5

Here's my question. I currently have a network setup to have Static IP manually assigned between 192.168.1.1 and 192.168.1.99 and the rest (192.168.1.100 through 192.168.1.254) assigned automatically by DHCP server hosted on a IPCop server.

Now, I'd like to expand my DHCP range in the 192.168.2.xxx so that I have 254 new slots for DHCP.

First, is this possible to have a DHCP Range splitted between 192.168.1.xxx and 192.168.2.xxx, if so, how to do it (remember i'm using IPCop), if not, what are my others possibilities?

Thank you very much in advance for your help.

Ward - Reinstate Monica
  • 12,788
  • 28
  • 44
  • 59
Marc-Andre R.
  • 2,189
  • 2
  • 21
  • 21

5 Answers5

16

This is going to be slightly tricky if you're intending to treati this as one big subnet, because 192.168.1.0 to 192.168.2.255 isn't correctly aligned on the right boundary for a /23 subnet, so you can't treat it as 192.168.1.0/23.

If you're completely set on using specifically 192.168.1 and 192.168.2 then you'd need to use a subnet of 192.168.0/22, which is actually the range from 192.168.0.0 to 192.168.3.255. Mostly that just means changing the subnet mask on your whole network to 255.255.252.0

However once you've done that your DHCP server should be perfectly happy serving IPs from the continuous range 192.168.1.100 to 192.168.2.254.

Alnitak
  • 20,901
  • 3
  • 48
  • 81
  • 12
    +1 - The poster shouldn't get hung up about where the new addresses come from. Change the subnet mask to /23 (255.255.254.0) on all the hosts, and 192.168.0.1 - 192.168.1.0 become available addresses. (As an aside, I love networks larger than /24's because you get to assign IP addresses with "255" and "0" in the last octet. I love seeing the heads of people who don't understand IP routing explode when they see a working host with a x.x.x.0 or x.x.x.255 IP address... >smile<) – Evan Anderson Nov 25 '09 at 20:04
  • yup, although it's not a good idea to assign public ideas ending in .0 and .255 - I've seen websites (including at one time, Microsoft's) that'll refuse requests from those IPs because of misconfigured firewalls that believe that a "class C" block address can't end in .0 or .255 – Alnitak Nov 25 '09 at 20:06
  • p.s. I didn't recommend extending downwards into 192.168.0 because that would then require two DHCP pools - going upwards at least allows a contiguous pool. – Alnitak Nov 25 '09 at 20:07
  • 5
    Phh... "pools" of IP addresses assigned for aesthetic reasons (and based on his range starting at ".100", it's clearly not for anything other than aesthetics) is silly. Set the DHCP range to extend through the entire subnet, make reservations for devices with static IP address, and hand everything else out. The DHCP database becomes your "IP address spreadsheet". Use DNS and hostnames _religiously_ and be adamant that IP addresses of hosts "mean" nothing. – Evan Anderson Nov 25 '09 at 23:35
2

Don't know for IPCop, but Microsoft DHCP scopes can be larger as you want; you can't resize them, though, so if you want a bigger scope you need to drop the existing one and re-create it.

Massimo
  • 68,714
  • 56
  • 196
  • 319
  • Thank for the answer.. Actually I'm not using MS DHCP server on my AD Server because I need a proxy server (school environnement) to control what student are watching on the web so the DHCP much be manage by the same box... Thanks anyway ;) – Marc-Andre R. Nov 25 '09 at 19:53
  • I know, I read your question ;-) That was for saying DHCP scopes **can** be larger than a single class C network, so you can probably set up something like that on IPCop too :-) – Massimo Nov 25 '09 at 19:57
  • 1
    The requirement for a proxy does not dictate which machine runs the DHCP service. – John Gardeniers Nov 25 '09 at 21:31
  • @John: Sounds like he's got some silly proxy server that peeks into the DHCP server's lease table to figure out if a computer is a "student computer" or a "teacher computer". Silly proxy developers-- computers aren't people, and people don't have IP addresses. It's almost 2010 here-- authentication to proxies should be based on user credentials, not the source IP address... >sigh – Evan Anderson Nov 25 '09 at 23:37
  • @Even : Yeah that's kind of silly that proxies still work by IP assignment these days but oh well... Would be cool to work with LDAP Auth instead but in a school that's kind of PITA to implement this as user will all yield because "it doesn't work" straight out of the box... I'll maybe try to switch to MS DHCP, at least first test it to see if the proxy correctly catch it, if so, this would be the easier solution. If not, I'll try to figure out to configure dhcpd correctly. – Marc-Andre R. Nov 26 '09 at 14:28
0

Below sample config which is used in CENTOS 6.4 with DHCPD server.

subnet 192.168.0.0 netmask 255.255.252.0 {
            option routers 192.168.1.1;
            option domain-name-servers      8.8.8.8,208.67.222.222;
            option subnet-mask              255.255.252.0;
            range           192.168.1.2 192.168.2.254;
            filename                "/pxelinux.0";
            default-lease-time      21600;
            max-lease-time          43200;
            next-server             192.168.1.1;
    }
0

if you do this in windows dhcp you'll actually create a super scope because you'll be creating a scope that spans your current subnet boundary. you'll wind up with two scopes. i'm assuming ipcop will do the same. you'll need to configure routing for clients on each scope to be able to communicate with each other.

my recommendation would be to create a new scope with a subnet mask that meets your current and future host needs.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
0

IPCop appears to use dhcpd, which will give you an error when you try a configuration that has multiple dhcp address pools on the same interface. You'll need to use the 'shared-network' declaration like this in the dhcpd config:

shared-network somename {
    subnet 192.168.1.0 netmask 255.255.255.0 {
        option routers 192.168.1.1;
        range 192.168.1.100 192.168.1.254;
    }
    subnet 192.168.2.0 netmask 255.255.255.0 {
        option routers 192.168.2.1
        range 192.168.2.2 192.168.2.254
}

Once the pool 192.168.1.100 to 192.168.1.254 is all assigned, dhcpd starts using 192.168.2.2 to 192.168.2.254. Of course, you'll need to add a second router ip address on the same interface (192.168.2.1 in the example above) since the class C netmask (255.255.255.0) prevents 192.168.1.x subnet hosts from seeing the 192.168.2.x subnet hosts and vice-versa - thus there must be a router on the each subnet. If that doesn't suit your requirements, you could consider using a different netmask - i.e. 192.168.0.0 with netmask 255.255.253.0 makes a subnet from 192.168.0.1 to 192.168.3.255.

70Mike
  • 21
  • 5
  • This looks about what I want, If alnitak would please like to clarify the logicial for the two subnet, I think we have something here. – Marc-Andre R. Nov 26 '09 at 14:32
  • No, this is _bad_. What he's proposing is to run two logical subnets over the one physical network, with a DHCP pool for each logical subnet. This also needs an IP router sat in between to route the traffic between the two networks. Just changing your subnet mask (per my answer) would be far simpler. – Alnitak Nov 26 '09 at 15:55
  • 1
    (BTW, I should point out that having 200+ hosts all in one broadcast domain isn't normally a good idea, and subnetting is general a good thing. However 70Mike's answer proposes that the clients are still all on the same Layer 2 broadcast domain, so it ends up with all of the disadvantages of a single broadcast domain network, with none of the advantages of subnetting). – Alnitak Nov 26 '09 at 16:04
  • 2
    @Alnitak "having 200+ hosts all in one broadcast domain isn't normally a good idea" I agree, but the question is "how do I do this?", not "what should I do?" If the criteria are that it's necessary to add another IP address pool (192.168.2.x) on the same physical network without messing with the existsing static IPs (up to 192.168.1.100) or change the netmask for them, then I think this is the way to do it. – 70Mike Nov 26 '09 at 20:33