Networking

Create a superscope to solve the problem of dwindling IP addresses

If your organization is growing faster than you can supply IP addresses, you don't have to fear that you might soon be running on empty--a superscope can come to the rescue. A superscope is a versatile, cost-effective, and easy-to-use solution when you’re running out of IP addresses on a network. This walk-through will show you how to set up a superscope and configure it to assign IP addresses.

This article is also available as a PDF download.

The growth of the young company you work for as network administrator has surpassed all expectations. Everyone--especially the bosses--has every reason to celebrate. But the IT crowd isn't in the same celebratory mood. The reason? They're running on empty (or, more precisely: the DHCP server is).

The problem is that the DHCP server is fast running out of IP addresses to dish out to all the new computers being added to serve your company's growing staff complement. There's an exclamation mark hanging like an ill omen over the DHCP server icon (Figure A), an indication that you're dangerously close to the end of the available address pool.

Figure A

The exclamation mark next to the DHCP server name is a warning that the IP addresses from the scope have nearly been depleted.

When the company started out as a small business with 50 PCs three years ago, the 254 IP addresses a Class C subnet offered seemed more than enough for a long time. But now it's a different story. There are just eight unassigned IP addresses left. As the responsible network admin, what are your options?

You could lobby for another physical LAN (and thus another subnet), but that would mean you'd have to convince the boss to buy a router (or another one if you already have more than one physical LAN) and (maybe) another DHCP server. But suppose there's really no need for a separate physical LAN, apart from your IP address problem?

Changing to another IP address class--maybe Class B, which will provide you with more addresses--is another possibility, but again not a very attractive one. This time you'll have to justify purchasing this address range from your ISP and then face the prospect of migrating from the existing address range (scope) to the new one.

Enter: Superscope

Thankfully, there's a much simpler solution--using a superscope. What's a superscope? A kind of mother of all scopes. It allows you to add more than one scope (called child scopes, or member scopes) under one umbrella.


Note

Microsoft introduced the superscope feature with NT4 SP2.


Let's go ahead and create a superscope for the scenario described above. We'll assume DHCP is set up to use the scope 192.168.0.0. We want to add another scope from the same class (Class C), so let's use 192.168.1.0. But first we need to create a superscope. Here's how:

  1. Open DHCP.
  2. Right-click on the DHCP server.
  3. From the drop-down list, choose New Superscope (Figure B) to launch the New Superscope Wizard.
  4. The wizard prompts you to enter a name for the superscope. We'll just call it MySuperscope.
  5. On the next screen, you'll be asked to select a scope(s) to add to the superscope. You'll see the list of available scopes--in our example, just 192.168.0.0 (Figure C) Select it and click Next.

Figure B

The first step in creating a superscope.

Figure C

Adding scopes to the superscope

The final screen of the wizard informs you that you have successfully completed the New Superscope wizard and gives you the details (Figure D). If you go back into DHCP, you'll see that the new superscope has been created.

Figure D

The last screen of the wizard showing the details of the new superscope.

Adopting another child

Now we're ready to create our brand new child scope that will be watched over by our superscope.

  1. Open DHCP.
  2. Right-click on the DHCP server.
  3. Select New scope (Figure E) to launch the New scope wizard.
  4. Choose a name and description for the new scope. As our first scope in this example was called Scope1, we'll just call this one Scope2.
  5. The wizard will prompt you to add an IP address range. We'll choose a range from the Class C range 192.168.1.0. (We could also have chosen 192.168.2.0, 192.168.3.0, etc., but we'll stick to ... 1.0, as it follows logically on our first range). As for start and end address, we'll select all available addresses, starting with 192.168.1.1 and ending with 192.168.1.254. Note that the wizard will automatically complete the Length and Subnet Mask fields (Figure F).
  6. On the next screen, you can choose which range of addresses you want to exclude, if any.
  7. Now, you get to select the duration of IP address leases. The default is eight days.
  8. The wizard then gives you the opportunity to configure DHCP options. You can choose to do it now or wait until later. Note, however, that you have to configure the most common options (like DNS server address and default gateway) before clients can use the scope, so now is as good a time as ever to do it. Just use the same options as your existing scope.
  9. After configuring the DHCP options, you are asked whether you want to activate the scope now or later. Once activated, you're done.

Figure E

The New scope wizard will walk you through the steps of creating a scope.

Figure F

The address details of the new scope, with a little help from the wizard.

Figure G shows our superscope and two child scopes. Notice the red downward pointing arrow to the right of the toolbar. Don't worry--it doesn't mean your superscope is down. You click on the arrow to deactivate a scope or superscope. Warning: Do not deactivate a superscope unless you want to get rid of all its member scopes!

Figure G

The new scope and the two child scopes.

One last step

You now have what is termed a multinet--multiple subnets on a single physical network. But you're not quite there yet. Yes, you have an additional scope; yes, you have a superscope. But your superscope won't assign IP addresses from the new scope. And even if you add a static address from the pool to a client machine, you'll notice that you can't browse the network.

You still need to add the route to your DHCP server's network adaptor, and if you have a router, you'll want to add the IP address to it as well. Here's how to add that new address to your NIC:

  1. Open your Local Area Connection and click on Properties.
  2. Highlight Internet Protocol (TCP/IP) and click on the Properties tab to open the properties screen shown in Figure H.
  3. Click on Advanced which will take you to Advanced TCP/IP settings.
  4. Select Add. A window will open where you have to add the new IP address (Figure I). Enter the address and click Add.
  5. The next window will show both your IP addresses. Click OK, OK again on the next screen, and Close and you're done.

Figure H

The TCP/IP properties screen.

Figure I

Here, you add the address of your new subnet.

Now, if you add an address from the new subnet as a static IP address to a client machine, you should be able to browse the network.

I won't go into the details of adding the new IP address range to a router's Ethernet interface, but if you're Cisco certified, you'll find it to be a simple procedure. (If you don't know your way around a router, though, steer clear.)

The commands to add an IP address to an interface look something like this (depending on the interface and address):

int e 0/0

ip address 192.168.1.0 255.255.255.0

But you're adding a second address to the same interface, so you have to add the keyword secondary to the command. So to add the address range from our new child scope, the command would be:

int e 0/0

ip address 192.168.1.0 255.255.255.0 secondary

Help for remote subnets

So far, we have assumed you have a single physical subnet. But what if you have another one (let's call it physical subnet B) and you're running out of IP addresses there? We're assuming that your DHCP server on subnet A supplies addresses to subnet B. A superscope will also come to your rescue in a scenario like this--with a little help from a relay agent.


Note

A relay agent is a program that relays DHCP/BOOTP messages between clients and servers on different subnets.


Warning: Do not attempt to set up your DHCP server as a relay agent--it won't work as a DHCP server any longer. Instead, try to relay any DHCP requests from clients to "another" DHCP server.

To supply IP addresses from a DHCP server located on subnet A to clients on another physical network--subnet B--you'll set up a superscope on subnet A. To this superscope, you'll add one or more child scopes, which will supply IP addresses to clients on subnet B.

Because you're concerned only with creating additional scopes to support clients on subnet B, you don't need to include the scope for subnet A as part of the superscope.

As most--probably all--modern routers have DHCP/BOOTP relay agent support, as described in RFC 1542, you probably won't need to set up another server as a DHCP relay agent. So all you'll need to do is configure the router (or have it configured) with its relay agent set to point to the IP address of the DHCP server.


Note

Although you could set up an NT server or workstation as a DHCP relay agent, you can do this only on a server with Windows 2000 server and Windows Server 2003.


25 comments
robertparten
robertparten

Just pointing out something: ip address 192.168.1.0 255.255.255.0 Is a subnet number itself and not an actual IP. This would fail to work on any platform when attempting to configure. Neither the subnet number or the broadcast number can be used as an Interface IP.

usa25506
usa25506

Its nice article. I want to ask that if I created one superscope which defines network (no ip address to lease) and one scope which defines network (new network) as defined above, so would I have to add a router also to make the two networks communicate with each other. So that clients from one network can communicate with clients on another network.

deepak_895
deepak_895

how to configure vpn server in windows server2003 step by step

bwalker
bwalker

I read this article with interest because, as opposed to supernetting, I wouldn't have to track down all the static IP devices on the network and change them. The problem, then, is that these instructions don't appear to work when I perform them on my Windows 2000 server. Perhaps there's not enough detail, but I can't get the new scope to be recognized on the network. And it's hard to find much other documentation about superscoping, either.

louisn
louisn

Just some general observations regarding some of the comments: It was never the intention to propose superscopes as a solution to all subnetting needs - far from it. As is made clear in the article, it's a proposed solution for a small company on a tight budget - i.e., no new routers, DHCP servers, etc. It's presented as a quick, easy and cost-effective solution. Complicated (as someone suggested)? No - extremely simple. Also, as stated in the article, what if there's no need for another physical LAN? Of course you should keep broadcasting in mind - but we're not talking about thousands (or even a thousand) addresses here - it's about a child scope for a Class C address range. I'd say, as a general rule, if you're nearing the halfway mark of the second scope, it's time to start seriously planning another physical subnet. VLAN's? Again - this is a small company on a budget, remember? You'll need managed switches - expensive items.

Jaqui
Jaqui

if your block of ipv4 addresses isn't large enough to meet your needs, then switch to ipv6, where there are enough ip addresses for every electronic device we currently have made, and will make for the next 150 years to have one permanent ip address. a complete non issue.

paul.anderson
paul.anderson

This seem to be a very complicated solution for such a simple problem. First. Shame on you if you are connecting all your users to the internet with internet routable addresses; they should be behind a firewall or router capable of using PAT. ALL users should have private address space. If you need more that 254 address on a single physical network; use subnet masking. Example - The pool address of 192.168.0.0 /22 will provide 506 or so addresses. Move that mask to /22 and you have over a thousand addresses. Not that I would ever recommend putting a thousand users on a single unrouted segment.... but you could! Did I miss something on the original questaion?

georgeou
georgeou

You're essentially running 2 subnetting schemes on a single physical network segment. All traffic between the subnets have to ride a single interface to the router before it can return over the same interface to get back to the network. It does have the advantage of limiting the broadcast domain though.

JodyGilbert
JodyGilbert

Have you come up against the problem of insufficient IP addresses? What solutions have you considered?

iainwrig
iainwrig

What kind of small company with no budget needs 250+ ips?

Justin James
Justin James

"It was never the intention to propose superscopes as a solution to all subnetting needs - far from it. As is made clear in the article, it's a proposed solution for a small company on a tight budget - i.e., no new routers, DHCP servers, etc. It's presented as a quick, easy and cost-effective solution. Complicated (as someone suggested)? No - extremely simple." My budget would have to be "$0" to do this. I know, because I did it for a bit of time, and it was a complete mess, because I could not get sign off to have another network port installed near my equipment. The $100 for the network drop and the 2 hours of my time in the evening watching the cable guy do it was well worth eliminating the headaches of carrying 2 logical networks on 1 physical wire without VLAN protocols. "VLAN's? Again - this is a small company on a budget, remember? You'll need managed switches - expensive items." For under $500 you can buy a managed switch with 24 GigE ports. That is a pretty nice price! And a company that needs less than 24 ports, what are they using? $50 8 port unmanaged switches? If so, they can go buy another $50 switch, and make a VLAN like that! "VLAN" just means "doing with one physical network what you would normally do with two physical networks." If a dinky managed switch is too rich for your blood, then just do it with multitple physical switches. And no to sound crazy, but any network infrastructure large enough to justify any of this is probably going to have managed switches anyways. J.Ja

Madsmaddad
Madsmaddad

Not if you are still on NT4, or perhaps using XP-Home edition. They do not support IPV6 he-he-he As my students discovered! - part of teh learning process.

georgeou
georgeou

" The pool address of 192.168.0.0 /22 will provide 506 or so addresses." You mean /23. That will give you 512 - 3 = 509. "Move that mask to /22 and you have over a thousand addresses" That will give you 1024 - 3 = 1021 usable host addresses.

jfowler
jfowler

I agree, resubnetting is the recommended solution from Microsoft: http://support.microsoft.com/?kbid=255999 All you have to do is set your subnetmask. However, its 192.168.0.0/23 (subnetmask: 255.255.254.0) that provides 510 available addresses. 256*2-2 = 510 192.168.0.0/22 (255.255.252.0) gives you 1022 available addresses: 256*4-2 = 1022

Justin James
Justin James

I had to do this recently due to limited network ports near some networking equipment. Periodically, the Linksys router would bug out and start flooding the network, shutting down all LAN & WAN traffic. I do not recommend putting two logical networks on the same physical network unless you have a really, REALLY good reason to do so. NICs are cheap, downtime is not. J.Ja

jerome.koch
jerome.koch

It would entail some work, but you would never have to worry about growth for a very long time. What happens when you have 200 end users, 15 network printers, etc... and the owner wants to go VOIP? You just added at least 200 more nodes to your LAN.

lesko
lesko

While it does allow you to have more IPs and thus more clients into the network. You are now expanding the size of your broadcast domain, so depending on the applications you run in your network it may or may not be ok to do so. I read somewhere that 20% broadcast rate is as high as it should go so if you look at your broadcast rate and its nearing this number then getting another interface in your router and VLANing your switch might be a better way to go and you dont even have to get another DHCP server just use IP Helper address (or equivalent) and create another scope on your server.

ardrighan
ardrighan

We're a small nonprofit, about 130 machines, 10 networked printers, six servers and fifty people using remote access. We have no budget because we're a nonprofit that serves abused and neglected kids and our funding from the gov't is nonexistant and we have to fundraise, so IT gets the short-shrift. Because of the remote access part, 50 computers take up 100 IP addresses (one for the work machine, one for the remotely connected home machine). To go around and dump every last subnet statically set on each server, printer and computer in this agency when we're a two-man band would be a nightmare, and in this scenario, we're only rolling over into the additional scope by 2 or 3 addresses, once in awhile. It makes much more sense to do it this way for us, than to resubnet. Long-term we will have to resubnet, but this is a great solution for us and hasn't resulted in any additional traffic or any additional time or money.

Deaco
Deaco

"What kind of small company with no budget needs 250+ ips?" A very poor school district. Thats the situation I found myself in.

Jaqui
Jaqui

of the software vendor. :p all operating systems worth using will default to ipv6. [which lets ms stuff out of the running, ms hates ipv6 ]

georgeou
georgeou

I would say the only time this is valid is when you're doing an IP scheme migration and you want a seamless transition. It should not be a way of life.

jerickson
jerickson

Vista ships with ipv6 installed and running by default. The main problem I think most small businesses will have with ipv6 is that a large amount of the infrastructure out there (routers and switches) don't support ipv6. Most people need internet access, if their router doesn't understand ipv6 and they're out of ipv4 addresses, not much they can do.

Editor's Picks