cannot access the internet. is there anything else that needs to be configured for those clients to access the internet? we have a cisco 1921 router.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Rob LeaverSr. Network & Server Engineer

Commented:
Are you able to ping your default gateway from the .3 computers?

I am assuming you haven't divided your network into vLANs to make this easier?
hi,
chances are that you have an access list allowing 192.168.2.0/24 on the gateway router, which you should change in 192.168.2.0/23

Please be aware that access-lists in cisco routers use wildcards.
In that case you have some access-list
192.168.2.0 0.0.0.255
which would be changed into
192.168.2.0 0.0.0.254

the router itself needs to have its subnet mask changed

hope this helps
max

Commented:
Did you change the subnet mask on the NIC of the DNS server (which I assume is your DHCP server), the LAN interface on the router and in the DHCP options?

-saige-
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

Author

Commented:
max_the_king i changed it according to your suggestion but still no luck below is the settings.  I can ping the devices with the 192.168.3.x from the router. what would the gateway be for the 192.168.3.x clients? 192.168.2.1?

ip dhcp pool
 network 192.168.2.0 255.255.254.0
 default-router 192.168.2.1
 dns-server 209.244.0.3 209.244.0.4
 lease 0 4

interface Vlan1
 description TOLAN
 ip address 192.168.2.1 255.255.254.0
 ip flow ingress
 ip nat inside
 ip virtual-reassembly in

ip access-list extended PATv2
 remark PAT ACL v2.5
 permit ip 192.168.2.0 0.0.0.254 any
yes It is correct.
It should work.
may need a reboot if possible.
max
sorry i gave you wrong wildcard access-list.

It must be

0.0.1.255

max

Author

Commented:
max_the_king thank you for your help, so i will change it to permit ip 192.168.2.0 0.0.0.254 any  correct?
permit ip 192.168.2.0 0.0.1.255 any
max

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial