Solved

Trouble adding a second DHCP scope

Posted on 2011-09-20
9
712 Views
Last Modified: 2012-06-27
Using Windows 2003 active directory server. The network is 10.1.0.0/23. Existing DHCP scope is 10.1.0.1-10.1.0.254/23. Would like to add a second scope to support WIFI clients. Tried adding second scope of 10.1.1.1-10.1.1.254/23, but I keep getting a message saying it conflicts or something. How can I do this properly?
0
Comment
Question by:robw24
  • 5
  • 3
9 Comments
 
LVL 7

Expert Comment

by:OctInv
Comment Utility
What is the exact conflict message you are getting?
Are there any Static IP addresses assigned to the DHCP server that the range you are configuring conflicts with?
For example - the server IP address might be 10.1.1.1
0
 
LVL 7

Expert Comment

by:OctInv
Comment Utility
Additionally, instead of adding another scope, why not just increase the scope you have from the end IP address range being at 10.1.0.254 to being at 10.1.1.254 instead?

Hope this helps.
0
 
LVL 1

Author Comment

by:robw24
Comment Utility
"The address range and scope conflicts with an existing scope.". I am actually trying to add just 10.1.1.160-10.1.1.220/23

I would consider expanding the original scope, but really would like to know why I can't add a second scope. And if I did expand the scope, how do I get just WIFI clients to use the 10.1.1.x range?
0
 
LVL 7

Accepted Solution

by:
OctInv earned 400 total points
Comment Utility
To answer your first point in your last post:
The first scope you created has the potential of including the new range of IP addresses (even though it currently doesn't include them), and so therefore considers a new scope as the same as the one you are creating.
You could extend your scope to cover the available range and exclude multiple ranges that you don't want to give out.

To answer your second point:
DHCP doesn't care what kind of network adaptor asks for an IP address when it is on the same subnet, it will just simply supply one without prejudice; the exception of course is when you use reservations and that involves you finding out the MAC address of each wireless client machines network interface - something I'm sure that you don't want to have to do.

The only way I see of having your wireless clients picking up separate IP address is if you place the wireless controller on a separate subnet, say, 10.2.1.1/23, and place a router between the wireless controller and the DHCP server.  Route all 10.1.1.1/23 requests from the wireless subnet to the DHCP on your current subnet.  Then you could create a new scope on the DHCP matching that of your new subnet.  Given that the wireless clients would be asking for an IP address from the 10.2.x.x range, they would get assigned that IP address from the DHCP server instead.

Hope this helps you.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 7

Expert Comment

by:OctInv
Comment Utility
edit on that last post...
'and so therefore considers a new scope as the same as the one you are creating'
....should read:
'and so therefore considers a new scope as the same as the one you have already created'
0
 
LVL 1

Author Comment

by:robw24
Comment Utility
Well that makes sense about the new scope being the same as the existing scope. Your partially right about DHCP not caring, however I was going to play around with optional DHCP parameters such as vendor class, which is supposed to make it discriminate.
The router is not a bad idea, but I think it will add too much complexity, especially since I will be adding multiple access points spread through the company.

What I am thinking of trying now is to setup an additional DHCP server on the Radius Server/IAS server box.. I will configure it with the 10.1.1.x scope that I want, and I will program the wireless access points to forward DHCP requests to only this server. Not sure if I will need/want to authorize it in active directory or not, as I don't want non-wireless clients to obtain ip addresses from it.
0
 
LVL 7

Expert Comment

by:OctInv
Comment Utility
Excellent news, I'm glad that my advice seems to have answered your question.

I don't know why I’m only partially right though as I think you might be mistaken about the use of vendor classes.  My understanding is that this is a method used for managing DHCP options assigned to clients identified by vendor type (i.e. operating system or hardware manufacturer) rather than what IP address they use - for example you might want a DHCP assigned Windows 2000 computer or a Cisco router to use another default gateway or use a different DNS server.  Assigning their IP address is not something that is done within DHCP options.  However - if you can put me right on this, then please let me know.

I'm also unsure on how you can forward DHCP requests as these requests are always broadcasted on the network - and broadcasts are received by everything on the same subnet.  If you have 2 DHCP servers on the same subnet (which is what you are proposing), then either server will respond to a DHCP request and provide an IP address.
Again, I might be wrong on this if you find a way round this, so if your proposed solution above works, I'd be really interested on how you achieved this.

All the best, and good luck.
0
 
LVL 1

Author Comment

by:robw24
Comment Utility
You may indeed be right about the use of vendor class, I have not tinkered with that yet and I honestly don't remember some things like that learned years ago studying for MCSE.

As far as forwarding the DHCP requests, there is an option in the access point software to forward DHCP requests to whatever IP address I would like. So I imagine that instead of forwarding the DHCP broadcast from the wireless clients, the AP would drop it and forward/unicast it instead to a specific host.

I will let you know how it works out with the additional DHCP server.
0
 
LVL 7

Assisted Solution

by:Dusan_Bajic
Dusan_Bajic earned 100 total points
Comment Utility
Hi,

You have some good advices from Octlnv in previous posts, but really stable, by-the-book solution depends on what are you trying to achieve. Do you want your wi-fi clients to be in the same subnet and/or broadcast domain with your other devices? If you don't have any reason to separate them, just don't do it, you are only making things more complicated. If you do want to separate them, you usually have to go with VLANs (unless you have separate cabling for APs which is rarely the case)
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now