Solved

DHCP/VLAN question

Posted on 2006-10-26
5
478 Views
Last Modified: 2010-03-19
Hi

We have the following network - PIX 506e--->Cisco 3550/2950 switches----> clients - all one VLAN (1).
We will shortly be upgrading the PIX OS to be able to handle two VLANs. VLAN2 will be for guests to use...we would like this to have access
to the internet only, therefore no inter-vlan routing.

VLAN1: 192.168.1.0/24
VLAN2: 192.168.2.0/24

The issue is how the clients in VLAN2 will pick up an IP address. I was thinking of creating a new scope on the DHCP server (which is in VLAN1) along with ip-helper address. Am I right in thinking -

i) If I create a scope on the DHCP server for VLAN2, it will automatically dish out addresses in the 192.168.2.0/24 subnet because it knows that the request came form VLAN2? Likewise, it will continue to give out 192.168.1.0/24 addresses for clients in VLAN1?
ii) The ip helper command does not enable intervlan routing, it simply allows the movement of DHCP messages between VLAN1's one and 2?

Or is it better to create a new DHCP server on VLAN2 so that there is no links between the two networks?

Would be grateful for thoughts from anyone that has implemented such a solution...

Thanks in advance.
0
Comment
Question by:Dilan77
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 27

Accepted Solution

by:
pseudocyber earned 250 total points
ID: 17812984
IP helper would have to ROUTE the request onto Vlan1.  So, how are you going to do that without routing the vlans?

Perhaps the PIX could run a DHCP service for vlan2?
0
 
LVL 3

Expert Comment

by:mahe2000
ID: 17813480
you have to create a new scope in the DHCP server for the other vlan and set in the switches your iphelper for the services dhcp and or bootp.
0
 
LVL 1

Expert Comment

by:Sean64
ID: 17813771
You could create the DHCP scope on the server like you suggested to begin with, using the helper address.  Then create an access list that only allows the gateway (192.168.2.1) to route to the 192.168.1.x network.  Since dhcp is being retransmitted by the gateway, the access list will let that traffic through, but once the guest PC has an IP, it will no logner be able to route to the main VLAN.
0
 
LVL 1

Expert Comment

by:igmp
ID: 17818723
I have to say your own thoughts are aright.
0
 
LVL 2

Author Comment

by:Dilan77
ID: 17842920
I think I'll go with the first suggestion, using the PIX as a DHCP server for that interface sounds best.

Thanks all for their input though.
0

Featured Post

Increase Agility with Enabled Toolchains

Connect your existing build, deployment, management, monitoring, and collaboration platforms. From Puppet to Chef, HipChat to Slack, ServiceNow to JIRA, Splunk to New Relic and beyond, hand off data between systems to engage the right people.

Connect with xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question