?
Solved

DHCP in use and already have scope , reservations, and MAC filtering need to add redundancy

Posted on 2013-01-25
9
Medium Priority
?
494 Views
Last Modified: 2013-02-04
Hi, We already have DHCP installed and running on a Domain Controller , Windows Server 2008 Standard  SP1 64 bit O/S.  This server also has Active Directory and dns.  The DHCP scope is already defined and has several reservations. Also it is using MAC filtering.  There is a second Windows 2008 server as a Domain Controller , running dns and Active Directory. So we need to implement DHCP redundancy or cluster or a backup failover DHCP server. What is recommended and not sure adding to or splitting the DHCP scope would be an option as need to have reservations and MAC filtering.  An automated solution would be nice but is it possible to implement without changing the current working DHCP server ?
0
Comment
Question by:zephon50
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 4

Assisted Solution

by:norcalty
norcalty earned 750 total points
ID: 38819438
http://technet.microsoft.com/en-us/library/hh831385.aspx

"In Windows Server® 2008 R2, there are two high availability options available for DHCP Server deployment. Each of these options is associated with some challenges.
DHCP in a Windows failover cluster. This option places the DHCP server in a cluster with an additional server configured with the DHCP service that assumes the load if the primary DHCP server fails. The clustering deployment option uses a single shared storage. This makes the storage a single point of failure, and requires additional investment in redundancy for storage. In addition, clustering involves relatively complex setup and maintenance.

Split scope DHCP. Split scope DHCP uses two independent DHCP servers that share responsibility for a scope. Typically 70% of the addresses in the scope are assigned to the primary server and the remaining 30% are assigned to the backup server. If clients cannot reach the primary server then they can get an IP configuration from the secondary server. Split scope deployment does not provide IP address continuity and is unusable in scenarios where the scope is already running at high utilization of address space, which is very common with Internet Protocol version 4 (IPv4)."
0
 
LVL 22

Expert Comment

by:Matt V
ID: 38819453
Split scope probably the easiest to manage.

You create the same scope on both DHCP servers, then exclude the lower half on one, and the upper half of the IP range on the other.

You make the same reservations on both DHCP servers, so no matter which one they attach to the client will get the reservation.

We do this and it works very well.
0
 
LVL 4

Expert Comment

by:norcalty
ID: 38819462
I'd like to mention that in smaller environments typically you don't setup DHCP failover unless you have some outstanding circumstances like running a 24/7 shop.  Since you have only two servers mentioned I'm assuming your environment is smaller.

 It's so easy to setup DHCP quickly that I usually just install DHCP on another server and document the settings.  It's about 5 minutes to setup a new one and authorize it as a DHCP server.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Author Comment

by:zephon50
ID: 38819902
Thanks for the responses.  We do run 24/7 and DHCP shows 984 in use.  I mentioned the second Windows 2008 server only to reference that we can implement DHCP on that server but we are trying to determine how best to do that. As you all have mentioned and having read other articles there are different approaches. Given that we use some reservations and we have to add every MAC address in a file for MAC filtering and several staff members do this the dual entry probably would not be feasible. We are simply looking for a means to have fault tolerance on DHCP, it would be nice if there was an automated Primary Secondary. How can we easily get DHCP to run from another Server without making changes to the scope on the Primary in the event that the Primary is not available?
0
 
LVL 4

Expert Comment

by:norcalty
ID: 38819924
The only way to do that is clustering the two machines as in the first example.  You must have shared storage to do this which will create another single point of failure without a secondary.  You can do it this way, it's just less common, more complicated and difficult and more expensive.
0
 
LVL 22

Accepted Solution

by:
Matt V earned 750 total points
ID: 38820335
Another option would be to install the DHCP service on the other server, and run nightly exports of the DHCP config to that server.

Then in a failure you could do a quick import and be up and running.

netsh dhcp server export c:\dhcpd all

netsh dhcp server import c:\dhcpd all
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 38822275
How many computers?

Split the Address Pool, not the scope.
0
 

Author Comment

by:zephon50
ID: 38827405
Hi, regarding the nightly export , how would you suggest managing the reservation list and MAC list ? Thanks
0
 

Author Closing Comment

by:zephon50
ID: 38851556
Thanks for the feedback and suggestions.
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question