ip helper -how is it set up for many catalyst switches

[geranimo666]

Hello all-

My class A (10.1.21.1 to 10.1.23.254) (subnet is 255.255.252.0) range has been entirely used up.. so I created a new scope. I just did a 10.1.24.1 to 10.1.27.254 range and made all the proper router, dns, wins etc settings as the other scope was set.. problem is that it won't lease out addresses at all.

The scopes status is "active" yet nothing.. no leases are nade. There are Cisco catalyst switch on all floors but no vlans have been created and it is essentially a flat network. Does anyone have any clues why it would not lease addresses..

Do I need to set up ip helper commands for all the switches where ip addresses for client machines exist? it it s multi floor environment with roughly 2 switches per floor. I figured since everything is flat, maybe if I set up one ip helper for each switch it would pick up the new 10.1.24 network for additional users that join the company and find network connections.

any ideas on how to utilize ip helper and whether or not I'm wrong about my statement above would be appreciated.

thanks
geranimo
geranimo

 

[jneiberger]

You only need ip helper addresses for situations where your DHCP server is on a different LAN than the clients. This is not a command that you would configure on a layer two switch.

On an unrelated note, you have used up an entire /22 and all of those devices are on the same logical LAN? If you have a lot of traffic, you might want to start segmenting your network. You might have a lot of broadcast traffic right now and that can cause slowness on many devices.

 

[geranimo666]

Hi jneiberger,

so theoretically my adding a 10.1.24.x /22 network onto my dhcp Windows 2003 server should work right? without needing to touch my switches? I have over 350 users here -all the client dhcp addresses are being grabbed via the 10.1.22 and 10.1.23 networks -my switches are all Cisco residing from 3550' 3548's and in the IDF closets for those long stretches across the building floors -we have 2950's and also some 3548s.

I can't seem to find anywhere in any of the switches configs where I would need to add this new network range I added in my dhcp server.(10.1.24.x, 255.255.252.0).. perhaps the router needs to know about this new range? could that be it?

thanks for any info
geranimo

 

[jneiberger]

Your switches are layer two devices. They are blissfully unaware of your layer three network. You don't need to do anything to the switches if you have a flat network. If you are adding a new VLAN (and have a way to route between them) you need to change the VLAN affiliation on the appropriate ports.

It appears to me that the larger problem is that you're trying to overlay one /22 over another. Very bad idea and doomed to fail. Segment your network, create VLANS, route between them.

 

[geranimo666]

ah I see, well maybe I should've clarified this but:

everything on every switch is defaulting to vlan1 management vlan.. every switch and there are about 7 of them (switches not vlans)..

so if I were to go to one of the switches, console in and do a "sho vlan" i see most every port in vlan 1 ... no other vlans present. I know it's not wise to leave client pc based ports in vlan1 but there isn't much time and need this working.. what command and or statement could I immplement at this point in order for my 10.1.24.x/22 range to work?

thanks for all you support thus far, excellent information!
geranimo

 

[jneiberger]

This isn't going to work. You're trying to overlay two different IP subnets onto the same logical network. Do you have a router? This will not work without a router. Something must handle routing between the two subnets. Devices in one subnet will not be able to talk to devices on the other subnet without going through a router.

Do as I suggested:

1. Segment your network
1a. Create VLANs
2. Route between them

 

[geranimo666]

yes I see your point.. what if I were to just extend the existing subnet from 255.255.252.0 to 255.255.250.0 -it will buy me more hosts..

The thing is I need this fixed yesterday. more users have started the company and can't receive an IP address on their new systems.

If they had only done this right the first time around and made their subnet larger, this wouldn't be an issue. there are routers inside, need to look at the config and figure out what to do there and start placing different segments in vlans then

thanks for your advice, very useful info!

geranimo

 

[jneiberger]

Well, the mask would need to go to 255.255.248.0, but you have the right idea. That would put them all on the same subnet. If you add the new address without changing the mask then they are on different subnets.

 

[vipergg]

Just as a side , you are asking for performance problems haveing that many users in a single flat network and this should be brought up to the higher ups that this needs to be fixed... You already have 768 potential users before adding this new scope , not a good scenario ....

 

[vipergg]

one other point , you say you have over 350 users , where are all the other addresses going when you have a pool of over 700 ???? Do you have that many static addresses assigned ?

 

[geranimo666]

To vipergg and jneilberger,

Oh so I stand corrected then.

Instead of making the added mask 255.255.250.0 I should make it 255.255.248.0 ? can you briefly explain this, would like to wrap it around my mind better.. SInce I currently have a working 255.255.252.0

As for vioergg, yes sir... many static addresses, servers, video conferencing modules, you name it.. again, this was bequested to me from prior engineer that walked off the job..

Please provide comments -I'm listening.. and appreciate the feedback!

thanks
geranimo

 

[burtsbees]

Either make it 255.255.248.0, or make both separate subnets via VLAN configs. What is doing the routing and dhcp?

Burt

 

[burtsbees]

I would at LEAST create two vlans...that's a lot of broadcast traffic for one big flat network. I would say separate vlans for printers, users (separated even more by department).
Vlans will separate broadcast traffic, and you would need ip helper commands for dhcp to work.

Burt

 

[jneiberger]

255.255.250.0 is not a valid subnet mask. You need to learn to subnet in binary to understand why that is.

Let's take 255 in binary: 11111111. Pretty simple. Now, take one subnet bit away and you have 11111110, which is 254. Take one more away and you have 11111100, or 252. And, finally, take one more away and you are left with 11111000, or 248.

All IP addressing and subnetting is done in binary. We just convert it to decimal to make it easier for us to understand.

 

[vipergg]

If you don't really understand the masks I would suggest you go out to like wildpackets website and download their subnet claculator and you plug in your values and it will give you the range of addresses that are included within that mask . This will save you time if you don't want to figure it out in your head , though you shlould learn it as boring as it is .

http://www.wildpackets.com/products/free_utilities/overview

 

[geranimo666]

Thanks to all here for the overall detail in your responses!

I'll answer all questions here from the various sources-


To Burtsbee-

We have a Windows 2003 DHCP server setup in our network. this is where the 10.1.x.x /22 range is established. Routing-wise there is a 3660 perimeter router but there are a few 3550 switches (from what I've read, these are layer 2/3 switches correct?) and I think that switch is probably handling any routes although need to be sure by consoling in w/ rollover cable on Monday. In this place, no one has a password list, I was sort of thrown into this since last engineer left not leaving proper notes behind, so I'll trial and error my way into the switch. Eitherway, this is probably where I'd incorporate the vlan segmentation and ip-helper files -correct?

my concern is that if I change the range/subnet to 255.255.248.0 on the Windows DHCP server from .252 -now what? I don't see any significant area in the 3660 router that even suggests the 10.1.1.21 to 10.1.23/ 22 range. Unless it's on that switch stated above but I'll verify that shortly. Will the range modification on the server cause everything to just stop working because I haven't made changes to whatever device is truly "routing" traffic -either a later2/3 switch of the router? if it is a flat network then I assume changing the range should do the trick unless I would need to additionally flush arp tables in each layer 2 switch in each IDF closet to accept the changed range?

To Vipergg

I would like to get away with this modification for now in order to just "breath" again. I believe you are 100% correct in that management needs to know what is going on with this extended and more-so incorrectly configured logical LAN size. There is a project freeze within the company at this juncture "no new corp projects till the first quarter of the New Year" -if I brought up this fiasco to them now, they would literally lose their minds since everyone is so busy and "just needs things working". Management doesn't even know what DHCP is and throwing all this terminology and misconfigurations in their face now would confuse these overpaid suit-monkeys.

I will draw everything out on Visio with a detailed explanation and convey as best I can what is going on here.. But not now.... As this corporate-wide project freeze would stifle the political perspective and other departments would intervene causing other issues. I would just like to extend the range and handle whatever inside changes to the devices and wait till first quarter of 08 for the "correct" process to take place.

Thanks to all -please issue comments, work arounds or anything you wish and thanks again to all on this panel!!!
geranimo

 

[geranimo666]

hello to all again-

Well I just remoted into the office and tried to expand the Windows dhcp scope, first the range from 10.1.21.x - 10.1.23.x to 10.1.24.x and then reflect the right subnet mask 255.255.248.0 but the subnet mask is greyed out and won't allo w the change. I'd have to delete the scope and start over (which isn't a big hurdle) but I am concerned about devices that have reserved (static) IP addresses such as servers, routers etc that use the 255.255.252.0 mask in their settings. what would happen to those devices in I changed the range in the dhcp server to 255.255.248.0?

Couldn't I just make the Cisco 3560 it's own dhcp server? I have cisco articles depicting configuration settings on how to do this. This switch is in an IDF closet) far across the other side of the building and that will need to provide switching connectivity for 30 or so users that will be populating that office space within the next few weeks.

I could make a vlan for all 48 ports and have dhcp setup on the switch to lease out addresses in the new 10.1.24.x 255.255.248.0 range?

My only concern is how will these users communicate with servers that are in the 10.1.20 or 10.1.21 ranges, I realize it's a flat network but these are different ranges -so would that simply work ? or is this where I need to have them route between eachother and if so -what commands would I need to do this? (what commands to enter into the 3560 switch)

again, thanks for your patience with my learning curve and appreciate all the valuable info to all on this panel!

geranimo