Orbi WiFi 7 RBE973
Reply

SRX5308 - Multi-homing / Connecting subnets

kanfa
Aspirant

SRX5308 - Multi-homing / Connecting subnets

Hi! I've reached the point where I've exhausted my primary DHCP scope (e.g. 10.10.10.x) and need to create a secondary scope (10.10.11.x). DHCP is handled by the server, and a superscope has been configured, no sweat.

On the SRX I've added 10.10.11.1 as a secondary address under "LAN Multi-Homing". The result is that computers in scope #2 can access the internet, but I am unable to communicate between the subnets. Seeing that all servers are in scope #1, it is important that scope #2 users are able to access scope #1.

Any good ideas?

- Ivar
Message 1 of 8
fordem
Mentor

Re: SRX5308 - Multi-homing / Connecting subnets

Have you, by any chance, configured VLANs on that SRX? In my experience, just configuring the "multi-homing" allows communication between the subnets. If you have configured VLANs, you need to enable interVLAN routing. You can also try creating a static router - which in my opinion should not be necessary, as soon as you add the secondary address, the router should automatically "learn" the routes to directly connected networks. A few more points ... First - you're using a class a private address range, it's theoretically impossible to exhaust the DHCP scope, assuming it has been properly configured, a class a network can have over 16 Million hosts, and there would be no need for supernetting. Second - how are you trying to reach the servers? Have you tried pinging them by ip address? If you subnet a class a down to a class c, which is what I suspect you are doing, you may run into an issue where NetBEUI name resolution fails because they can no longer communicate with each other via broadcasts. There comes a point when it becomes necessary to really understand how a network functions, and when you have more than 254 hosts on a single LAN, I think you're long past that point. Allowing a small network to just grow rather than planning for that growth is a ticking "time bomb", either seriously consider getting some networking education, or hiring someone who already has.
Message 2 of 8
adit
Mentor

Re: SRX5308 - Multi-homing / Connecting subnets

Just change the network from a /24 to a /23. (255.255.255.0 to 255.255.254.0) This will add another 255 hosts for you to use. Change it in LAN Settings in the router, expand the original scope in the DHCP server, and reconfigure the subnet mask in any static devices. This way there is no multi-homing and no additional VLANs. You'll have one simple flat network.
Message 3 of 8
kanfa
Aspirant

Re: SRX5308 - Multi-homing / Connecting subnets

Thanks for your input, guys. I haven't done anything since I posted, but today it works. That lovely feeling. :rolleyes:

Answers to fordem's points:

First: Bad choice of words. The scope isn't exhausted, but the 150 addresses I have chosen to assign to DHCP for my 40 users were all used in two days with a LOT of visitors. So I need to assign more IP addresses for such cases. The easiest solution is to add a new subnet, and in that case I need a gateway in the new subnet. Enter "multi-homing".

Second: Both subnets are class A. Name resolution, ping and general access works. At least NOW. Why I was unable to connect last week (I didn't try yesterday) with the same setup is beyond me.

I won't claim to be a network expert, but I'm not a complete n00b either. 😉

Adit; thanks for the suggestion. I might consider changing the mask later on, but I need to plan for that including multiple static devices and VPN connections...

- Ivar
Message 4 of 8
fordem
Mentor

Re: SRX5308 - Multi-homing / Connecting subnets

Definitely a bad choice of words, anyone who has the smarts to limit the DHCP pool in that manner has to have a pretty good idea of what they're up to - let me make a suggestion from a different angle - I'm not certain if you can do this with the SRX, but I can do it on the FVS318N, so I think the SRX should have the capability. I'd like to think that you did not have 90 visitors all at the same time, so the problem would actually have been a shortage of available addresses, even though many of those allocated were not in use. This not normally an issue unless you're in any environment where there is a rapidly changing client population - my suggestion is to shorten the lease duration, rather than adding more.
Message 5 of 8
kanfa
Aspirant

Re: SRX5308 - Multi-homing / Connecting subnets

When all 40 in-house clients are connected both locally and wirelessly, all users have smarphones on WLAN - well that's 120 addresses out of 150. Add the odd VPN connection and near 30 guests, and voilà. The dumbest config-issue is that I'm not running DHCP until .100 upwards, but I need to verify existing static addresses before reconfiguring it.

I've already shortened lease time to 48 hours. I can of course cut it to the bone, though. Anyway, the superscope works just fine now - except that the IPSec VPN connection to a secondary office won't let those user through... Yeah well.

At least the SRX5308 multi-homing works! :cool:
Message 6 of 8
Roms47159
Aspirant

Re: SRX5308 - Multi-homing / Connecting subnets

So I need to assign more IP addresses for such cases.

Message 7 of 8
XavierLL
NETGEAR Employee Retired

Re: SRX5308 - Multi-homing / Connecting subnets

Hi,

 

Another suggestion to have a better control about the DHCP scope and the different networks is to implement VLANs. In this case you will need to configure it on the SRX5308 and in the switch, however it will give you the granularity level to control guest access and specify a

 

Please have a look in the following configuration example:

 

http://kb.netgear.com/app/answers/detail/a_id/8898/~/how-do-i-set-up-one-or-more-vlans-between-a-net...

 

Hope that it helps!

 

Xavier Lleixa

NETGEAR CBU PLM

Message 8 of 8
Discussion stats
  • 7 replies
  • 36807 views
  • 5 kudos
  • 5 in conversation
Announcements