[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Trouble adding a second DHCP scope

Posted on 2011-09-20
9
Medium Priority
?
723 Views
Last Modified: 2012-06-27
Using Windows 2003 active directory server. The network is 10.1.0.0/23. Existing DHCP scope is 10.1.0.1-10.1.0.254/23. Would like to add a second scope to support WIFI clients. Tried adding second scope of 10.1.1.1-10.1.1.254/23, but I keep getting a message saying it conflicts or something. How can I do this properly?
0
Comment
Question by:robw24
  • 5
  • 3
9 Comments
 
LVL 7

Expert Comment

by:OctInv
ID: 36568388
What is the exact conflict message you are getting?
Are there any Static IP addresses assigned to the DHCP server that the range you are configuring conflicts with?
For example - the server IP address might be 10.1.1.1
0
 
LVL 7

Expert Comment

by:OctInv
ID: 36568435
Additionally, instead of adding another scope, why not just increase the scope you have from the end IP address range being at 10.1.0.254 to being at 10.1.1.254 instead?

Hope this helps.
0
 
LVL 1

Author Comment

by:robw24
ID: 36568613
"The address range and scope conflicts with an existing scope.". I am actually trying to add just 10.1.1.160-10.1.1.220/23

I would consider expanding the original scope, but really would like to know why I can't add a second scope. And if I did expand the scope, how do I get just WIFI clients to use the 10.1.1.x range?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 7

Accepted Solution

by:
OctInv earned 1600 total points
ID: 36569415
To answer your first point in your last post:
The first scope you created has the potential of including the new range of IP addresses (even though it currently doesn't include them), and so therefore considers a new scope as the same as the one you are creating.
You could extend your scope to cover the available range and exclude multiple ranges that you don't want to give out.

To answer your second point:
DHCP doesn't care what kind of network adaptor asks for an IP address when it is on the same subnet, it will just simply supply one without prejudice; the exception of course is when you use reservations and that involves you finding out the MAC address of each wireless client machines network interface - something I'm sure that you don't want to have to do.

The only way I see of having your wireless clients picking up separate IP address is if you place the wireless controller on a separate subnet, say, 10.2.1.1/23, and place a router between the wireless controller and the DHCP server.  Route all 10.1.1.1/23 requests from the wireless subnet to the DHCP on your current subnet.  Then you could create a new scope on the DHCP matching that of your new subnet.  Given that the wireless clients would be asking for an IP address from the 10.2.x.x range, they would get assigned that IP address from the DHCP server instead.

Hope this helps you.
0
 
LVL 7

Expert Comment

by:OctInv
ID: 36569486
edit on that last post...
'and so therefore considers a new scope as the same as the one you are creating'
....should read:
'and so therefore considers a new scope as the same as the one you have already created'
0
 
LVL 1

Author Comment

by:robw24
ID: 36569553
Well that makes sense about the new scope being the same as the existing scope. Your partially right about DHCP not caring, however I was going to play around with optional DHCP parameters such as vendor class, which is supposed to make it discriminate.
The router is not a bad idea, but I think it will add too much complexity, especially since I will be adding multiple access points spread through the company.

What I am thinking of trying now is to setup an additional DHCP server on the Radius Server/IAS server box.. I will configure it with the 10.1.1.x scope that I want, and I will program the wireless access points to forward DHCP requests to only this server. Not sure if I will need/want to authorize it in active directory or not, as I don't want non-wireless clients to obtain ip addresses from it.
0
 
LVL 7

Expert Comment

by:OctInv
ID: 36570005
Excellent news, I'm glad that my advice seems to have answered your question.

I don't know why I’m only partially right though as I think you might be mistaken about the use of vendor classes.  My understanding is that this is a method used for managing DHCP options assigned to clients identified by vendor type (i.e. operating system or hardware manufacturer) rather than what IP address they use - for example you might want a DHCP assigned Windows 2000 computer or a Cisco router to use another default gateway or use a different DNS server.  Assigning their IP address is not something that is done within DHCP options.  However - if you can put me right on this, then please let me know.

I'm also unsure on how you can forward DHCP requests as these requests are always broadcasted on the network - and broadcasts are received by everything on the same subnet.  If you have 2 DHCP servers on the same subnet (which is what you are proposing), then either server will respond to a DHCP request and provide an IP address.
Again, I might be wrong on this if you find a way round this, so if your proposed solution above works, I'd be really interested on how you achieved this.

All the best, and good luck.
0
 
LVL 1

Author Comment

by:robw24
ID: 36573318
You may indeed be right about the use of vendor class, I have not tinkered with that yet and I honestly don't remember some things like that learned years ago studying for MCSE.

As far as forwarding the DHCP requests, there is an option in the access point software to forward DHCP requests to whatever IP address I would like. So I imagine that instead of forwarding the DHCP broadcast from the wireless clients, the AP would drop it and forward/unicast it instead to a specific host.

I will let you know how it works out with the additional DHCP server.
0
 
LVL 7

Assisted Solution

by:Dusan_Bajic
Dusan_Bajic earned 400 total points
ID: 36574025
Hi,

You have some good advices from Octlnv in previous posts, but really stable, by-the-book solution depends on what are you trying to achieve. Do you want your wi-fi clients to be in the same subnet and/or broadcast domain with your other devices? If you don't have any reason to separate them, just don't do it, you are only making things more complicated. If you do want to separate them, you usually have to go with VLANs (unless you have separate cabling for APs which is rarely the case)
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question