DHCP running out of addresses

[djbourne]

I have had a look around various posts but I am a bit confused about the best way to set-up a superscope or whether a superscope is the way to go.

I have a WAN with offices on subnet ranges 172.16.65.*, 172.16.60.*, 10.61.1.* etc. All offices are connected via Cisco Pix Firewall's with paths to each office.

In 1 office the DHCP range is 10.61.1.35-254 and we are close to running out of address'.

Default gateway 10.61.1.4
DNS/DHCP 10.61.1.2
Subnet mask 255.255.255.0

If I create a superscope comprising of 10.61.1.35-254 and 10.61.2.1-254 ranges do I have to make changes to router to recognise the new range?
Do I need to change the subnet mask and would that cause issues connecting to the other offices?
Will the ranges see each other? Servers and printers on 1 clients on the other need access
Would the new range be able to see other offices?
Would using VLAN's via manged switches be better?

Whichever is the best suggested solution would splitting it in departments or buildings be easier?
2 buildings linked by Fibre.

I am a little unsure on best practice and setup process. I hope I have made myself clear, all help/suggestions gratefully recieved.

 

[Noway2]

If you change the netmask, you can use fewer bits for the network portion, and have one big subnet comprising the 10.61.1.35+ and 10.61.2.x. The down side to this type of arrangement is that the more device on one subnet, the slower everything will be due to traffic volume and congestion.

The other problem you could run into, is as you asked, will this conflict with other network segments. The answer is that it could if both sections are trying to use the same "public" IP addresses. In your case, though 10.x is considered a LAN address, so you can have multiple machines with the same address, but on different networks - and I mean public in the sense of public to your system, not the Internet.

It seems to me that the best approach would be to break the network up into separate LANs with routers. This would limit the amount of traffic on any one LAN and allow you to reuse the same IP addresses by taking advantage of the NAT capabilities.

 

[VinceWhirlwind]

Um, you can't drop a bit from the subnet mask to increase your scope to include those particular new addresses.
If you drop a bit from your subnet mask, your existing subnet will change to 10.61.0.0/255.255.254.0 (10.61.0.1 - 10.61.1.254).

 

[djbourne]

VinceWhirlwind - The address I used were just examples. So your saying if the subnet mask did change it would increase the IP address' but the range would be 10.61.0.1-10.61.1.254. As Norway said would that create an overall problem on the WAN?

Norway with the increase in traffic I suppose that could be cut down by VLAN's could it? Or am I overcomplicating things?

 

[Noway2]

It would cut down on the traffic as long as the switches connecting the VLANS only passed traffic to their LAN side. Most modern switches operate this way, in comparison to the old hubs.

One place I worked had this problem. They had about 150 addresses all tied on one LAN via hubs, all seeing the same traffic. Even though they were operating at 100 Mbps full duplex, the best you could achieve on any connection was about 3Kbps due to the massive number of collisions.

The only semi difficult part in setting up the vlans is in configuring the routers and gateways.

 

[VinceWhirlwind]

So your saying if the subnet mask did change it would increase the IP address' but the range would be 10.61.0.1-10.61.1.254."

Yes - if you want an extra 250 addresses, reduce your subnet mask by one bit, as long as this doesn't create any addressing conflicts.
You would need to check your remote offices routes cover the expanded subnet, or change the routes so they do.

"As Norway said would that create an overall problem on the WAN?"

No, it's not a problem. I trust that in the 21st century you are using switches and not hubs.

"Norway with the increase in traffic I suppose that could be cut down by VLAN's could it?"

Yes. That would be the better way of doing it, but as you predict it can be more complicated (if you're not familiar with it) and you need to be sure you have the technical skills to manage this.
What you would need to do is this:
- Check your PIX model is 5x5 or 506 with an Unrestricted License.
- Create a new logical interface on the PIX for the new VLAN.
- Configure the .1q trunk to the switch you need the new VLAN (you may have to trunk the VLAN through other switches to get there - depends on your topology)
- configure the VLAN on that switch
- configure the access ports in the VLAN
- configure a new DHCP scope for the subnet that's in that new VLAN
- configure a DHCP forwarder on the PIX so the DHCP requests get passed from the new VLAN back to your DHCP server (which is presumably still in your original VLAN).

 

[djbourne]

Thanks for all your suggestions. Vince I will give it a go soon. The need has gone on the back burner for now.