0

Hello I wanted to see if someone could help with a network problem I am having. Right now we have a super-scope and scopes of 192.168.50.1 and 192.168.51.1, as of now both are activated but only 192.168.50.1 is handing our leases, 192.168.51 wont. here is a summary of our network

Gateway: watchguard firebox x750e for our router/gateway at 192.168.50.1 I set up as a secondary IP address 192.168.51.1

Server: Server 2008 r2 standard, running our DNS @ 192.168.50.242 and 8.8.8.8 as a secondary, AD, and DHCP. On that NIC card i have 192.168.50.242 as the IP address and 192.168.51.242 as a secondary. 192.168.50.1 as the default gateway and 192.168.51.1 as a secondary.

Im am not very knowledgeable at this but as far as i have researched after adding a super scope and activating scopes, they should automatically start handing out addresses and I cant figure out why only one does. any help at all would be appreciated.

Vdub
  • 148
  • 1
  • 8
  • Have you created any VLANs? What was the reasoning behind using superscopes and not scopes when the DHCP role was configured? – Colyn1337 May 29 '14 at 18:26
  • Why are you using a superscope? – joeqwerty May 29 '14 at 18:54
  • No VLANs, we have the scopes inside of the superscope and I did not originally set this up. the previous IT guy did but he told me it would work fine when activating the second scope and that didn't happen. Not sure if he blows smoke sometimes. – Vdub May 29 '14 at 19:55

3 Answers3

1

There is probably no reason to keep it like this, it's unnecessarily complicated. 192.168.50.0/24 and 192.168.51.0/24 can be combined into one subnet, 192.168.50.0/23, so you could reconfigure that on the DHCP server and get rid of the Superscope. Then configure it as 192.168.50.0/23 on the router/vlan as well. The only issue is going to be subnet mask and gateway on statically configured devices, so you might have numerous touch points. DHCP clients will pick up the new subnet mask next time they renew.

It's probably the case that you ran out of IPs on 192.168.50.0/24 at some point and another was added as a "secondary" as a quick and dirty way to get more address space on that wire/vlan. Superscope is a way to join those two /24's on the DHCP side telling the DHCP server that both of these scopes are on the same wire and thus recognize that any clients or relay agents coming from either subnet should be treated as being on the same wire/vlan. This is more commonly used when the subnets are non-continguous, e.g., if it was 192.168.50.0/24 originally then you added 192.168.66.0/24 as a secondary network to get more space.

The behavior you see is thus normal. You won't see the DHCP server start handing out addresses from the newly-enabled scope (under the Superscope) until all addresses in the first scope (192.168.50.1) are all used up. And existing DHCP clients will continue to directly renew the IP they already have.

milli
  • 166
  • 3
  • Sounds great thanks for the help. One more question, on my DHCP server's NIC card should I have 50 and 51 IP addresses, gateway and DNS or will it just keep it all on x.x.50.x? – Vdub Jun 02 '14 at 17:52
  • If you convert over to 192.168.50.0/23, then your only gateway is 192.168.50.1 and you only need one address on the NIC and it can be the 50.x or 51.x but you don't need both anymore. – milli Jun 02 '14 at 20:45
0

Are you sure you are really having a problem?

Superscopes are useful when you join two physical subnets, each with its own scope and DHCP server. They solve the following problem: client disconnects from scope A, then reconnects and asks for renewal of lease, but server B is quicker and, ignoring the existence of a superscope, declines the request of lease renewal; the client will then have to re-issue a DHCP discovery signal, and may be offered a lease by server B within scope B. Thus the client is now cut-off from its original network, and inserted into a subnet for which it may not be configured. This may happen every time every client disconnects.

By configuring a superscope, you are basically allowing server B, now assumed to be aware of its participation in a wider scope than its own subnet, to renew the lease of the client in subnet A, basically keeping all configurations intact.

In your network, you have a single DHCP server, and, if I understand right, a single physical network. Thus there is no difference between a superscope and a single scope with netmask 255.255.254.0 instead of the usual 255.255.255.0. Since there is only one DHCP, it will start dishing out addresses in the 192.168.51.0/24 scope only after it has exhausted addresses in the 192.168.50.0/24 scope. Depending on the size of your network, you may ascertain whether you are there yet or not. Judging from the OP, I would guess not.

MariusMatutiae
  • 184
  • 9
  • This is not what (MS-DHCP) superscopes are about. [***This***](http://technet.microsoft.com/en-us/library/cc958938.aspx) is. – the-wabbit May 30 '14 at 07:46
  • 1
    @syneticon-dj You are wrong, syneticon-dj. Read after Table 4.3, you will see that Microsoft Tech makes **exactly** my point above. Can I have my two points back, now? – MariusMatutiae May 30 '14 at 08:20
  • 1
    I am not wrong, you have a misconception about superscopes which you've expressed in your answer above. But you surely can have the 2 points back if you clarify that superscopes are only useful for implementing multiple logical IP subnets in a single [broadcast domain](http://en.wikipedia.org/wiki/Broadcast_domain). Note that a vote, once casted, cannot be changed unless the answer has been edited since. – the-wabbit May 30 '14 at 08:37
  • BTW: there *is* a difference between a superscope including two IP /24 networks and a single /23 - for the first case your default router would need to have two IP addresses (one for each subnet) and need to route traffic between the logical subnets, despite the hosts being technically able to communicate with each other directly. It is a pain in the bum to set up, manage and debug too, so I would not recommend using logical netting (and thus, using superscopes, too) to anyone now that VLANs are implemented all over. – the-wabbit May 30 '14 at 08:43
  • @syneticon-dj Not suggesting that a superscope with two subnets and a /23 subnet are the same: I am saying that in the OP's network there is no client initially with an IP address in the second scope, so that, so long as the first subnet has enough addresses, no address will be given in the second scope. In a **real** superscope, instead, one of the DHCP servers is actively dishing out IP addresses in the second scope even though the address space of either scope is far from exhausted. Which is the reason why the OP did not see any address in the second scope, which is what puzzled him. – MariusMatutiae May 30 '14 at 08:53
  • So what you are saying is that my server wont hand out addresses from the second scope until all of the addresses in the first scope are depleted? @MariusMatutiae I gave you back your +1 :) seems as though both statements are correct. Also should I have a 192.168.51.x ipaddress set up for DNS as well? or just leave is 192.168.50.242? – Vdub May 30 '14 at 16:46
  • @Vdub Thanks, ;-). The part I do not understand is why you need a superscope in the first place. You only have one DHCP, and you seem to have only one physical net. Are you close to depleting the subnet address space? If not, I embrace syneticon-dj's comment that they are a pain, and would advise you to dispense with it altogether. That would solve all of your doubts, and make your like a heck of a lot easier. – MariusMatutiae May 30 '14 at 17:24
  • I'm not sure the previous IT guy set it up, when I got here there were the 2 scopes under the super scope but only one was activated. A couple times we had used 96% OF OUR 254 addresses so I activated the other one. I am really not sure what the difference is between having 2 scopes in a superscope or just having 2 scopes lol doesn't seem to be to much of a difference. I would use VLANs but i am very unfamiliar with them so obviously a n00b. If the second scope will hand out addresses after the first is depleted that's all I need anyway so that's good. thanks for the help! – Vdub May 30 '14 at 22:50
  • Okay, so this answer is badly worded in regards to what Superscopes do, but suffice it to say the jist of it is correct. Superscopes tell the DHCP server to recognize BOTH gateways as relay agents for BOTH scopes (and any direct clients). They are treated as matching the Superscope, i.e., a relayed DHCP request from 192.168.50.1 is equivalent (for matching) as 192.168.51.1 and thus a request from either of these will match the Superscope. Once that decision is made, the behavior now will be to use IPs from the first scope until all used up, then start issuing from the second scope. – milli May 31 '14 at 15:10
0

I think the difference here is not having to re-ip all of the network devices. The router can route all packets over a VDOM interface (I believe) between the two networks if any communication across the scopes is required.

The physical router port becomes a point of failure but if all you need is more addresses and the network wasn't previously designed to be extendable maybe a super scope isn't a horrible option while you plan for a total re-IP.

Additionally couldn't you use the super scope to slowly migrate into a new IP scheme? I think so.

Jason Vivier
  • 1