Single /24 with multiple DHCP pools a bad idea?
-
I have four DHCP pools in the same /24 range.
.x.102 - .x.148
.x.161 - .x.165
.x.51 - .x.78
.x.167 - .x.208Any reason this should not work or cause problems?
What happened recently:
Windows was showing an exclamation point on the network icon and saying 'no internet access'. The computers could talk fine to the internet. I had two did not work (out of a dozen) and required a reboot, which resolved it.
From what I could see we ran out of IP address. Technically we had enough, but leases had not expired yet. I blame myself as I have been bring online test boxes in my VMware environment.So I extended the last range from 208 to 219 - adding 11 available IP addresses.
Yesterday we had two computers show the exclamation point, 'no internet access' ; but they worked perfectly fine on the internet. The DHCP pool showed as having IP's available in the last range.
Log files show normal DHCP discovery, renew, etc. No errors I can find. My only guess is this has something to do with the multiple pools being full and having the last pool mostly full?
Thoughts or feedback is appreciated.
-
A more relevant question would be why would you do that? Why not just have 1 big block?
-
Yes you can do that and it's fully supported for people who want different settings for the different pools.
However, it's probably a good idea to merge all of your pools to a large single one so that you don't run out of available addresses on such small pools. Just delete the three additional ones and make the first one for example .50 - . 210 or even larger. Make sure that your static leases are outside of this pool.
-
" My only guess is this has something to do with the multiple pools being full and having the last pool mostly full?"
GUESS is right.. That little ! mark normally means NCSI ran into a problem.. ie had a hard time doing a dns query to the internet or getting a txt file.
http://blog.superuser.com/2011/05/16/windows-7-network-awareness/
That article is a bit dated, and I think its changed up a bit - but in general still works like that my the url or dns query might have changed a bit… Have not had to look into this in years and years.
NCSI performs a DNS lookup on www.msftncsi.com, then requests http://www.msftncsi.com/ncsi.txt. This file is a plain-text file and contains only the text Microsoft NCSI.
NCSI sends a DNS lookup request for dns.msftncsi.com. This DNS address should resolve to 131.107.255.255. If the address does not match, then it is assumed that the internet connection is not functioning correctly. Nor did I can what version of windows you running.
-
A more relevant question would be why would you do that? Why not just have 1 big block?
Opening the first envelope; "the network and ip scheme is what I inherited."
I'm working around static devices by breaking up the pool.
It's like this because various systems / devices have static IP's. The phone system is one that requires a vendor to change up which costs $.
Printers and a few other things that were in the middle of the DHCP range with a static address.
If I make one big block, it is not possible to add a static address in that block; pfSense will not let you choose the IP of the device if it is in the DHCP range. I'm seeing I can leave the IP blank; but does that assure me pfSense will reserve that IP for that MAC?
Hope that explains a bit. Thanks!
Keep in mind that this worked fine until we ran out of DHCP leases.
-
@kpa:
Make sure that your static leases are outside of this pool.
That is where my real problem is. It was a mess at one point with static printers in the DHCP pool. People rebooting critical equipment so they would get a different lease and then having to call vendors to 'fix' to a new ip …
If I could set a reserved IP lease inside the DHCP pool, I would have no issues.
Thanks for the thoughts. It's been ~24 hours without any incident.
-
You are doing it the correct way.. You can create multiple pools to work around statics inside a block.. This is not the root of your problem.
Yes you could could have problem with the ! that there is no internet, if you could not get a lease.. But that is simple enough to just.. Just ipconfig /all on the windows machine - do you have an IP you should have or is its something 169.254 (APIPA) ?? Then yeah your going to get the ! for no internet access.
But you stated your getting the ! even though internet is working. Which just points a problem with the NCSI of windows and how it tells if it has internet or not.. Could be dns related, etc.
Sounds like you inherited a MESS ;) I would would plan on a redesign, etc. Phones should not really be on the same network/vlan as your other devices. If it cost money to change them… Then just leave them on the network they are on and create new networks for yoru other devices like printers and user machines, etc.
-
Thanks everyone for the help. You have confirmed that the problem isn't something bigger than it is. Yesterday and today it's been quiet, no reported issues.
I did inherit some fun.
In a few weeks a point to point fiber between the two buildings should be online; this requires a phone system change up. Perfect excuse to get phones on a separate network!
Your thoughts on the NCIS is interesting. If I had time, a wireshark dump would be interesting.
Thanks again!
