Desperate help with VLANs and multiple DHCP scopes on Server 2003!
Alright, here's the situation.
A Verizon FiOS router heads up my network (192.168.1.1 /24), plugs into the WAN port of a Linksys WRT150 flashed with DD-WRT (192.168.2.241 /24) which controls the network in my room and plugs into the WAN port of a Cisco 871W router (192.168.3.1) that runs my Cisco lab subnet.
So...
Verizon Router -> DD-WRT Linksys -> Cisco
Each router is a separate network with static routes setup in between. Communication between networks works perfectly.
Originally I had DHCP enabled on all the routers, but I now have a Windows Server 2003 computer running DHCP and I want it to server a different scope to each network.
Server 2003 Box: 192.168.3.20 /24
I currently have a scope for the Cisco lab network, 192.168.3.0 and it assigns an address properly for the one DHCP client, my laptop, that I have hooked up right now. To keep things simple for now I have hooked the server and the laptop directly up to the Router.
Since I want multiple scopes assigned, I assigned the port that the laptop connects to as VLAN3, added a ip helper-address pointing to 192.168.3.20.
Obviously this all works fine because its all the same subnet, but now I need to be able to get this DHCP signal to the Linksys router and the 192.168.2 subnet.
How do I do this? The Linksys router is currently hooked up to Port 4 of the Cisco 871, which is configured as a WAN port. I noticed I do not have the switchport access command under this interface to add it to a vlan. Does it need to be added to a vlan, or left blank and I add the Linksys ports to a vlan?
Please help me. Where do I go from here? I am quite stumped.
Also, how does this work exactly? Does the DHCP server see that a request came from the router that was statically assigned a 192.168.2 address and then responds with the appropriate scope address to the client?
I have attached my 871 configuration in case I did something wrong.
THANK YOU
A Verizon FiOS router heads up my network (192.168.1.1 /24), plugs into the WAN port of a Linksys WRT150 flashed with DD-WRT (192.168.2.241 /24) which controls the network in my room and plugs into the WAN port of a Cisco 871W router (192.168.3.1) that runs my Cisco lab subnet.
So...
Verizon Router -> DD-WRT Linksys -> Cisco
Each router is a separate network with static routes setup in between. Communication between networks works perfectly.
Originally I had DHCP enabled on all the routers, but I now have a Windows Server 2003 computer running DHCP and I want it to server a different scope to each network.
Server 2003 Box: 192.168.3.20 /24
I currently have a scope for the Cisco lab network, 192.168.3.0 and it assigns an address properly for the one DHCP client, my laptop, that I have hooked up right now. To keep things simple for now I have hooked the server and the laptop directly up to the Router.
Since I want multiple scopes assigned, I assigned the port that the laptop connects to as VLAN3, added a ip helper-address pointing to 192.168.3.20.
Obviously this all works fine because its all the same subnet, but now I need to be able to get this DHCP signal to the Linksys router and the 192.168.2 subnet.
How do I do this? The Linksys router is currently hooked up to Port 4 of the Cisco 871, which is configured as a WAN port. I noticed I do not have the switchport access command under this interface to add it to a vlan. Does it need to be added to a vlan, or left blank and I add the Linksys ports to a vlan?
Please help me. Where do I go from here? I am quite stumped.
Also, how does this work exactly? Does the DHCP server see that a request came from the router that was statically assigned a 192.168.2 address and then responds with the appropriate scope address to the client?
I have attached my 871 configuration in case I did something wrong.
THANK YOU
Building configuration...
Current configuration : 6338 bytes
!
! Last configuration change at 00:57:38 PCTime Fri Apr 2 2010 by DT
! NVRAM config last updated at 13:59:50 PCTime Sat Mar 27 2010 by DT
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname MaestroROUTER1
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$CrVP$Vi/BP9HMB2SoI4L3Zzerv0
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
clock timezone PCTime -5
ip subnet-zero
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.3.1 192.168.3.149
ip dhcp excluded-address 192.168.3.176 192.168.3.254
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name MaestroNET.local
ip name-server 192.168.1.1
ip ssh time-out 60
ip ssh authentication-retries 2
ip port-map user-RDP port tcp 3389 description Remote Desktop
no ip ips deny-action ips-interface
!
!
crypto pki trustpoint TP-self-signed-3065917022
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3065917022
revocation-check none
rsakeypair TP-self-signed-3065917022
!
!
crypto pki certificate chain TP-self-signed-3065917022
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33303635 39313730 3232301E 170D3032 30333136 30383234
33385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30363539
31373032 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100EFB2 9C060121 294BBAA7 01FF00E4 CF0948D5 BF60621C E317CB6B 708E2408
9928014A 4BBF74CC 51BE0A6A 578C8B61 888BA185 4FFB343D BC27B370 1D4DBB92
5F736272 4A078551 4CD3E04E 329BB95F D086C9EC 980542A6 466F0308 1549355C
CC791093 288A3621 AC9704C3 29526D7A 8F3921B3 48CFA1DC 5C3280C7 99A1240D
75AB0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 14BD7F00 9782B35E 97884065 4AF8D7DD 176C71A4
6A301D06 03551D0E 04160414 BD7F0097 82B35E97 8840654A F8D7DD17 6C71A46A
300D0609 2A864886 F70D0101 04050003 818100C9 3A9FC9FE 8C5D1689 62EFC63E
C9B182B2 A6AA9624 19BF58BC EC2DA9BD 23A2E3EF 9E2FC25D EA250656 EDD83EE0
F12E00FE 6149895D 3314F914 F112151B 84F84170 DC159DCB 6F534B75 887DA31E
84B0E3B7 504848AE 2886EB80 E7725762 1CB58A58 72EEC38F FCC170F7 B5EB1763
DF2B2A09 D4768076 016444F0 DE177968 1DBCA7
quit
username DT privilege 15 secret 5 $1$VQSk$pvxPD/0NNgqRkCTq/T76J0
!
!
!
bridge irb
!
!
interface FastEthernet0
switchport access vlan 3
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$
ip address dhcp client-id FastEthernet4
ip access-group 102 in
ip helper-address 192.168.3.20
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
encryption key 1 size 40bit 7 B3968D437253 transmit-key
encryption mode wep mandatory
!
ssid MaestroNET
authentication open
guest-mode
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
channel 2462
station-role root
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface Vlan2
no ip address
ip helper-address 192.168.3.20
bridge-group 1
!
interface Vlan3
no ip address
ip helper-address 192.168.3.20
bridge-group 1
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 192.168.3.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
ip classless
ip route 192.168.1.0 255.255.255.0 192.168.2.241 2
ip route 192.168.2.0 255.255.255.0 192.168.2.241
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool Main 192.168.3.150 192.168.3.155 netmask 255.255.255.0
!
ip access-list extended RDP
remark Remote Desktop
remark SDM_ACL Category=64
remark Remote Desktop
permit tcp any eq 3389 any eq 3389
remark Remote Desktop
permit udp any eq 3389 any eq 3389
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit udp any any
access-list 100 permit tcp any any
access-list 100 permit ip any any
access-list 102 remark SDM_ACL Category=1
access-list 102 permit tcp any any
access-list 102 permit udp any any
access-list 102 permit ip any any
access-list 103 remark SDM_ACL Category=2
access-list 103 permit tcp any any
access-list 103 permit udp any any
no cdp run
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner exec ^C
Access granted.
Thank you for logging in.
^C
banner incoming ^C
Access Granted.
Thank you for logging in.
^C
banner login ^C
*************************************
*------Welcome to MaestroNET!-------*
*-----------------------------------*
*-----Device: Cisco 871W Router-----*
*-----Hostname: MaestroRouter1------*
*-----------------------------------*
*-This network is for test purposes-*
*-Unauthorized access is prohibited-*
*-Please logout now if you are not--*
*--------an authorized user---------*
*************************************
^C
!
line con 0
privilege level 15
logging synchronous
login authentication local
no modem enable
exec prompt timestamp
transport output telnet
line aux 0
transport output telnet
line vty 0 4
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
ASKER
Alright. There's a DHCP-Forward option in DD-WRT but I read a whole bunch of posts saying it doesn't work at all.
If this is true, is there any other way to get this to work? Can I run DHCP-Forward on something else?
If this is true, is there any other way to get this to work? Can I run DHCP-Forward on something else?
you need a system on the vlan (a unix server could do) which does a dhcp-relay to the core system.
DHCP broadcasts (address 255.255.255.255) to all systems inside the VLAN requesting an address. The DHCP relay process pick such a thing and forwards a query to the dhcp server and republishes that answer to the local VLAN.
DHCP broadcasts (address 255.255.255.255) to all systems inside the VLAN requesting an address. The DHCP relay process pick such a thing and forwards a query to the dhcp server and republishes that answer to the local VLAN.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Figured it out on my own.
So you need some tool like dhcp-relay to act like the dhcp-helper does in in Cisco.
lookfor dhcp-relay or dhcp-forward in your settings.
(I have no ddwrt system though)