• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 373
  • Last Modified:

dhcp best practices

1st off don't laugh. this is an embarrassment to the IT World

So i just started working at this company and man i have to say their network is jacked up.

they have 2 DHCP scopes running on two different servers

the DHCP scope has no reservation allocated for the networking gear or the servers

their servers have 2 active nics (some 3) on the same network - no sub-netting.  

they have a slew of ip-conflicts weekly (attributed by the servers being in the same pool as the dhcp scope)

What i would like to know is this
1. by removing the homing nics will it increase performance?
2. how is this setup bad?  

sorry just ranting and looking for good answers
  • 3
  • 2
1 Solution
If the servers have multiple nics on the same vlan, I would look at teaming them for redundancy/performance increase. Removing them isn't necessary as long as they are both the same make or support the same teaming software. If they don't try diabling one of them or giving them different IP's. DNS round robin should sort out the rest for name resolution etc.

Assuming the DHCP scopes are both the same, if the DHCP servers are set to ping the target clients before allocating an address, this may not be a problem, but what we do at my place is have the scopes split so that one server gives out the lower half of the IP range and the other the upper half. Then you will not get IP address conflict at all.
Our servers and other infrastructure equipment is not in the scope range. (in fact they are on a totally different VLAN)

Whilst there are no worngs or rights, the above can be considered bad because you are experiencing IP address conflict. What is worse is that this is being experienced by the servers.

Action plan:

Re-create the DHCP scopes without including the servers IPs. (move the servers & infrastructure IP's to the beginning or the end of the subnet if possible)
Team the NIC's if possible.
johnkesoglouAuthor Commented:
i was looking for a more constructive way to tell the client that there was something wrong with the current setup.  you gave a great answer but i indicated that i knew the answer.

thanks anyway
As for a more constructive way to tell the client they have a bad setup, tell them that are expeirncing porblems and issues right now. Until this is sorted out, they will cary on experiencing problems.

If they want to see MS best practices, see http://technet.microsoft.com/en-us/library/cc780311(WS.10).aspx & http://technet.microsoft.com/en-us/library/cc776596(WS.10).aspx

One thing MS haven't included on their DHCP server is DHCP server clustering which is now in the spec, but MS want you to buy their enterprise version of Windows and cluster DHCP using windows clustering. 3 times the cost.
johnkesoglouAuthor Commented:
hi guys

i appreciate the feedback, this PIX seems to have some sort of issue outside of the configuration.  the only thing i did outside of the config was upgrade the firewall pdm software.  The other line items regarding http . and telnet  :)  i was unable to hit the pdm from the outside (assuming i could use telnet on ethernet0 - and that we must use SSH on the public interface.)  

so once i get everything cleared up, i will remove these and take care of everything internally from one of the servers using rdp.

i really appreciate the feedback.

i did notice that each time i put a command in place it takes the firewall several minutes to "turn on" or "turn off" ... i.e. i add a NAT rule and it is inaccessible for several minutes.  i know the device is old but i am using this in the interim until i can get myself a decent ASA 5505
johnkesoglouAuthor Commented:
lol - disregard my last post intended for another issue

thanks for your feedback :)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now