Running out of DHCP address leases howto rectify?

[Guest connor_a@hotmail.com]

Hi everyone,

 

What is the best way to add more address leases in DHCP to support

multiple subnets for 400 - 600 users in a single building?

 

On idea would be to create a DHCP superscope with RRAS enabled to

perform the routing between subnets but this would place too heavy

load on the DC which is also the DHCP server.

 

I'm thinking more toward using DHCP relaying on the switches but not

sure if the switches can perform the layer 3 routing.

 

Any suggestions most appreciated.

 

Thanks!

[Guest Ace Fekay [MVP]]

Re: Running out of DHCP address leases howto rectify?

 

In news:9db901bd-238d-4b70-8d69-4c5d238d6095@h11g2000prf.googlegroups.com,

connor_a@hotmail.com <connor_a@hotmail.com> typed:

> Hi everyone,

>

> What is the best way to add more address leases in DHCP to support

> multiple subnets for 400 - 600 users in a single building?

>

> On idea would be to create a DHCP superscope with RRAS enabled to

> perform the routing between subnets but this would place too heavy

> load on the DC which is also the DHCP server.

>

> I'm thinking more toward using DHCP relaying on the switches but not

> sure if the switches can perform the layer 3 routing.

>

> Any suggestions most appreciated.

>

> Thanks!

 

 

Just add a scope for that subnet. If the router doesn't handle IP helper or

relay, you can setup a relay agent on the other subnet(s) and specify the

DHCP server at the main office. You really don't want to multihome a DC (if

that was what you were implying). This will introduce numerous errors with

AD and the clients if not configured properly. If you were not implying

that, good.

 

For the relay agent on the other subnet, you can install RRAS on a server

and enable the Relay agent. However, if you have the possibility of adding

another server at another subnet, why not just configure DHCP over there?

 

--

Regards,

Ace

 

This posting is provided "AS-IS" with no warranties or guarantees and

confers no rights.

 

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,

MVP Microsoft MVP - Directory Services

Microsoft Certified Trainer

 

Infinite Diversities in Infinite Combinations

[Guest connor_a@hotmail.com]

Re: Running out of DHCP address leases howto rectify?

 

On Jan 20, 1:39 pm, "Ace Fekay [MVP]" <PleaseAs...@SomeDomain.com>

wrote:

> Innews:9db901bd-238d-4b70-8d69-4c5d238d6095@h11g2000prf.googlegroups.com,

>

>

> Just add a scope for that subnet. If the router doesn't handle IP helper or

> relay, you can setup a relay agent on the other subnet(s) and specify the

> DHCP server at the main office. You really don't want to multihome a DC (if

> that was what you were implying). This will introduce numerous errors with

> AD and the clients if not configured properly. If you were not implying

> that, good.

>

> For the relay agent on the other subnet, you can install RRAS on a server

> and enable the Relay agent. However, if you have the possibility of adding

> another server at another subnet, why not just configure DHCP over there?

 

Hi Ace,

 

Thanks for the reply and ideas. I have a single DC in the building

which also hosts DNS and DHCP for 4 floors.

 

We have about 20 DHCP leases available on the existing 147.109.x.y

subnet

This subnet needs to be migrated to a 10.16.128.0/23 subnet range

(10.16.128.0 - 10.16.131.0) so more hosts can be available.

 

What would be the best DHCP migration strategy to achieve this?

 

Thanks.

[Guest Ace Fekay [MVP]]

Re: Running out of DHCP address leases howto rectify?

 

In news:3ff2a6af-9084-491c-ba84-1e84e387f2a5@q77g2000hsh.googlegroups.com,

connor_a@hotmail.com <connor_a@hotmail.com> typed:

>

> Hi Ace,

>

> Thanks for the reply and ideas. I have a single DC in the building

> which also hosts DNS and DHCP for 4 floors.

>

> We have about 20 DHCP leases available on the existing 147.109.x.y

> subnet

> This subnet needs to be migrated to a 10.16.128.0/23 subnet range

> (10.16.128.0 - 10.16.131.0) so more hosts can be available.

>

> What would be the best DHCP migration strategy to achieve this?

>

> Thanks.

 

Sorry for the late reply.

 

So you are looking at a major IP migration from a public range to a private

range and not simply extending the current scopes. You have a major

undertaking on your hands. Let's see... from memory:

 

Come up with a plan that includes an IP range for all servers and static set

hosts, as well as an IP range for each floor, unless you simply use the same

subnet for teh whole building, which is what most designs entail, and MUCH

easier to deal with.

For the whole building, I would probably use, which will give you 65,000

IPs:

10.10.0.0/16

 

If you want to keep with the separate subnets for each floor, which I think

complicates matters with DHCP and connecitivity), I would break it down to

the following whch will give you 4096 hosts for each subnet:

10.10.0.0/20 (10.10.0.0 - 10.10.15.255)

10.10.16.0/20 (10.10.16.0 - 10.10.31.255)

10.10.32.0/20 (10.10.32.0 - 10.10.47.255)

10.10.48.0/20 (10.10.48.0 - 10.10.63.255)

etc

 

Change the DC/DNS servers IPs

Re-register them in DNS

Make sure all old IP refefences are manually removed if the registration

process above does not overwrite the old ones, which it should.

Create a new reverse zone for the planned IP subnets, Make sure updates are

allowed.

Change all of your servers' IPs.

Change any static hosts, including printer cards, and other IP static

entries.

Make sure the above works, AD is functional, the DCs and servers can get to

the printers, etc.

Make sure the router can handle NAT. If not, time to look for a new one.

Change the internal IP of the router.

If using multiple floors, change the static route entries on the edge router

to be able to get to the other subnets.

Test internet connectivity from your DCs and servers.

DHCP - Take note of exclusions, reservations, etc. Delete all scopes.

Create a new big scope, or multiples if you still dealing with separate

scopes for each floor.

Test with a couple of workstations, logons, internet connectivity, printers,

resource access, etc.

 

I'm sure I missed a few steps and only briefed over many. This should give

you a good start.

 

Ace

[Guest connor_a@hotmail.com]

Re: Running out of DHCP address leases howto rectify?

 

On Jan 24, 4:56 pm, "Ace Fekay [MVP]" <PleaseAs...@SomeDomain.com>

wrote:

> Innews:3ff2a6af-9084-491c-ba84-1e84e387f2a5@q77g2000hsh.googlegroups.com,

> conno...@hotmail.com <conno...@hotmail.com> typed:

>

>

>

> > Hi Ace,

>

> > Thanks for the reply and ideas. I have a single DC in the building

> > which also hosts DNS andDHCPfor 4 floors.

>

> > We have about 20DHCPleases available on the existing 147.109.x.y

> > subnet

> > This subnet needs to be migrated to a 10.16.128.0/23 subnet range

> > (10.16.128.0 - 10.16.131.0) so more hosts can be available.

>

> > What would be the bestDHCPmigration strategy to achieve this?

>

> > Thanks.

>

> Sorry for the late reply.

>

> So you are looking at a major IP migration from a public range to a private

> range and not simply extending the current scopes. You have a major

> undertaking on your hands. Let's see... from memory:

>

> Come up with a plan that includes an IP range for all servers and static set

> hosts, as well as an IP range for each floor, unless you simply use the same

> subnet for teh whole building, which is what most designs entail, and MUCH

> easier to deal with.

> For the whole building, I would probably use, which will give you 65,000

> IPs:

> 10.10.0.0/16

>

> If you want to keep with the separatesubnetsfor each floor, which I think

> complicates matters withDHCPand connecitivity), I would break it down to

> the following whch will give you 4096 hosts for each subnet:

> 10.10.0.0/20   (10.10.0.0 - 10.10.15.255)

> 10.10.16.0/20 (10.10.16.0 - 10.10.31.255)

> 10.10.32.0/20 (10.10.32.0 - 10.10.47.255)

> 10.10.48.0/20 (10.10.48.0 - 10.10.63.255)

> etc

>

> Change the DC/DNS servers IPs

> Re-register them in DNS

> Make sure all old IP refefences are manually removed if the registration

> process above does not overwrite the old ones, which it should.

> Create a new reverse zone for the planned IPsubnets, Make sure updates are

> allowed.

> Change all of your servers' IPs.

> Change any static hosts, including printer cards, and other IP static

> entries.

> Make sure the above works, AD is functional, the DCs and servers can get to

> the printers, etc.

> Make sure the router can handle NAT. If not, time to look for a new one.

> Change the internal IP of the router.

> If usingmultiplefloors, change the static route entries on the edge router

> to be able to get to the othersubnets.

> Test internet connectivity from your DCs and servers.DHCP- Take note of exclusions, reservations, etc. Delete all scopes.

> Create a new big scope, or multiples if you still dealing with separate

> scopes for each floor.

> Test with a couple of workstations, logons, internet connectivity, printers,

> resource access, etc.

>

> I'm sure I missed a few steps and only briefed over many. This should give

> you a good start.

>

> Ace

 

Thanks Ace for the info. Yes, we have a plan to standardise address

ranges for servers, printers, switches etc

 

I have been allocated the 10.16.128.0/23 address range. According to

http://www.subnet-calculator.com/, this gives me 512 hosts between two

subnets:

 

10.16.128.0

10.16.129.0

 

If I have 10 procurve switches, a couple for each floor, whats the

best migration strategy if there is procurve 'core' switch that is

layer 2 / layer 3

 

One DC for the entire building!

 

Thanks.

[Guest Ace Fekay [MVP]]

Re: Running out of DHCP address leases howto rectify?

 

In news:9e6a7a9c-93d1-4d67-92fd-d70264abe196@y5g2000hsf.googlegroups.com,

connor_a@hotmail.com <connor_a@hotmail.com> typed:

> Thanks Ace for the info. Yes, we have a plan to standardise address

> ranges for servers, printers, switches etc

>

> I have been allocated the 10.16.128.0/23 address range. According to

> http://www.subnet-calculator.com/, this gives me 512 hosts between two

> subnets:

>

> 10.16.128.0

> 10.16.129.0

>

> If I have 10 procurve switches, a couple for each floor, whats the

> best migration strategy if there is procurve 'core' switch that is

> layer 2 / layer 3

>

> One DC for the entire building!

>

> Thanks.

 

I still think it complicates it a bit. And did you know it is recommended to

have a minimal of two DCs per domain? What would happen if the only one DC

you have fails? The whole company is down and you may lose all your user

accounts.

 

How many floors do you have? Two or five? If five, I guess you have two

ranges for five different floors? Will one subnet handle multiple floors in

your plan? Do you want to use the layer 3 functions of the switch with

VLANs?

 

Ace

[Guest connor_a@hotmail.com]

Re: Running out of DHCP address leases howto rectify?

 

On Jan 28, 2:09 pm, "Ace Fekay [MVP]" <PleaseAs...@SomeDomain.com>

wrote:

> Innews:9e6a7a9c-93d1-4d67-92fd-d70264abe196@y5g2000hsf.googlegroups.com,

> > Thanks.

>

> I still think it complicates it a bit. And did you know it is recommended to

> have a minimal of two DCs per domain? What would happen if the only one DC

> you have fails? The whole company is down and you may lose all your user

> accounts.

>

> How many floors do you have? Two or five? If five, I guess you have two

> ranges for five different floors? Will one subnet handlemultiplefloors in

> your plan? Do you want to use the layer 3 functions of the switch with

> VLANs?

 

Hi Ace, apologies for not letting you know there is a single DC in the

building and about another 20 statewide.

 

We have about 5 floors:

 

Floor 9

Floor 8

Floor 5

Floor 4

Floor 3

 

Floor 9 has the 'core' layer 2 / layer 3 switch alongside about 4

other switches servicing floors 9 and 8.

Floor 5 has a 2524 switch

Floor 4 has a 2524 switch

Floor 3 has a 2524 switch

 

What I'm proposing to do is:

 

1) Document existing wall outlet to switch port mappings all floors

2) Re-configure wall outlet to switch port mappings on a per floor

basis if possible for ease of management and migration

 

2) Add a spare procurve switch on floor 9

3) On this spare switch create a VLAN IP address 10.16.128.6 in the

new subnet range

4) Then add an IP address-helper command on the VLAN to point the to

DC DHCP Server 147.109.x.2

 

5) Migrate each client from Floor 9 1st switch to the spare switch ie

ports A1-A8, then B1-B8, C1-C8, D1-D8 etc

6) Relocate remaining ports in use on 1st switch

7) Use empty switch to and start over again.

 

Sound like a plan?

 

Thanks for you input Ace, much appreciated.

[Guest Ace Fekay [MVP]]

Re: Running out of DHCP address leases howto rectify?

 

In news:73638c26-4521-445b-96ce-7a68522c674f@v17g2000hsa.googlegroups.com,

connor_a@hotmail.com <connor_a@hotmail.com> typed:

> Hi Ace, apologies for not letting you know there is a single DC in the

> building and about another 20 statewide.

>

> We have about 5 floors:

>

> Floor 9

> Floor 8

> Floor 5

> Floor 4

> Floor 3

>

> Floor 9 has the 'core' layer 2 / layer 3 switch alongside about 4

> other switches servicing floors 9 and 8.

> Floor 5 has a 2524 switch

> Floor 4 has a 2524 switch

> Floor 3 has a 2524 switch

>

> What I'm proposing to do is:

>

> 1) Document existing wall outlet to switch port mappings all floors

> 2) Re-configure wall outlet to switch port mappings on a per floor

> basis if possible for ease of management and migration

>

> 2) Add a spare procurve switch on floor 9

> 3) On this spare switch create a VLAN IP address 10.16.128.6 in the

> new subnet range

> 4) Then add an IP address-helper command on the VLAN to point the to

> DC DHCP Server 147.109.x.2

>

> 5) Migrate each client from Floor 9 1st switch to the spare switch ie

> ports A1-A8, then B1-B8, C1-C8, D1-D8 etc

> 6) Relocate remaining ports in use on 1st switch

> 7) Use empty switch to and start over again.

>

> Sound like a plan?

>

> Thanks for you input Ace, much appreciated.

 

Your setup is much more complex than I thought. Apparently you are part of

an enterprise design and not a stand alone at this location. The plan sounds

fine. The IP helpers for the VLAN on the Procurvce are essentially the DHCP

relay agents. The Procurve essentially will be your router to the other

subnets on the floors. Since the one DC at 147.109.x.x will be handling it,

make sure when you setup the IP helper you test and make sure you are

getting an address from it.

 

Mapping the ports to wall outlets is the ultimate in keeping track of each

machine by MAC address and you can deny a MAC address and it will not be

able to connect.

 

I think you have a good plan. Did they tell you what IP ranges should be on

each floor?

 

Ace