2nd DHCP Scope?

Discussion in 'Server Networking' started by Stranger, Dec 21, 2005.

  1. Stranger

    Stranger Guest

    Hello,

    I currently have a network setup on the 172.20.4.x IP range.

    I need to add another DHCP scope because I am just about out of IPs.

    Now, I have configured a second scope on the Windows 2000server and
    activated it.

    The server is plugged into a Dell 5324 powerconnect with the default VLAN on
    the .4.x network.

    There is a Cisco 2811 that is the default gateway.

    Servers -> PC5324 -> older power connect to be on new range 172.20.9.x

    What I believe I need to do is: add a second VLAN on the PC5324 with an IP
    from the new IP range. Now, do I need to add a route in the cisco since it
    is the gateway?

    I added an IP of the new range to the server and if I connect from the
    switch at the end with the new IP and perform a ipconfig renew, I receive
    an IP from the original IP range. If I assign an IP from the new range, I
    can reach the server and ping the switch, however I can not get to anything
    on the .4.x network.

    Does this make since?

    Thanks!!!
     
    Stranger, Dec 21, 2005
    #1
    1. Advertisements

  2. sort of... it's a bit confusing. However, if your 2811 is multihomed (or has
    two interfaces, each connected to a separate switch), then it needs to do
    the routing for you, unless you also put the server on the second range
    (might be easier, depending on your particular needs).

    If you don't put the server on the second range, then each subnet needs to
    point to the router as the default gw. The router will have a route to each
    range by default, because they are both connected to it.

    I'm not sure what else you are using the router for, but it might just be
    simpler to multihome your server. You could put two NICs in it, and have it
    communicate directly on each subnet.

    Oliver
     
    Oliver O'Boyle, Dec 21, 2005
    #2
    1. Advertisements

  3. Stranger

    Jack H Guest

    Hello,

    The router is the current gateway. It also connects the 3rd location with a
    T1.

    What I've done so far is:

    Added the static route in the router/gateway.
    Added VLAN to the switch and assigned it an IP from the new range.
    Created the second scope on the windows 2000 server and activated it.

    I can't reach the switch that is plugged into the one above that I added the
    VLAN to.

    Any ideas?
     
    Jack H, Dec 21, 2005
    #3
  4. The router is the current gateway. It also connects the 3rd location with
    ok. So yes, you will a static route pointing to the third location, as you
    have done.
    are your switches chained (switch 2 plugs into switch 1, which plugs into
    the router)? Or are they each directly connected into the router?

    Oliver
     
    Oliver O'Boyle, Dec 21, 2005
    #4
  5. Stranger

    Jack H Guest

    Switches are chained (switch 2 plugs into switch 1, which plugs into the
    router.

    What I find now is when I try to ping an IP on the new range, I get a reply
    from the firewall but TTL is expired in transit. I beleive I need to add an
    entry to the firewall but not sure what to put in it.
     
    Jack H, Dec 21, 2005
    #5
  6. Switches are chained (switch 2 plugs into switch 1, which plugs into the
    I'm assuming these are layer 2 switches. please tell me if I'm wrong.
    what vlan nunber are you using, and on which switch? if you want both
    subnets to go through both switches, each switch need to be on the same
    vlan, or you need to configure the uplink ports as vlan trunks (they will
    pass traffic on both vlans).

    Oliver
     
    Oliver O'Boyle, Dec 21, 2005
    #6
  7. Stranger

    Jack H Guest

    I bet that is what is wrong.

    According to DELL they are layer 3 switches. Power connect 5324.

    on the switch that will have both ip ranges, I added a VLAN called 2. maybe
    I should do the vlan trunks. What would suggest?
     
    Jack H, Dec 21, 2005
    #7
  8. According to DELL they are layer 3 switches. Power connect 5324.

    Ah. well. Layer 3 switches work differently. They switch by IP, not by mac
    (for the most part). So you also have that to deal with.
    if you want to keep them chained, and you want them in separate VLANs, then
    create 2 VLANs; one on each switch. Configure the uplink ports as trunks,
    and make sure they have both VLANs in the trunk. Make sure the router
    interface has 2 VLANs configured with the same numbers as your switch VLANs
    (you'll need to use subinterfaces; one for each vlan) and give each VLAN an
    IP address for the appropriate subnet.

    This will effectively allow the switches to see the router, but keep the
    segments separate. Once the router can be pinged by the switches, it should
    be able to route automatically, because it will show the VLANs as connected
    interfaces. This means the routing table will automatically be populated
    according to your needs.

    You might, however, want to consider putting your server (with 2 NICs) on
    both switches (VLANs). If you don't do this, you will need to configure the
    router to act as a DHCP relay agent, otherwise your second VLAN won't get
    their IP addresses. It works, but it's probably better for you to add 2 NICs
    in this case. Doing so will have the added benefit of taking some strain off
    your router and server's first NIC.

    Oliver
     
    Oliver O'Boyle, Dec 21, 2005
    #8
  9. Stranger

    Stranger Guest

    Well, there is more to it.

    I actually have two of the power connect 5324's in the room. The server has
    2 nics, one going to each switch. There is a fibre run from each switch to
    another area os the building where there are 2 more switches. This was done
    for some redundancy.

    Basically, All I want to do is have PC's be able to obtain an IP from the
    new range that is on the same subnet. I also want to be able to access the
    PCs on either ip range.Without getting to difficult.

    I added an IP from the new range to the one server nic. Added the static
    router in the router/gateway, added a static route in the firewall under
    router, added the second VLAN on the one switch with an IP from the new
    range, then the new switch at the end has the default vlan with the new IP
    range.

    So, now when I try to ping an IP on the new subnet, it goes to the
    router/gateway, that passes it to the firewall and hten it expires in
    transit.

    With all this, what do you think would be the easiest way to move forward.
    Routing is not my strong point.
     
    Stranger, Dec 22, 2005
    #9
  10. Stranger

    Stranger Guest

    I've tried one other thing. I removed the second VLAN from the switch and
    added an IP from the new range to the default VLAN. Does this make anything
    easier?
     
    Stranger, Dec 22, 2005
    #10
  11. Stranger

    Stranger Guest

    Ok, I think I have created a loop, not because of the vlan issue though.

    I did a tracert to the new IP on the default VLAN. It goes to the
    router/gateway (172.20.4.1) then to the firwall (172.20.4.2) and then back
    and fourth. :)
     
    Stranger, Dec 22, 2005
    #11
  12. Stranger

    Stranger Guest

    I think I'm getting close here. I have now removed the static route in the
    firewall under router and when I try to ping the IP on the new range it goes
    to the router->firewall and then it is sending it to the ISPs server.
     
    Stranger, Dec 22, 2005
    #12
  13. In
    Curious, do you have a Visio drawing of your infrastructure and/or how you
    want it to route traffic? If you do, it maybe easier to post it to html on a
    site somewhere to see instead of attaching it here.

    You've got alot going on here and probably would be easier if we were able
    to see a 'visual' of it.

    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    If you are having difficulty in reading or finding responses to your post,
    instead of the website you are using, if I may suggest to use OEx (Outlook
    Express or any other newsreader of your choosing), and configure a newsgroup
    account, pointing to news.microsoft.com. This is a direct link into the
    Microsoft Public Newsgroups, and it is FREE and DOES NOT require a Usenet
    account with your ISP. With OEx, you can easily find your post, track
    threads, cross-post, and sort by date, poster's name, watched threads or
    subject.

    Not sure how? It's easy:
    How to Configure OEx for Internet News
    http://support.microsoft.com/?id=171164

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft MVP - Windows Server Directory Services
    Microsoft Certified Trainer
    Assimilation Imminent. Resistance is Futile.
    Infinite Diversities in Infinite Combinations.
    =================================
     
    Ace Fekay [MVP], Dec 22, 2005
    #13
  14. Stranger

    Jack H Guest

    I'm going to work on that today. I should have one. I will let you know
    when it is posted.

    Thanks!!


    "Ace Fekay [MVP]"
     
    Jack H, Dec 22, 2005
    #14
  15. I'm going to work on that today. I should have one. I will let you know
    Thanks Jack.
     
    Oliver O'Boyle, Dec 22, 2005
    #15
  16. In
    Thanks, be looking forward to it. I think it will help simplify this a bit.

    Ace
     
    Ace Fekay [MVP], Dec 23, 2005
    #16
  17. Stranger

    Stranger Guest

    Stranger, Dec 25, 2005
    #17
  18. In
    Slow loading. I had to reload it about 8 times before it gave me a complete
    image.

    Trying to re-read the thread, which is lengthy with alot of info, maybe I
    can just say some basics to keep in mind. The default gateway for any
    network is the doorway out of the network. If there are multiple gates, it
    will not work (if there are multiple NICs on a router). When selecting which
    gate to use, keep in mind the direction that you want traffic to move. Your
    drawing is nice, however, I was looking for more specifics. In some places
    you have the default gate specified, but I don't see where that specific
    interface is on a router or another machine. Here's a static routing example
    I drew up for my students in an infrastructure design course, or at least
    the routing portion of it.

    http://www.fekay.com/StaticRouteExample.htm

    Ace
     
    Ace Fekay [MVP], Dec 27, 2005
    #18
  19. Stranger

    Stranger Guest

    Hi!!

    I'll put some more detail into the drawing.

    The gateway is on the drawing under Park - main site

    It is the Cisco 2811 172.20.4.1

    There are static routes in the 2811 for the other networks

    I guess where I am confused is....well, obviously my routing skills are not
    that strong. :)

    My goal is to add another DHCP scope to the existing network. I did speek
    briefly with dell regarding the switch and he told me not to bother with
    adding a VLAN and the switch would just pass the traffic. Does that make
    since?

    Anyway, I let you know when I have added more info and put it on a faster
    download location.

    Thanks for all your help.


    "Ace Fekay [MVP]"
     
    Stranger, Dec 27, 2005
    #19
  20. In
    Expired in transit usually means it either has no route to it or it doesn't
    exist.
    You probably have the routers' default routes pointing to each other in the
    two routers (the "gateway", as you call it, and the "firewall").

    Follow my example. Another way to figure out routes, is imagine you are
    sitting in a room. There are two doors. One door leads to the hallway that
    leads to the front door of the building. The other door leads to an adjacent
    room. Which door would be the default route?

    Updated link (working on rearranging the site):
    http://www.fekay.com/SupportBlogs/StaticRouteExample.htm

    Ace
     
    Ace Fekay [MVP], Dec 27, 2005
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.