Posted on 2006-10-26
We have the following network - PIX 506e--->Cisco 3550/2950 switches----> clients - all one VLAN (1).
We will shortly be upgrading the PIX OS to be able to handle two VLANs. VLAN2 will be for guests to use...we would like this to have access
to the internet only, therefore no inter-vlan routing.
The issue is how the clients in VLAN2 will pick up an IP address. I was thinking of creating a new scope on the DHCP server (which is in VLAN1) along with ip-helper address. Am I right in thinking -
i) If I create a scope on the DHCP server for VLAN2, it will automatically dish out addresses in the 192.168.2.0/24 subnet because it knows that the request came form VLAN2? Likewise, it will continue to give out 192.168.1.0/24 addresses for clients in VLAN1?
ii) The ip helper command does not enable intervlan routing, it simply allows the movement of DHCP messages between VLAN1's one and 2?
Or is it better to create a new DHCP server on VLAN2 so that there is no links between the two networks?
Would be grateful for thoughts from anyone that has implemented such a solution...
Thanks in advance.