[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 273
  • Last Modified:

DHCP Range transfer from Switch to Windows Server Box

I am currently moving the DHCP function from our core switch and transferring it to a DHCP windows box. The switch DHCP scope consists of multiple ranges that are associated with groups of ports configured on VLANS.

In order to translate this functionality, would each DHCP range need to binded to a specific Ethernet interface on the box that then plugs into a switch port on a specific vLAN

i.e 10.30.10.1-255 > Ethernet 1 > switch port 1 (vlan 1)
      10.50.10.1-255 > Ethernet 2 > switch port 2 (vlan 2)
0
L-Plate
Asked:
L-Plate
  • 7
  • 5
  • 2
  • +1
1 Solution
 
kevinhsiehCommented:
No. You need to configure the DHCP scopes on the Windows. Server(s), and then configure the L3 interfaces on your switches to forward the DHCP requests to your new DHCP servers. This is generically called a DHCP relay agent. Cisco command is "in helper-address A.B.C.D", and you apply to the VLANs that have DHCP clients. The switch/router will modify the DHCP request so that the DHCP server knows where the request came from so it can hand out an address from the correct scope.

http://www.cisco.com/en/US/docs/ios/12_4t/ip_addr/configuration/guide/htdhcpre.html
0
 
Leon FesterCommented:
Correct as per Kevin's suggestion.

At one of my sites we used 1x DHCP server with 40 scopes for 40 VLAN's.
Knowledge about the DHCP relay agents is also important when you do your DR plan/strategy as you'll need to update the DHCP relay agents to point to the new DHCP server when DR is invoked.
0
 
SteveCommented:
if you want to avoid the switch doing any DHCP (including relaying) you are correct that a separate IP/interface for each scope would work. this can be difficult if the server has any other functions too (eg domain controller, exchange etc) as multiple NICs can screw up some roles/functions.

Otherwise the relay options above are certainly a good option.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
L-PlateAuthor Commented:
ok, some good suggestions here.

I'm looking to take the all DHCP functionality away from the switch, so I think separating the scopes onto physical relay systems is probably the best way forward.
0
 
L-PlateAuthor Commented:
ok

If I setup a master DHCP server on 10.0.0.x range and have relay agents sitting on 10.50.40.x (vlan1) and 10.40.40.x (vlan2) ranges, how do the clients plugged in to those vlans (10.50.40.x etc) obtain the correct address from the master DHCP server where all the scopes are advertised ?

can you configure relay agents on the master DHCP server to only use a specific scope range ?
0
 
Leon FesterCommented:
This chapter describes how Dynamic Host Configuration Protocol (DHCP) servers provide configuration parameters to DHCP clients. DHCP supplies network settings, including the host IP address, the default gateway, and a DNS server. When DHCP clients and associated servers do not reside on the same IP network or subnet, a DHCP relay agent can transfer DHCP messages between them. The DHCP relay agent operates as the interface between DHCP clients and the server. It listens for client requests and adds vital configuration data, such as the client's link information, which is needed by the server to allocate the address for the client. When the DHCP server responds, the DHCP relay agent forwards the reply back to the DHCP client.

http://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/ace/v3-00_A2/configuration/rtg_brdg/guide/rtbrgdgd/dhcp.html

In the relay configuration you only specify the IP Address of the DHCP Server.
The DHCP Server will find all the necessary information about which VLAN the IP address must be allocated from based on information contained in the packet data.

You don't need to configure relaying for a specific scope. The relay agent will add the necessary information to the DHCP. It is not worth the effort...imagine all the unique configuration required on each of the switches.

The DHCP relay purpose is to accept DHCPDISCOVER requests and forwards them to the specified DHCP server and will add any additional information that the DHCP server needs to identify the VLAN where the request originated.

Think of your DHCP relay as a proxy server for DHCP discover requests...
0
 
Leon FesterCommented:
Here are the DHCP messages used by Windows.
http://technet.microsoft.com/en-us/library/cc958940.aspx
http://support.microsoft.com/kb/169289

You can run Wireshark or Netmon on your LAN and actually view these requests as they get broadcast on your network to see how it works in practise.

You will be pleasantly surprised to see how many requests are involved in requesting and receiving a DHCP address.
0
 
L-PlateAuthor Commented:
Leon

Not sure whether I understand you.

I don't want the switch to do anything apart from segment the IP ranges. I want to the dhcp to populate all clients with their configs. I have 5 scopes all setup on the master DHCP, I'm looking to allocate a particular scope to a particular vlan.

Or would it be better just to setup 5 separate DHCP servers and plug them into each individual vlan?
0
 
kevinhsiehCommented:
The only thing you have left to do is configure the router interface for each VLAN to relay DHCP traffic to your Windows server. What you are trying to accomplish is actually simpler to do than describe. What kind of switch do you have? I already gave the syntax for Cisco switches.
0
 
Leon FesterCommented:
I have 5 scopes all setup on the master DHCP, I'm looking to allocate a particular scope to a particular vlan.

That is exactly the scenario I was trying to sketch.
Your action plan should be:
1. Setup the 5 scopes on your Master DHCP server
2. Configure DHCP relay to point to Master DHCP server IP Address - this config is needed on each of the switches that are hosts VLAN's.

Job done.

The first post with the links explains in detail the configuration and testing requirements and how DHCP requests are managed by your switches. See fig 5.1 from the cisco link, which basically displays the switches and DHCP requests that are sent between the hosts/switches/dhcp server.

HOST <--> Switch(where VLAN's are configured <--> MASTER DHCP

Your network config is standardized across all switches and VLANs.
0
 
L-PlateAuthor Commented:
Are you looking to configure the switch itself as the relay agent instead of a server ?
0
 
Leon FesterCommented:
Yes, you do need to configure the switch as the relay agent.
The server is not the relay ... it is the DHCP server.

Part of the reason for running VLAN's and switches is to segment the network and reduce broadcast traffic.

So when a client workstation broadcasts a DHCPDISCOVER request that request is blocked by the switch since it's function is to reduce broadcast traffic.

If your client workstation and DHCP server were on the same VLAN then the DHCPDISCOVER request would be answered by the DHCP server.

When you enable relaying on the switch you are telling the switch where to send the broadcast request.
In this case it will send the DHCPDISCOVER request to the DHCP server that was specified in the relay agent configuration.
0
 
Leon FesterCommented:
In a previous post you said:

I don't want the switch to do anything apart from segment the IP ranges. I want to the dhcp to populate all clients with their configs. I have 5 scopes all setup on the master DHCP, I'm looking to allocate a particular scope to a particular vlan.

I don't want the switch to do anything apart from segment the IP ranges - You won't get away with this requirement. By design a switch also routes traffic...so a DHCP relay must be configured on this device.

I want to the dhcp to populate all clients with their configs - This can be done by configuring all your DHCP scopes on a SINGLE DHCP server.

I have 5 scopes all setup on the master DHCP - This is correctly configured...not change required.

I'm looking to allocate a particular scope to a particular vlan - Allocation of specific scope to specific VLAN's is part of the DHCP function. You don't need to configure anything here as the DHCP server will use the packet information on the DHCP requests to figure out what scope to assign an IP address from.

Read this information directly on the Microsoft website:
Understanding relay agents:
http://technet.microsoft.com/en-us/library/cc779610(v=ws.10).aspx

How DHCP Technology Works
http://technet.microsoft.com/en-us/library/cc780760(v=ws.10).aspx
0
 
SteveCommented:
I don't want the switch to do anything apart from segment the IP ranges - You won't get away with this requirement. By design a switch also routes traffic...so a DHCP relay must be configured on this device.
It may just be a poor choice of words, but this simply isn't true. Switches only perform routing if they are layer 2+ or 3. all switches do not route.

the asker has stated they don't want the switch to do anything other than segment the networks using vlans. If they don't want it to perform any relaying either they may have to consider multiple DHCP servers or a single DHCP server with multiple NICs (unless their router can provide a dhcp relay service for all the networks.

@L-Plate,

Could I ask why you are specifically asking for this without the switch being involved as it may help us to understand the reasons behind your request.
0
 
Leon FesterCommented:
Switches only perform routing if they are layer 2+ or 3. all switches do not route.
Thanks for pointing this out. You are correct that "all switches do not route"

However, VLAN's can only be configured on Layer 2 and Layer 3 switches.
So in the context of this conversation my original statement does hold true.

Your statement:
the asker has stated they don't want the switch to do anything other than segment the networks using vlans.
highlights the fact that L-plate may not have a full understanding of VLAN's.

If there was a known constraints to only do VLAN splits via the switch then he should have stopped us after those 3 posts.

The answer supplied in the first 3 posts already provide a solution that works, is documented, recommended and supported by the various Vendors who offer this type of functionality/interoperability.

That being said, I don't believe that EE should be a forum to point out what people don't know...but rather it should be used to help them understand.

While we try to answer the question correctly we often need to always consider if the correct question is being asked.
0
 
L-PlateAuthor Commented:
thank you
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

  • 7
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now