Why does the Windows DHCP server hand out a non-configured subnet mask

dhcp-serversubnetwindows-sbs-2011

We run the DHCP server role on our domain controller (Windows SBS 2011).

We want our LAN subnet to be restricted 10.1.1.0/24 (unsure if this is the correct notation but our subnet to be restricted the address block 10.1.1.1–255)

We have manually set the DHCP scope as follows:

  • Range: 10.1.1.1–255
  • Sbnet mask: 255.255.255.0
  • Default gateway: 10.1.1.1
  • DNS server: 10.1.1.2

But for some reason Windows server defaults the scope description to: 10.0.0.0 and dynamically hands out subnet mask of 255.0.0.0
to client devices.

  1. Why would the DHCP server be doing this? Have I missed something?

If my client devices are assigned with IP settings like:

  • IP address: 10.1.1.10
  • Subnet mask: 255.0.0.0
  • Default gateway: 10.1.1.1
  • DNS servers: 10.1.1.2 & 208.67.222.222

Then:

  1. Would having all my LAN devices assigned subnet mask of 255.0.0.0 (even though I want the subnet to be 10.1.1.1–255) result in network address resolution problems?
  2. What kind of problems could come about from using this subnet mask of 255.0.0.0 (instead of 255.255.255.0) ?

Best Answer

We want our LAN subnet to be restricted 10.1.1.0/24 (unsure if this is the correct notation but our subnet to be restricted the address block 10.1.1.1–255)

You should know that 10.1.1.255 is NOT a valid HOST address for a DHCP range if the network is 10.1.1.0/24 (because 10.1.1.255 is the broadcast address of that network). However IT IS a valid address for network 10.0.0.0/8. May that be the reason why your DHCP assumed this network? Can you try setting the range of the DHCP to a smaller pool, like 10.1.1.100 to 10.1.1.254?

I am not saying that is for sure the cause, but it may be worth looking into it.

Further Information

I have never used SBS, however, I can tell you that 10.x.x.x, the network assumed by the SBS, is the standard addressing for class A networks per IANA standard RFC 1918, while 192.168.x.x is for class C networks (/24). This may be another reason why the DHCP server may be assuming the 10.0.0.0/8 network when you set up the network.

Again, I have never worked over a Windows SBS, but I am certain that Windows Server 2003, 2008 and 2012 will allow you to override the suggestion from the server, so I bet there is a misconfiguration unless this is a limitation of SBS.

Would having all my LAN devices assigned subnet mask of 255.0.0.0 (even though I want the subnet to be 10.1.1.1-10.1.1.255) result in network address resolution problems ?

What kind of problems could come about from using this subnet mask of 255.0.0.0 (instead of 255.255.255.0) ?

You could use a /8 network, even though you will be using a huge network for your needs. However, you will face difficulties when trying to segment that network, you won't be able to use any other piece of the 10.x.x.x, as they will all be the same initial network, you will have a single gateway (10.1.1.1).

If at some point you get a bigger network, and you want to generate vlans to separate traffic (for instance CCTV which usually handles big amounts of constant traffic) you will have to create a network outside 10.0.0.0/8, one in 192.168.x.0/24 or 172.16-31.0.0/16.

My suggestion is, check twice if you cannot change the netmask on the pool in the DHCP server, if it does not allow you to do so (and throwing it away is not an option), you may:

  • Change the addressing to 192.168.1.0/24 with host addresses ranging from 192.168.1.1 to 192.168.1.254.
  • Use the network as is, but document it as it really is, it is a 10.0.0.0/8 and every section that uses addressing 10.x.x.x will be the same network. Configure all your networking devices using this network.
Related Topic