DHCP Help

The Cobra

2[H]4U
Joined
Jun 19, 2003
Messages
3,175
Fellow [H]ers. I need some guidance. My network at work is a superscope 192.168.4.x/.5.x with a subnet of 255.255.254.0 Our gateway is .4.2, servers and switches are 4.3-4.25, copiers and WAPs are .4.26-4.50. The rest of the network is DHCP frpm 4.51-.5.253 on the same subnet. Obvioulsy we are running out of address space with all of the additional devices. I've been getting DHCP failures in bunches throughout the day. I went to one of our windows 2019 DCs that hosts DHCP and notice on the DHCP panel that there are only 5-7 free addresses available.

Normally on this type of network that I need to be non-complicated because I am not a networking guru like I used to be when IT was a full-time job. I kinda am a set it and forget it person nowadays. I was hoping to give the entire network a subnet of 255.255.252.0 to triple the size of the network. I would need to do this on Friday afternoon because school lets out at noon. Just a lot of grunt work.

My question is this: Is there a way to leave the network the same as is for the time being until Xmas when I had planned to put in a new upgraded switched network. I want to add another subnet that could communicate with the current network without the additions of more switches to route the subnet? SO a 192.168.4/5x and subnet of 255.255.254.0 talk to a 192.168.4.6/.7 with a subnet of 255.255.252.0 without a bunch of crap or do I have to work a Friday and Saturday? What about increasing the IP schema to 192.168.1.x with a subnet of 255.255.252.0 and talk to the 192.168.4.x / 255.255.254.0....I'll leave to my fellow [H]ers to brainstorm.

Thank you.
 
I think the simplest thing to do to hold you for the next few months would be to simply expand the subnet from a /23 (255.255.254.0) to a /22 (255.255.252.0). This will give you an address range from 192.168.4.0-192.168.7.255. Such a large subnet often isn't ideal, but I think it'll be fine as a short-term thing. All of the DHCP clients can be updated simply by setting the new mask in the DHCP scope(s). You'll have to manually update all your statically-assigned devices (e.g., routers, switches) of course.

Then, once you've got the new network in place, you can work on properly segmenting the network and putting servers, desktops, etc. on their own subnets.
 
Last edited:
Might be worthwhile to shorten the lease times for general PCs. Might do a network device scan and see if folks have brought in a few un-approved devices.

When you redo the network, consider moving all of the printers to their own subnet, say 10.10.5.x/24 connected to a print server with two NICs. Printers are a security risk and really don't need to be on the main network. You could reuse the old switches for the printer network.
 
Shorten the lease time for a short term fix.

Move wifi LAN to it's own subnet. That will solve a couple issues. First, you'll free up dhcp space in your wired LAN. Second, you'll get all that broadcast traffic from the wired LAN off of your WLAN.
 
Are there any IP phones on your network in this default dhcp range? If so the easiest way to get stuff off that scope would be to create a native voice vlan on your switches and reboot the phones.
 
I think the simplest thing to do to hold you for the next few months would be to simply expand the subnet from a /23 (255.255.255.254) to a /22 (255.255.255.252). This will give you an address range from 192.168.4.0-192.168.7.255. Such a large subnet often isn't ideal, but I think it'll be fine as a short-term thing. All of the DHCP clients can be updated simply by setting the new mask in the DHCP scope(s). You'll have to manually update all your statically-assigned devices (e.g., routers, switches) of course.

Then, once you've got the new network in place, you can work on properly segmenting the network and putting servers, desktops, etc. on their own subnets.
This is the simplest, also you could exclude 4.1-4.50 in your DHCP scope, that way are your current static address can stay the same, you could just update their subnet mask. Then everything would be in the same broadcast domain and everything should talk to each other just fine.
 
UPDATE: I am going to put in the new firewall tonight with an IP of 192.168.4.2 and a subnet of 255.255.248.0. This will allow the older 254.0 to talk to the 248.0 network and I won't be crunched having to put every static device in the new subnet. I can go over the next week and do them manually.
 
Are there any IP phones on your network in this default dhcp range? If so the easiest way to get stuff off that scope would be to create a native voice vlan on your switches and reboot the phones.

No IP phones on my network. They are on their own physical network and are managed by an outside vendor. Thank the gods...
 
UPDATE: Did the firewall upgrade (Sophos XG310) and it went off without a hitch. New DHCP table in place (192.168.4.100-192.168.7.250 / 255.255.252.0) and everything came back fine. I'll fine tune the firewall tomorrow with more rules and such and link up our other campus over an IPSEC VPN.

Thx for your advice everyone.
 
Back
Top