Running out of DHCP address leases howto rectify?
Hi everyone,
What is the best way to add more address leases in DHCP to support
multiple subnets for 400 - 600 users in a single building?
On idea would be to create a DHCP superscope with RRAS enabled to
perform the routing between subnets but this would place too heavy
load on the DC which is also the DHCP server.
I'm thinking more toward using DHCP relaying on the switches but not
sure if the switches can perform the layer 3 routing.
Any suggestions most appreciated.
Thanks!
Re: Running out of DHCP address leases howto rectify?
In news:9db901bd-238d-4b70-8d69-4c5d238d6095@h11g2000prf.googlegroups.com,
connor_a@hotmail.com <connor_a@hotmail.com> typed:
> Hi everyone,
>
> What is the best way to add more address leases in DHCP to support
> multiple subnets for 400 - 600 users in a single building?
>
> On idea would be to create a DHCP superscope with RRAS enabled to
> perform the routing between subnets but this would place too heavy
> load on the DC which is also the DHCP server.
>
> I'm thinking more toward using DHCP relaying on the switches but not
> sure if the switches can perform the layer 3 routing.
>
> Any suggestions most appreciated.
>
> Thanks!
Just add a scope for that subnet. If the router doesn't handle IP helper or
relay, you can setup a relay agent on the other subnet(s) and specify the
DHCP server at the main office. You really don't want to multihome a DC (if
that was what you were implying). This will introduce numerous errors with
AD and the clients if not configured properly. If you were not implying
that, good.
For the relay agent on the other subnet, you can install RRAS on a server
and enable the Relay agent. However, if you have the possibility of adding
another server at another subnet, why not just configure DHCP over there?
--
Regards,
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations
Re: Running out of DHCP address leases howto rectify?
On Jan 20, 1:39 pm, "Ace Fekay [MVP]" <PleaseAs...@SomeDomain.com>
wrote:
> Innews:9db901bd-238d-4b70-8d69-4c5d238d6095@h11g2000prf.googlegroups.com,
>
>
> Just add a scope for that subnet. If the router doesn't handle IP helper or
> relay, you can setup a relay agent on the other subnet(s) and specify the
> DHCP server at the main office. You really don't want to multihome a DC (if
> that was what you were implying). This will introduce numerous errors with
> AD and the clients if not configured properly. If you were not implying
> that, good.
>
> For the relay agent on the other subnet, you can install RRAS on a server
> and enable the Relay agent. However, if you have the possibility of adding
> another server at another subnet, why not just configure DHCP over there?
Hi Ace,
Thanks for the reply and ideas. I have a single DC in the building
which also hosts DNS and DHCP for 4 floors.
We have about 20 DHCP leases available on the existing 147.109.x.y
subnet
This subnet needs to be migrated to a 10.16.128.0/23 subnet range
(10.16.128.0 - 10.16.131.0) so more hosts can be available.
What would be the best DHCP migration strategy to achieve this?
Thanks.
Re: Running out of DHCP address leases howto rectify?
In news:3ff2a6af-9084-491c-ba84-1e84e387f2a5@q77g2000hsh.googlegroups.com,
connor_a@hotmail.com <connor_a@hotmail.com> typed:
>
> Hi Ace,
>
> Thanks for the reply and ideas. I have a single DC in the building
> which also hosts DNS and DHCP for 4 floors.
>
> We have about 20 DHCP leases available on the existing 147.109.x.y
> subnet
> This subnet needs to be migrated to a 10.16.128.0/23 subnet range
> (10.16.128.0 - 10.16.131.0) so more hosts can be available.
>
> What would be the best DHCP migration strategy to achieve this?
>
> Thanks.
Sorry for the late reply.
So you are looking at a major IP migration from a public range to a private
range and not simply extending the current scopes. You have a major
undertaking on your hands. Let's see... from memory:
Come up with a plan that includes an IP range for all servers and static set
hosts, as well as an IP range for each floor, unless you simply use the same
subnet for teh whole building, which is what most designs entail, and MUCH
easier to deal with.
For the whole building, I would probably use, which will give you 65,000
IPs:
10.10.0.0/16
If you want to keep with the separate subnets for each floor, which I think
complicates matters with DHCP and connecitivity), I would break it down to
the following whch will give you 4096 hosts for each subnet:
10.10.0.0/20 (10.10.0.0 - 10.10.15.255)
10.10.16.0/20 (10.10.16.0 - 10.10.31.255)
10.10.32.0/20 (10.10.32.0 - 10.10.47.255)
10.10.48.0/20 (10.10.48.0 - 10.10.63.255)
etc
Change the DC/DNS servers IPs
Re-register them in DNS
Make sure all old IP refefences are manually removed if the registration
process above does not overwrite the old ones, which it should.
Create a new reverse zone for the planned IP subnets, Make sure updates are
allowed.
Change all of your servers' IPs.
Change any static hosts, including printer cards, and other IP static
entries.
Make sure the above works, AD is functional, the DCs and servers can get to
the printers, etc.
Make sure the router can handle NAT. If not, time to look for a new one.
Change the internal IP of the router.
If using multiple floors, change the static route entries on the edge router
to be able to get to the other subnets.
Test internet connectivity from your DCs and servers.
DHCP - Take note of exclusions, reservations, etc. Delete all scopes.
Create a new big scope, or multiples if you still dealing with separate
scopes for each floor.
Test with a couple of workstations, logons, internet connectivity, printers,
resource access, etc.
I'm sure I missed a few steps and only briefed over many. This should give
you a good start.
Ace
Re: Running out of DHCP address leases howto rectify?
On Jan 24, 4:56 pm, "Ace Fekay [MVP]" <PleaseAs...@SomeDomain.com>
wrote:
> Innews:3ff2a6af-9084-491c-ba84-1e84e387f2a5@q77g2000hsh.googlegroups.com,
> conno...@hotmail.com <conno...@hotmail.com> typed:
>
>
>
> > Hi Ace,
>
> > Thanks for the reply and ideas. I have a single DC in the building
> > which also hosts DNS andDHCPfor 4 floors.
>
> > We have about 20DHCPleases available on the existing 147.109.x.y
> > subnet
> > This subnet needs to be migrated to a 10.16.128.0/23 subnet range
> > (10.16.128.0 - 10.16.131.0) so more hosts can be available.
>
> > What would be the bestDHCPmigration strategy to achieve this?
>
> > Thanks.
>
> Sorry for the late reply.
>
> So you are looking at a major IP migration from a public range to a private
> range and not simply extending the current scopes. You have a major
> undertaking on your hands. Let's see... from memory:
>
> Come up with a plan that includes an IP range for all servers and static set
> hosts, as well as an IP range for each floor, unless you simply use the same
> subnet for teh whole building, which is what most designs entail, and MUCH
> easier to deal with.
> For the whole building, I would probably use, which will give you 65,000
> IPs:
> 10.10.0.0/16
>
> If you want to keep with the separatesubnetsfor each floor, which I think
> complicates matters withDHCPand connecitivity), I would break it down to
> the following whch will give you 4096 hosts for each subnet:
> 10.10.0.0/20 (10.10.0.0 - 10.10.15.255)
> 10.10.16.0/20 (10.10.16.0 - 10.10.31.255)
> 10.10.32.0/20 (10.10.32.0 - 10.10.47.255)
> 10.10.48.0/20 (10.10.48.0 - 10.10.63.255)
> etc
>
> Change the DC/DNS servers IPs
> Re-register them in DNS
> Make sure all old IP refefences are manually removed if the registration
> process above does not overwrite the old ones, which it should.
> Create a new reverse zone for the planned IPsubnets, Make sure updates are
> allowed.
> Change all of your servers' IPs.
> Change any static hosts, including printer cards, and other IP static
> entries.
> Make sure the above works, AD is functional, the DCs and servers can get to
> the printers, etc.
> Make sure the router can handle NAT. If not, time to look for a new one.
> Change the internal IP of the router.
> If usingmultiplefloors, change the static route entries on the edge router
> to be able to get to the othersubnets.
> Test internet connectivity from your DCs and servers.DHCP- Take note of exclusions, reservations, etc. Delete all scopes.
> Create a new big scope, or multiples if you still dealing with separate
> scopes for each floor.
> Test with a couple of workstations, logons, internet connectivity, printers,
> resource access, etc.
>
> I'm sure I missed a few steps and only briefed over many. This should give
> you a good start.
>
> Ace
Thanks Ace for the info. Yes, we have a plan to standardise address
ranges for servers, printers, switches etc
I have been allocated the 10.16.128.0/23 address range. According to
http://www.subnet-calculator.com/, this gives me 512 hosts between two
subnets:
10.16.128.0
10.16.129.0
If I have 10 procurve switches, a couple for each floor, whats the
best migration strategy if there is procurve 'core' switch that is
layer 2 / layer 3
One DC for the entire building!
Thanks.
Re: Running out of DHCP address leases howto rectify?
In news:9e6a7a9c-93d1-4d67-92fd-d70264abe196@y5g2000hsf.googlegroups.com,
connor_a@hotmail.com <connor_a@hotmail.com> typed:
> Thanks Ace for the info. Yes, we have a plan to standardise address
> ranges for servers, printers, switches etc
>
> I have been allocated the 10.16.128.0/23 address range. According to
> http://www.subnet-calculator.com/, this gives me 512 hosts between two
> subnets:
>
> 10.16.128.0
> 10.16.129.0
>
> If I have 10 procurve switches, a couple for each floor, whats the
> best migration strategy if there is procurve 'core' switch that is
> layer 2 / layer 3
>
> One DC for the entire building!
>
> Thanks.
I still think it complicates it a bit. And did you know it is recommended to
have a minimal of two DCs per domain? What would happen if the only one DC
you have fails? The whole company is down and you may lose all your user
accounts.
How many floors do you have? Two or five? If five, I guess you have two
ranges for five different floors? Will one subnet handle multiple floors in
your plan? Do you want to use the layer 3 functions of the switch with
VLANs?
Ace
Re: Running out of DHCP address leases howto rectify?
On Jan 28, 2:09 pm, "Ace Fekay [MVP]" <PleaseAs...@SomeDomain.com>
wrote:
> Innews:9e6a7a9c-93d1-4d67-92fd-d70264abe196@y5g2000hsf.googlegroups.com,
> > Thanks.
>
> I still think it complicates it a bit. And did you know it is recommended to
> have a minimal of two DCs per domain? What would happen if the only one DC
> you have fails? The whole company is down and you may lose all your user
> accounts.
>
> How many floors do you have? Two or five? If five, I guess you have two
> ranges for five different floors? Will one subnet handlemultiplefloors in
> your plan? Do you want to use the layer 3 functions of the switch with
> VLANs?
Hi Ace, apologies for not letting you know there is a single DC in the
building and about another 20 statewide.
We have about 5 floors:
Floor 9
Floor 8
Floor 5
Floor 4
Floor 3
Floor 9 has the 'core' layer 2 / layer 3 switch alongside about 4
other switches servicing floors 9 and 8.
Floor 5 has a 2524 switch
Floor 4 has a 2524 switch
Floor 3 has a 2524 switch
What I'm proposing to do is:
1) Document existing wall outlet to switch port mappings all floors
2) Re-configure wall outlet to switch port mappings on a per floor
basis if possible for ease of management and migration
2) Add a spare procurve switch on floor 9
3) On this spare switch create a VLAN IP address 10.16.128.6 in the
new subnet range
4) Then add an IP address-helper command on the VLAN to point the to
DC DHCP Server 147.109.x.2
5) Migrate each client from Floor 9 1st switch to the spare switch ie
ports A1-A8, then B1-B8, C1-C8, D1-D8 etc
6) Relocate remaining ports in use on 1st switch
7) Use empty switch to and start over again.
Sound like a plan?
Thanks for you input Ace, much appreciated.
Re: Running out of DHCP address leases howto rectify?
In news:73638c26-4521-445b-96ce-7a68522c674f@v17g2000hsa.googlegroups.com,
connor_a@hotmail.com <connor_a@hotmail.com> typed:
> Hi Ace, apologies for not letting you know there is a single DC in the
> building and about another 20 statewide.
>
> We have about 5 floors:
>
> Floor 9
> Floor 8
> Floor 5
> Floor 4
> Floor 3
>
> Floor 9 has the 'core' layer 2 / layer 3 switch alongside about 4
> other switches servicing floors 9 and 8.
> Floor 5 has a 2524 switch
> Floor 4 has a 2524 switch
> Floor 3 has a 2524 switch
>
> What I'm proposing to do is:
>
> 1) Document existing wall outlet to switch port mappings all floors
> 2) Re-configure wall outlet to switch port mappings on a per floor
> basis if possible for ease of management and migration
>
> 2) Add a spare procurve switch on floor 9
> 3) On this spare switch create a VLAN IP address 10.16.128.6 in the
> new subnet range
> 4) Then add an IP address-helper command on the VLAN to point the to
> DC DHCP Server 147.109.x.2
>
> 5) Migrate each client from Floor 9 1st switch to the spare switch ie
> ports A1-A8, then B1-B8, C1-C8, D1-D8 etc
> 6) Relocate remaining ports in use on 1st switch
> 7) Use empty switch to and start over again.
>
> Sound like a plan?
>
> Thanks for you input Ace, much appreciated.
Your setup is much more complex than I thought. Apparently you are part of
an enterprise design and not a stand alone at this location. The plan sounds
fine. The IP helpers for the VLAN on the Procurvce are essentially the DHCP
relay agents. The Procurve essentially will be your router to the other
subnets on the floors. Since the one DC at 147.109.x.x will be handling it,
make sure when you setup the IP helper you test and make sure you are
getting an address from it.
Mapping the ports to wall outlets is the ultimate in keeping track of each
machine by MAC address and you can deny a MAC address and it will not be
able to connect.
I think you have a good plan. Did they tell you what IP ranges should be on
each floor?
Ace