Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 417
  • Last Modified:

DHCP woes

I would like to help a school who is having problems in a mixed Mac and Windows environment (mostly Mac workstations with a handful of Windows XP workstations).  One of the problems appears to be the proliferation of DHCP servers.  For example, they have a Mac server (running ancient Mac OS 8.6) that acts as the primary DHCP server.  They also have a DHCP server available on their Windows server, the DSL router, the SonicWALL firewall box, and at least two or three other wireless routers (both Linksys and Mac Airport) scattered around the school.  I have turned off DHCP on all devices except the Mac Server, but I'm still getting mixed results.  I wonder if I should choose a "higher order" device, like the SonicWALL box to act as the sole DHCP server?  And that way, when I eventually turn on VPN services, the SonicWALL will be able to handle those requests also?  Does anyone have any tips or insight into the best way to implement DHCP in such a mixed environment?
0
rsochan
Asked:
rsochan
  • 3
  • 2
  • 2
  • +1
3 Solutions
 
TheCleanerCommented:
You can use pretty much any of them if they are all on the same subnet or you have setup your switches/routers to forward DHCP traffic.

I would stick with whichever you are comfortable configuring (like the mac server) and just turn it off of all the others.  If you set it up right with the right gateway, masks, etc. then it shouldn't be any problem.

The "easy" alternative is to also allow ALL of them to run DHCP but just make sure their scope IP addresses don't overlap...then it won't matter which ones hand out the IPs, they won't conflict.  Plus you'll have multiple DHCP servers for redundancy in case the server drops.
0
 
tiggrdaveCommented:
I am all in favor of no single point of failure in a network. Therefore having more than one server answering requests is actually a good thing. You will however  need to throttle the number and range of IP addresses that each can serve.  

For example:

Server One <mac>  Provides ip address for 192.168.200.26 through 192.168.200.50 (depending on the number of devices in total for the school).

Server Two < pc>  Provides IP addresses for 192.168.200.51 through 192.168.200.75 (again depending on the number of devices in total for the school)

This allows you to make changes to each server in future without need to  shutdown the whole system, it also provides a degree of redundancy should you have any type of outage that only affects a single server.

(I know I just stated the obvious about the failure, but I felt compelled to do so.)

I would use fixed addresses for each of the wireless routers, and would try to assign each of them an address that start a range for dhcp serving in the future, this allows for growth and additional security from outages.

Wireless Router one <Airport>   192.168.200.76
Future DHCP  serving 192.168.200.77 through 192.168.200.100

Wireless Router one <Airport>   192.168.200.101
Future DHCP  serving 192.168.200.102 through 192.168.200.125

This type of configuration also allows you to perform maintenance on any external gateway or circuit while still allowing operation of the internal network as no internal devices are being served any service other than internet.

Hope this is of some help!

tiggrdave
0
 
bkellyboulderitCommented:
If you are running Windows and you running WINS, a lot of the little cheaper devices don't give an option for a WINS server. I would then avoid those to be DHCP servers. The Sonicwall that you have is probably the best thing you have to accomplish this.

The sonicwall can allow it's VPN clients to obtain addresses from a server, not just the firewall, BTW.

The Windows server can also be a good choice. Macs can communicate with MS servers just fine, including binding to a domain (irrelevant here). I would not expect PC's to be as forgiving with the Mac OS server.

So long and short, I would probably use the Sonicwall first and the Windows server second, given your description.

My own feeling about running DHCP on the wireless routers is that there is no unified console.
Meaning if I had two windows servers both running DHCP, I can manage them from one place (or my whole domain).
If I had two sonicwall appliances in failover mode, I still only have one place to manage this stuff from.
If I have DHCP on a bunch of little devices, I have a bunch of little devices to administer.
A bit picky, but I like to centralize my administration of things. So, just a personal preference there.
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
rsochanAuthor Commented:
I like the idea of having more than one device or server acting as a DHCP server in case one fails or is down for maintenance.  However, does that cause a conflict or confusion for a client workstation if it sends out a DHCP request, and then receives more than one response?
0
 
bkellyboulderitCommented:
No. As cleaner said, just do not overlap your DHCP ranges.
0
 
tiggrdaveCommented:

No having multiple devices/servers providing dhcp services is not an issue since:

 A workstation will broadcast a request for address assignment, the dhcp service will then provide a response to the request. The first response received by the workstation will be the one used by the workstation and the workstation will make use of that ip address for the duration of the lease time allowed by the dhcp server. Additionally the workstation will notify the dhcp server of its use of the address so as to keep the server from serving that IP address to another workstation.

The only issue with using multiple dhcp servers is that a single workstation may have more than one address tied to it until the lease expires for an address that is no longer in use. For example, if you were to boot  the workstation and it received an address from the MAC with a lease time of 86400 seconds (1 Day), and you were then to reboot the workstation prior to the lease expiration time, and have an additional address served to the machine by the PC server, the workstation would then have two addresses assigned to it  1. from the mac, and 2. another from the pc. This is not an issue as long as you have more addresses for use than you have workstations. In this scenario the MAC would keep the address in an used status until after the lease expiration time has expired. It will then place the ip address back into its unused range and will serve it again upon need

Regards,
tiggrdave
0
 
TheCleanerCommented:
"The only issue with using multiple dhcp servers is that a single workstation may have more than one address tied to it until the lease expires for an address that is no longer in use. For example, if you were to boot  the workstation and it received an address from the MAC with a lease time of 86400 seconds (1 Day), and you were then to reboot the workstation prior to the lease expiration time, and have an additional address served to the machine by the PC server, the workstation would then have two addresses assigned to it  1. from the mac, and 2. another from the pc. This is not an issue as long as you have more addresses for use than you have workstations. In this scenario the MAC would keep the address in an used status until after the lease expiration time has expired. It will then place the ip address back into its unused range and will serve it again upon need"
============================================

I don't believe this is the case (I'm happy to be proven wrong though)...

If you have an IP already from a DHCP server, when you reboot you will simply keep the same IP and only send a DHCPDiscover packet if the client doesn't have an IP, otherwise it will just keep the existing address until it needs to renew (at 50% of the lease) or then send another DHCPDiscover at 87.5% of the lease duration at which point any DHCP server alive can renew the request if possible or hand out a new lease.
0
 
tiggrdaveCommented:

Hello The Cleaner,


Actually, I believe you to be correct.

The issue I referenced is one that occurred this morning on a segment of our internal network. About 15 minutes ago we found that we had configuration issues on a server's  interface/route  set-up which caused  some very strange results while rebooting  several workstations.  

Sorry for any confusion this may have caused.

tiggrdave
0
 
rsochanAuthor Commented:
Thanks to all for the help!
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now