Announcement

Collapse
No announcement yet.

Running Out Of Scope

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Running Out Of Scope

    We currently have one DHCP scope at 192.168.0.x but were running out of room fast. I want to create more scopes to put deferent devices on their own scope so it would look something like this:

    192.168.0.x - WYSE Thin Clients
    192.168.1.x - Workstations
    192.168.2.x - Laptops
    192.168.3.x - Wireless Devices
    192.168.4.x - Printers

    Does anyone know how I can set up some kind of automatic filtering to achieve this?

  • #2
    Re: Running Out Of Scope

    You could look into option classes http://www.google.co.uk/search?q=dhc...Baer0gWmnICABw
    ((Sorry, not near a server or any proper documentation, but there will be enough links above to get you started)

    However, you may find the effort involved in mananging the classes is too complex and should perhaps consider a larger DHCP scope (perhaps 2 x class C) with a subnet to allow you to put servers, printers and other static devices in an adjacent class C (basically a DHCP scope with a 22 bit subnet (allows 4 class Cs in total) but block issue of addresses in one or two of them -- if you have no actual need to put different classes of devices in separate IP ranges this would be minimal work for you
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Running Out Of Scope

      You could make use of VLANs in this case.
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: Running Out Of Scope

        Sorry, but I want to know what people want to create so much more management work for themselve that is necessary. We run /23 /22 scopes and have Exclusions for things like Printers and Switches (which have Reservations(Server that have Static IPs) and WAPs depend on if they are manually controlled of have a Wireless COntroller to do the heavy lifting.

        What ever happend to the KISS method or is that too old school for old farts like me. Why complicate the simple stuff?

        It's just a question and NOT a criticism.
        1 1 was a racehorse.
        2 2 was 1 2.
        1 1 1 1 race 1 day,
        2 2 1 1 2

        Comment


        • #5
          Re: Running Out Of Scope

          Agree completely with you, Chris!

          But for some there is a "must use every applicable technology" regardless (or because) of complexity
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: Running Out Of Scope

            VLANs aren't complex, often it's much better to use VLAN's.
            For example:
            Assuming he need 5 DHCP scopes of a class C Network. Assuming those subnets can be filled you can have over 1200(!) clients (254 clients per subnet * 5 = 1270 client devices) That will be a major broadcast domain which can cause other issues.
            Without knowing other parts of his/her network imagine if he has somewhere a Microsoft NLB cluster running in the same VLAN.
            I've seen so many port flooding by unicacst NLB that it was able to slow down a complete network with only 500 clients.
            Separating traffic in smaller broadcast domains can resolve this.

            Another example:
            He's also talking about Wireless devices. What if you want to allow only certain traffic from the wireless users in comparison to the fixed workstations? You can create ACL's based on VLANs.
            http://www.cisco.com/en/US/docs/swit...c_vlanacls.pdf

            I'm not saying there are other methods (I know them most if not all ) but the "fear" of VLANs is just inaccurate. It can even simplify (yes it really can do) the network. Just by network troubleshooting it helps if you can map traffic flows based on VLANs.
            Secondly, without knowing his requirements, except he just want 5 DHCP Class C scopes you can also say that none of the solutions are applicable.

            So No I completely disagree with you guys. VLANs is just a viable option as creating large DHCP scopes. Since Tom already mentioned larger DHCP scopes, you tell me what is wrong with an other viable solution.
            Don't just think Microsoft. There's more then Microsoft out there

            And Tom: "must use every applicable technology" is just a piece of crap comment. You should know better then that.
            It doesn't hold any material to discuss or something to support this statement.
            Last edited by Dumber; 10th April 2013, 21:22.
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: Running Out Of Scope

              Regretfully, leaving everything wide open inside your system, these days, is asking for major problems if only 1 person has an infection or compromise, or actively seeks to damage your system. With VLANs dividing traffic, you can at least limit the damage, and more actively control who has access to what.

              This idea is called the 'Principle of Least Priviledge'. Any security-based guidance, just about anywhere, describes this, because the weakest link in any IT system is most often an internal employee/user. As long as your people are happy, you've got nothing to worry about. But it only takes a single angry soul to really screw things up for everyone in a fit of pique, or at least ruin everyone's day by accidentally bringing the system down. It sounds extreme, but that's what wide-open architecture allows, as painfull as it may be to hear.

              Your call, but can your company afford the downtime/repair time?
              *RicklesP*
              MSCA (2003/XP), Security+, CCNA

              ** Remember: credit where credit is due, and reputation points as appropriate **

              Comment


              • #8
                Re: Running Out Of Scope

                Marcel,
                I was not criticising you, but we have both seen posts here where people have jumped onto a bandwagon "because its there", and quite often regardless of actual need. At present the OP has < 254 devices (admittedly I do not know how fast their LAN is growing) so it seems that slightly expanding the current scope is the simplest option (Least Administrative Effort in MS terms). I don't think anyone mentioned a "fear" of VLANs.

                Lets keep this to helping the OP for now -- I can see some interesting (but definitely separate) discussions elsewhere in the future
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment

                Working...
                X