1. Audit the range that your DHCP database holds.

• Have any of the entries been superceded, possibly if a PC is discarded but is still listed, remove these.

• Are there any duplicated entries; a PC with two NICs (e.g. a wired NIC and a wireless NIC) may be using two addresses. Determine which is most likely to be in use and remove the other entry.

2. Reduce the "Duration" of the DHCP leases inside the DHCP scope

• this will allow any unused leases to be purged more quickly. You may find that laptops acquire multiple addresses if you allow wired and wireless connections.

3. Create an internal LAN for local devices

• Some devices in the scope do not need to have external access, e.g. printers and wireless access points, these do not need to be accessed using a broadband address to allow them to be used, but will need any managing devices (such as print servers and management consoles) to be able to connect to them.
• set up a separate IP strategy for these, using a different IP range, such as 192.168.1.0/24. The DHCP server and the printer server should be given additional addresses from this range (Click Start..Settings..Control Panel..Network Connections..Local Area Connection..Properties..Internet Protocol..Advanced to set a secondary IP address on the same network interface.)
• You may need to individually assign IP addresses to the devices and manage this list yourself
• Alternatively, fit a second NIC to each managing PC, and set up a separate LAN (with separate switches from the broadband LAN), again use the 192.168.1.0/24 range but this LAN could have its own separate DHCP server.

4. Set up an internal IP space for all workstations with a larger scope

• Obtain separate switches to use on the broadband LAN
• Move the broadband connection to this LAN
• Designate or set up a routing server, install a second NIC into this server, connect one to the broadband LAN (external) and the other to the school LAN (internal)
• Change the internal LAN DHCP scope to 10.0.0.0/22
• Set the routing server's internal NIC to a static address from the 10.0.0.0 scope, this address will be the new DHCP gateway address. Set the server's external NIC to have valid settings on the broadband range.
• Configure the routing server to use Routing and Remote Access
• Allow inbound rules to any servers that need to be administered by third parties, such as SMIS
• Other servers may also need connections to both LANs, by the addition of second NICs connected to the external LAN

5. Obtain Microsoft ISA server and set up a full firewall solution for your LAN

• This follows the process described in section 3, but gives greater security (and increased management requirements) to the routing solution described, and would probably only be sensible for larger estates (e.g.over 1000 systems)
• For larger LANs, it is also recommended that the estate is "sub netted" to reduce congestion between segments. The ISA server may need separate NICs for each subnet.

This is quite a complicated process and as such should not be attempted without due consideration:

• Audit what you've got before you start, consider any software that may have IP addresses embedded into it, AV, DNS, printer drivers, multi user applications, security tools
• Back up everything before you start
• Give yourself enough time, e.g do this in a holiday.
• Contact Broadband Sandwell if you want assistance.

A note about DHCP

It is our experience that while DHCP issues IP addresses according to its own rules, workstations will usually be given the same IP address from one session to the next, unless other factors prevent it, such as when the range has more clients than its available IPs, or if a PC is rebuilt, or if the range changes.

The dialogue to obtain an address is as follows:

(client) (broadcast) "is there a DHCP server?

(server) "Yes, that's me"

(client) "I had xx.xx.xx.xx IP last session, can I have an IP address"

(server) (checks to see if xx.xx.xx.xx is available, if so), "Use xx.xx.xx.xx"

(server) (if not), "Use yy.yy.yy.yy"