1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New job, new network problem

Discussion in 'General Cisco Certifications' started by Andy_M, Jan 20, 2011.

  1. Andy_M

    Andy_M Bit Poster

    31
    0
    14
    Hello

    Well I started a new job and have been busy over chrismas so put away the studying for CCNA at the moment.

    With a new job comes a new network and boy is the design weird. I am hoping to create three subnets but not sure how to go about this.

    The Network
    At the moment all traffic comes in via ISA Firewall, from there goes into a three stack switch which leads to servers, and patch panels.
    Three Floors.

    the internal network has all machines, devices and servers on a single subnet & IP.
    10.0.10.x
    255.255.255.0

    For starters why has this got a Class C subnet on a Class A IP?

    With all of that in mind, the network has two DHCP servers and DNS servers.
    it has an exclusion zone for servers, which the remaining network has about 3% usable IP's after all machines connect, I would hate to see the Arp storms currently on this network.


    The Fix
    How can i seperate the IP pools per Floor, what network details am i using, how to sort this?
    The switches are Netgear GS748TS x2, GS724TS x1.

    I am thinking of doing a VLan on the switches per floor, from there I don't know how to assign IP pools per VLan, and what details.

    Pool A will continue having 10.0.10.x 255.255.255.0, was thinking Pool B 10.0.11.x (not sure of subnet, trying to avoid subnet arp storms for entire network), and Pool C 10.0.12.x

    I am trying to get more usable IP's per Floor and have spares.

    Any ideas on what to do would be great, I have a spare switch I can test with.

    Thank you
     
    WIP: CCNA
  2. drum_dude

    drum_dude Gigabyte Poster

    1,547
    46
    113
    I may be wrong, but this stinks of a managed subnet! Is the ISP managing your subnets?
     
    Certifications: MCSA , N+, A+ ,ITIL V2, MCTS
    WIP: MCITP 2008 Ent Admin, Server Admin, Exchange 2010, Lync 2010, CCNA & VCP5
  3. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    It hasn't got a class C subnet - It's a class A address that has been subnetted. Ordinarily I'd use '[pedant] [/pedant]' tags there, but for your network it's quite pertinent so I'll leave them out :)

    Why don't you just change the subnet mask to /23? If you don't need to worry about separating traffic for security purposes, changing the mask to give you double the current addresses you have would surely solve your problems?

    Don't try to overengineer solutions to problems when the simplest one will work with no ill-effects. Of course, there may be a reason why your company is using a /24 bit mask - but I suspect there isn't.
     
    Certifications: A few
    WIP: None - f*** 'em
  4. Modey

    Modey Terabyte Poster

    2,397
    99
    154
    You have a section in your post called 'The Fix'.

    I think the first question to ask is, do I need to fix it? You mention ARP storms more than once, but is that actually happening? How many devices in total are on the network at the moment and how much will it grow by in the future?

    It could be that the number of devices is never likely to change very much. The switches you have my well be coping very easily with the current traffic levels and there might be no need to use subnets or vlans.

    I would be cautious about changing to much too soon unless it's actually necessary.
     
    Certifications: A+, N+, MCP, MCDST, MCSA 2K3, MCTS, MOS, MTA, MCT, MCITP:EDST7, MCSA W7, Citrix CCA, ITIL Foundation
    WIP: Nada
  5. Andy_M

    Andy_M Bit Poster

    31
    0
    14
    Not sure who setup this network but I don't like it.
    Changing the subnet on the servers is a no go, custom applications are installed as part of our product and cannot risk live servers going down because of this.
     
    WIP: CCNA
  6. Andy_M

    Andy_M Bit Poster

    31
    0
    14
    The growth of the company is steady and will run out of IP's soon, the fact that we are planning for a WAN in our american based office will bring the problem even closer (nothing planned yet but rumours it will happen)

    The devices seem to be working ok but would like to tidy up the Floors per IP range, maybe this change isn't needed but with growth I imagine it will be soon.
     
    WIP: CCNA
  7. drum_dude

    drum_dude Gigabyte Poster

    1,547
    46
    113
    Andy, it seems that the subnet has been dictated by your ISP. Also, it seems that you have a solution that is looking for a problem.

    Question: is there a problem?
     
    Certifications: MCSA , N+, A+ ,ITIL V2, MCTS
    WIP: MCITP 2008 Ent Admin, Server Admin, Exchange 2010, Lync 2010, CCNA & VCP5
  8. Andy_M

    Andy_M Bit Poster

    31
    0
    14
    Running out of usable IP's
     
    WIP: CCNA
  9. drum_dude

    drum_dude Gigabyte Poster

    1,547
    46
    113
    When will that happen?
     
    Certifications: MCSA , N+, A+ ,ITIL V2, MCTS
    WIP: MCITP 2008 Ent Admin, Server Admin, Exchange 2010, Lync 2010, CCNA & VCP5
  10. Andy_M

    Andy_M Bit Poster

    31
    0
    14
    Within the next four / six weeks.
     
    WIP: CCNA
  11. drum_dude

    drum_dude Gigabyte Poster

    1,547
    46
    113
    You need to ascertain where the subnet etc comes from i.e. was it provided by BT or was it something someone dreamt up! To me, a 10 range on a class C subnet is very BT-ish and is quite standard with their IP Clear or IP Stream services. Is the router sitting on the same range at 254?

    Also, you have one subnet, so why two DHCP servers? You're in the same building and most likely linked up through fast ethernet so I cannot understand why you have two DHCP servers?

    You can vlan to your heart's content but those IPs will still be eaten up if the users demand it! As for the ARP storms, just forget that!
     
    Certifications: MCSA , N+, A+ ,ITIL V2, MCTS
    WIP: MCITP 2008 Ent Admin, Server Admin, Exchange 2010, Lync 2010, CCNA & VCP5
  12. Andy_M

    Andy_M Bit Poster

    31
    0
    14
    Current provider is EasyNet.
    Two DHCP, DNS Servers because we require redundancy, our services requires uptime of our systems to ensure our SLA is met.

    All external IP's issued to us and the Default GW, are on the 255.255.255.240 subnet
     
    WIP: CCNA
  13. drum_dude

    drum_dude Gigabyte Poster

    1,547
    46
    113
    I see...excuse my ignorance! I must stop applying my own experiences to that of others!

    If that is the case I am 100% with Zeb on his advice!
     
    Certifications: MCSA , N+, A+ ,ITIL V2, MCTS
    WIP: MCITP 2008 Ent Admin, Server Admin, Exchange 2010, Lync 2010, CCNA & VCP5
  14. Andy_M

    Andy_M Bit Poster

    31
    0
    14
    So setting a scope in DHCP?

    10.0.10.1 - 254 / 255.255.254.0
    10.0.11.1 - 254 / 255.255.254.0​

    With a reserve for Servers and Devices.

    How do I allow set Floors to the IP pool, or just add the entire scope to DHCP 10.0.10.1 - 10.0.11.254 and allow all hosts to get whatever?
     
    WIP: CCNA
  15. Modey

    Modey Terabyte Poster

    2,397
    99
    154
    I don't think you need to subnet the floors unless you start to get specific issues really. You could take a look at the switches and see if there are any warnings or errors in the logs if it's a concern.

    If you do decide to subnet the other floors, you could stick with the two DHCP servers and install relay agents on the floors.
     
    Certifications: A+, N+, MCP, MCDST, MCSA 2K3, MCTS, MOS, MTA, MCT, MCITP:EDST7, MCSA W7, Citrix CCA, ITIL Foundation
    WIP: Nada
  16. Andy_M

    Andy_M Bit Poster

    31
    0
    14
    Ok I think I will just make more usable host IP's and change subnet from /24 to /23
    I understand I will need to re-create the scope in DHCP, and make lease shorter to avoid duplication.

    Is it worth contacting EasyNet first or just create the scopes after hours and configure all Servers that have static IP to new subnet?
     
    WIP: CCNA
  17. SimonD

    SimonD Terabyte Poster Moderator

    3,463
    397
    199
    I have to ask, how many desktops v laptops do you have? I mean you have 254 addresses to play with (well minus the gw, broadcast and server addresses) so unless you're expanding that quickly that people didn't realise and didn't anticipate this I am confused as to why you're going to run out of ip's so quickly.

    The other thing to take into consideration is that you're more likely to run out of switch ports than IP addresses at this moment because you only have 120 ports.

    If you have an abundance of laptops being used on the LAN then I would perhaps look at reducing the lease time on the DHCP servers to clear up lease times. Are you also using split scopes on the DHCP servers? How are you putting in your redundancy?
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
    WIP: VCP6-CMA, VCAP-DCD and Linux + (and possibly VCIX-NV).
  18. SimonD

    SimonD Terabyte Poster Moderator

    3,463
    397
    199
    Why do EasyNet need to be notified of anything? you're not changing anything on the outside of your firewall are you?? so why involve EasyNet?

    As far as reducing the lease time is concerned, just be careful that you don't cause the network to flood itself with the renewal requests.

    You also need to be careful with your applications, this really does require some careful planning and ensuring you have a backout plan handy in case it doesn't work.
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
    WIP: VCP6-CMA, VCAP-DCD and Linux + (and possibly VCIX-NV).
  19. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Is VOIP involved? If you've got a VOIP system on the same network (and on the same subnet - don't laugh, I've seen this plenty of times) then that might explain where all your addresses have gone. Even with a healthy amount of laptops, having over a hundred addresses assigned to clients that aren't active is a helluva lot - unless, of course, your DHCP servers have got a spiteful lease time configured.

    I still think you're over-engineering it and should investigate changing the subnet mask - it shouldn't be disruptive - especially if you do it out of hours. Besides, you're going to a less restrictive mask, rather than a more restrictive mask - and that's always easier.
     
    Certifications: A few
    WIP: None - f*** 'em
  20. drum_dude

    drum_dude Gigabyte Poster

    1,547
    46
    113
    ISPs can provide and manage a subnet believe it or not. But the DHCP server would actually be the router itself. That sh1thole I walked out from had all their sites set up for that with some restricted to 5 IPs (so a sixth person couldn't get a lease) or right up to 254 IPs for their main site. It was a terrible setup that caused no end of issues for the brief time I was there but the Accountant was right and everyone in IT was wrong...@rsehole!

    Fome some silly reason I suspected the OP may of had the same setup.
     
    Certifications: MCSA , N+, A+ ,ITIL V2, MCTS
    WIP: MCITP 2008 Ent Admin, Server Admin, Exchange 2010, Lync 2010, CCNA & VCP5

Share This Page

Loading...