[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Setting up DHCP for multiple subnets on Windows Server

Posted on 2007-07-25
23
Medium Priority
?
329 Views
Last Modified: 2008-01-09
going to be setting up a dhcp server...i have multiple subnets that i want it to serve. does the scope answer to whichever subnet (default gateway) requests it? Please explain to me how to do this..

Thanks Experts!!
0
Comment
Question by:jaysonfranklin
  • 7
  • 7
  • 6
  • +1
23 Comments
 
LVL 28

Expert Comment

by:peakpeak
ID: 19569855
Most easlily you set up a DHCP server in each subnet. More easy to troubleshoot, more easy to maintain. Don't complicate things. (You can install the DCHP service on any server in that subnet, no workload)
0
 
LVL 31

Expert Comment

by:merowinger
ID: 19569856
u could configure mac address bindings to assign a client to a specified subnet
0
 
LVL 28

Expert Comment

by:peakpeak
ID: 19569870
To configure a mac address (static) thakes the idea out of DHCP altogether
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
LVL 31

Expert Comment

by:merowinger
ID: 19569920
surly but he can assign all clients to a specified subnet....and they still get the ip from the subnet automatically
0
 
LVL 28

Expert Comment

by:peakpeak
ID: 19569948
And what about when you add new workstations or change network cards? Maintaining a list of MAC addresses is as boring as maintaining a list of equally static IP addresses. The goal of DHCP is to get off that load
0
 
LVL 31

Expert Comment

by:merowinger
ID: 19569995
yes your right but u say more scopes = more dhcp server
--> Means for me: Additional Hardware and Software (licences..)
0
 
LVL 28

Expert Comment

by:peakpeak
ID: 19570048
You're correct but if he actually HAS more subnets, there is no reason to have them without having computers on'em, right? Thus each subnet would easily host a DHCP server on any computer residing there. You can even have several in case one goes down, just split the scopes
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 19570174
How are the subnets routed on the network?
Are you using vlans? routers? Does the server have a nic for each subnet?

The best-practice method is to create a scope on the dhcp server for each subnet you wish to assign then use either ip-helper addresses if you are using Cisco kit or dhcp relay services if you are not. Still on the best practice kick, it is best to have two dhcp servers if you can then you can split each scope range in half - with each dhcp server taking half each. Here, if you lost a dhcp server, you would still have another supplying all scopes.

Sorry, missed the last part of your question. DHCP is a broadcast so the request would be sent to the braodcast address of ff-ff-ff-ff-ff-ff (not the default gateway as at this point the workstation knows nothing about any ip addresses - as it doesn't have one). Broadcasts are not routeable so in normal circumstances the broadcast would just die if no dhcp server is available on that subnet to service the request. IP helper address/dhcp relay services pick up the broadcast and redirect the request to a specific ip address (the ip of a valid dhcp server). Because that redirection is now a specific, targetted request this can be routed across the network to the dhcp server. The dhcp server knows that the originating request came from (for example) a mac address on the 192.168.100.0 subnet as this info is passed by the helper/dhcp relay device. As long as the dhcp server has a scope for the requesting device, it assigns the ip address and passes this back to the ip helper/dhcp relay device. This is turn passes the newly assigned IP address and other details etc to the original requesting client machine.



0
 
LVL 28

Expert Comment

by:peakpeak
ID: 19570230
keith is correct but I still claim: Don't Complicate! One or maybe two DHCP servers on each subnet
0
 
LVL 28

Expert Comment

by:peakpeak
ID: 19570284
You have a stable network, how many times a year do you change topology? Never !
Thus be SMART, One server per Subnet, easy to maintain, self-contained, no need for contact with other subnets or servers. All subnets are indepenable of other DHCP server, you can restart one without affectingt the others .... in a nutshell .. Go For It !!!!!
0
 
LVL 1

Author Comment

by:jaysonfranklin
ID: 19570547
peakpeak...thank you very much for your input. It would seem like the better way to go, however, there are about 7 subnets which would add a ton of overhead...

keith thanks for pickin this one up...i know your a cisco guy so hopefully you can help me. I am using vlans on a cisco 3560 switch. I can use the layer three capability of the switch to route between them. I also have a pix which is the exit\entry point of the network. Will the pix have to know about each of these networks as well? I would really rather have the one dhcp server thats running already handle all the requests..
0
 
LVL 28

Expert Comment

by:peakpeak
ID: 19570633
ok, jay, good luck with all the complexities you'll meet ... you'll eventually resort to my solution
0
 
LVL 1

Author Comment

by:jaysonfranklin
ID: 19570721
peak...wow...my whole time on this site, I've never had somebody try to push their opinion on people as much as you....you know, there IS more than one way to skin a cat. I've never been scared of complexities...maybe you should try to do something more complex once in a while instead of dedicating a ton of hardware all over your network for such a simple little service. btw, i'm sure keith will have a resonable solution that isn't as complex as you think it will be.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 19572246
in fairness Peaks answer will work but I would hate to go to my boss and try to argue the business case. Adding another two dhcp servers everytime I added another subnet/vlan would not exactly be a scaleable solution. A single dhcp server is certainly a single point of failure so you need to be aare that this is a definite risk.
 
The Pix needs to know about all specific routes as it will send all traffic that is NOT specific to its default gateway which is generally through the outside interface to the internet. Not sure what model of Pix you have but it should have a number of additional route statements - one for each route that is available through the internal interface. If the internal routes can be summarised then you may only have the one for the internal.

For example, my organisation runs some 130 vlans in our main building to keep the broadcast traffic to an absolute minimum. All of these subnets are on a class C subnet ie 172.19.1.x, 172.19,2.x - each with a 255.255.255.0 mask but I can summarise the route statement on the pix to cover them all by using a route inside 172.19.0.0 mask 255.255.0.0  172.19.200.2 command so the pix knows that traffic destined for anything that starts 172.19 should be routed internally. (172.19.200.2 is the ip address of the router that connects my internal network to the pix which is on 172.19.200.1).

I assume you are creating the vlans on the 3560 switch(es) and just assigning the switchports to the vlans you want?
What is providing the layer 3/routing function to each of the vlans to talk to each other? Are you using the SVI options on the 3560?
What version of IOS are you using on the 3560's?







 
0
 
LVL 1

Author Comment

by:jaysonfranklin
ID: 19576350
Yes, I am creating the vlans on the 3560 switch(es) [3-48ports] and just assigning the switchports to the vlans I want. - all running 12.2(25)SEE2 w/ EMI image
Yes, I would like to let the 3560 closest to the pix handle all the routing. What is the best way to do this? Should I just use RIP or EIGRP since it's all cisco gear? right now i have a 'router rip' running with all the vlan networks added..
and the internal networks are on a 192.168 with the vlan networks starting at 201.1 up to 207.1 so I could summarize by a  'route inside 192.168.0.0 mask 255.255.0.0  192.168.10.1'
assuming your 172.19.200.2 is the inside int of the pix right?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 19576457
<<<172.19.200.2 is the ip address of the router that connects my internal network to the pix which is on 172.19.200.1).
>>>

The route command on the pix will have a keyword {interface} associated it to tell it which interface to route the summarised traffic towards. The IP address on the pix route command is the next hop so would be the ip address on the 3560 that the PIX connects to.

Router rip is fine although I would have used router eigrp. I know it is proprietary but I still prefer it.
0
 
LVL 1

Author Comment

by:jaysonfranklin
ID: 19576872
Cool Thanks a bunch. Would you mind telling me the IP Helper syntax to pass along dhcp traffic from each vlan to the dhcp server or how i would go about doing that?
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 19577144
Sure

This is the guide on the process for the 3560
http://www.cisco.com/en/US/products/hw/switches/ps5528/products_configuration_guide_chapter09186a00802b7be3.html

Process to implement - I've pu them all here as I don't know how far you have gor with your configs. However, the guide can be found in the same document. Just search it for ip-helper

Step 1  
 configure terminal
 Enter global configuration mode.
Step 2  
 interface vlan vlan-id
 Enter interface configuration mode, and create a switch virtual interface.
Step 3  
 ip address ip-address subnet-mask
 Configure the interface with an IP address and an IP subnet.
Step 4  
 ip helper-address address
 Specify the DHCP packet forwarding address.
The helper address can be a specific DHCP server address, or it can be the network address if other DHCP servers are on the destination network segment. Using the network address enables other servers to respond to DHCP requests.

If you have multiple servers, you can configure one helper address for each server.
Step 5  
 exit
 Return to global configuration mode.
Step 6  
 interface range port-range
or
interface interface-id
 Configure multiple physical ports that are connected to the DHCP clients, and enter interface range configuration mode.
or
Configure a single physical port that is connected to the DHCP client, and enter interface configuration mode.
Step 7  
 switchport mode access
 Define the VLAN membership mode for the port.
Step 8  
 switchport access vlan vlan-id
 Assign the ports to the same VLAN as configured in Step 2.
Step 9  
 end
 Return to privileged EXEC mode.
Step 10  
 show running-config
 Verify your entries.
Step 11  
 copy running-config startup-config
 (Optional) Save your entries in the configuration file.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 19614679
Thank you :)
0
 
LVL 1

Author Comment

by:jaysonfranklin
ID: 19618626
No, Thank you!
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 19619323
One other thing that may be worth mentionng. The helper-addresses are used in order. ie Tries to use the first listed, ten te econd if the 1st does not respond.

On my own networks I always put in even-numbered vlans wit ip heelpe 1 ten on the next line the ip helper 2 address
On odd-numbered vlans I put in helper address2 on the 1st line and helper address1 on the 2nd, just helps to balnace thing out.

Regrds
keith
0
 
LVL 1

Author Comment

by:jaysonfranklin
ID: 19625921
So, you balance your vlans accross 2 dhcp servers...got it. Thanks again!
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 19626561
Absolutely - spot on. As you put halsf of the scope range on each dhcp server say x.y.z.10 - 126 on one dhcp server for vlan xx and then 128 - 254 on the second dhcp server for the same vlan xx. Repeat for all vlans and you have both load balancing and failover.

Cheers
keith
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question