Announcement

Collapse
No announcement yet.

DHCP Superscope issue

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DHCP Superscope issue

    Hi all,

    I have an issue with a newly created superscope on my DHCP server, current config is:

    original IP scope =192.168.3.100 -192.168.3.250 this is now virtually full, so i've added a superscope of 192.168.2.100 -192.168.2.199.

    The network consists of a number of HP 2810 switches and a Watchguard acting as a router and firewall. I know I need to add a route to the DHCP server ( which is also the DNS server) and add the IP address to the Watchguard interface as a secondary addtress. Both of these i can do, however i'm confused as to what actual addresses I should add to these devices to allow DHCP serving, and routing between the 192.168.3.x addree range and the 192.168.2.x range.

    Currently the Watchguard router interface is configured as 192.168.3.2 the DHCP server (and DNS) are on 192.168.3.3

    Any pointers would be gratefully recieved.

    Phil.

  • #2
    Re: DHCP Superscope issue

    A superscope isn't simply 2 ranges together with blank spots in the middle, they all have to be in one 'address space'. And under the rules of network masks, etc., your 'superscope' would more correctly be 192.168.2.0 / 23 (255.255.254.0), which includes 192.168.2.1 - 192.168.3.254 as one block, with the network mask I gave you used in all cases. That way, you don't route between any 2 addresses in this range. Otherwise, you've simply got 2 different subnets, meaning 2 VLANs. And that means you have to route between them.

    If that's what you wanted, then yes, you will have to add the subinterface to the Watchguard. That subinterface will be the gateway for that subnet. The DCHP server will have to have a new scope defined for the new subnet, and so forth.

    If you want to use the superscope as a single address range, I'd change the WG interface IP to 192.168.2.1, your DHCP/DNS to 192.168.2.2, the management addresses for the switches to the far end of the range, and your DHCP scope to everything in between. Make address reservations as needed for things like printers or other servers, and rest will be taken care of.

    Since these address ranges are private you can do what you want with them.
    *RicklesP*
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **

    Comment


    • #3
      Re: DHCP Superscope issue

      Thanks for that, It sort of makes sense. I don't really want to have to set up VLAN's as that's overkill for what i need, so i'd prefer the 2 subnet solution. On that basis, what would the new gateway address be that would need adding to the watchguard as a secondary interface 192.168.2.100 ? I assume I would also need to add this as a secondary IP bound to the DHCP/DNS server network card ? Sorry to be a bit thick about this but networking isn't my area.

      Comment


      • #4
        Re: DHCP Superscope issue

        I think we missed each other, there. If you don't want VLANs, then you DON'T want '...2 subnets...'. Each VLAN is a separate address space. In your situation, assuming your subnet masks are 255.255.255.0 for both subnets you mentioned, one VLAN is 192.168.2.1 - .254, and another VLAN is 192.168.3.1 - .254. They are already separate VLANs, because traffic between the first subnet must be routed to reach anything in the other subnet.

        Superscopes are single subnets that are joined together to form a larger address space. Any address inside the larger range I gave you the other day is considered local to any other address inside that range, so no routing because you don't cross any boundaries. That's 1 big VLAN. There's only 1 gateway for any of that traffic to go thru.

        Keep this rule in mind: VLAN = subnet. The 2 terms are used interchangably. Every time you talk about subinterfaces and extra gateways, you're talking about multiple subnets, hence multiple VLANs.

        Sounds like you be better off hiring someone in to help you with your network planning, based on your own admitted lack of experience.
        *RicklesP*
        MSCA (2003/XP), Security+, CCNA

        ** Remember: credit where credit is due, and reputation points as appropriate **

        Comment


        • #5
          Re: DHCP Superscope issue

          Just to add a little technical clarification:

          @phil_H: Note that this is for informational purposes and IS NOT relevant to your scenario.

          A VLAN is NOT synonymous with a subnet.

          A VLAN is a layer 2 construct.

          A subnet is a layer 3 construct.

          Most often, hosts in one VLAN are in one subnet while hosts in another VLAN are in a different subnet, but this IS NOT a requirement. It's perfectly valid to have hosts in different VLAN's on the same subnet. Hosts in one VLAN will not be able to communicate with hosts in the other VLAN even though they are on the same subnet, but there's nothing technically incorrect about them using the same layer 3 ip address space.

          Comment

          Working...
          X