Split DHCP Configuration

Posted on 2014-08-26
Last Modified: 2014-12-16
Setup DHCP split scope but second server won't give leases

I have configured Split DHCP Scope on Windows 2008 R2 Server.
I have scoped 80-20 on to each DHCP Server.
My problem is that the secondary DHCP server is not giving IP Address leases. and all machines are getting timed-out.
The Layer 3 Switch is 3560. Is their anything I need to do on L3 Switch.
Question by:Subhashis Sahoo
    LVL 18

    Accepted Solution

    Make sure the server is reachable. You will need ip helper addresses configured.

    I am a little concerned or confused by this statement.
    ....and all machines are getting timed-out

    Does this mean even the primary DHCP is not responding?

    You might want to take a look at this link for reference

    Author Comment

    by:Subhashis Sahoo
    I have come across a situation where in my company they want to use multiple DHCP servers to respond to queries, however they want to have the local DHCP server respond first and if that fails then they want the second DHCP server responding. The second DHCP server sits in a data center while the first is in the local office.

    My question is
    1. If I have 2 helper addresses configured, will the router sequentially choose the first and if it doesn't respond try the second helper OR will it forward the packet to both helper addresses and then its a race to whoever responds first?
    I hope my question is clear and look forward to your expert advice.

    So here I stopped the DHCP Service on the primary Server and tried testing few machines. But were getting timed out.

    I have added ip helper-address for all DHCP Servers on all vlans.
    LVL 18

    Expert Comment

    Both addresses configured with IP helper will be contacted. The PC will negotiate with the server that responds first which usually will be the server that's closest to the PC assuming all other factors (speed, processing time etc) are equal.

    For your setup, you will need to put both servers in a cluster.
    See link below on how to do that

    In your case, you will also need to fix connectivity to your server first to ensure that it will respond in the event the primary fails

    Author Comment

    by:Subhashis Sahoo
    I was going through some links. Interestingly I found the below link:

    Though I have given ip helper-address for both the DDHCP Servers, yet the second DHCP Server is not giving lease on a 80-20 setup.

    Does the below config help on Core Switch. Is their any other thing that I need to check to make it work.
    interface <on which the two DHCP Servers are connected>
    switchport access vlan XX
    ** ip arp inspection trust
    spanning-tree portfast
    ** ip dhcp snooping trust
    LVL 18

    Assisted Solution

    None of those will help your situation. What you need is a cluster configuration for your DHCP servers

    ip arp inspection trust
    You will have to not trust the secondary DHCP server in order for it not to respond, meaning it won't respond also when the primary goes down

    spanning-tree portfast
    This puts the port on the switch the server is connected to to go straight into forwarding mode at initial connection. Notice "initial connection". This only happens when you plug the cable in or reboot your server. It has nothing to do with who gets the request first

    ** ip dhcp snooping trust
    Similar to the 1st, untrusting the port the secondary connects to blocks the server out completely from offering addresses

    Author Comment

    by:Subhashis Sahoo
    Generally making a DHCP Server cluster, best suits for your Windows Server 2012.
    As we have Windows 2008 R2 edition in our environment
    LVL 18

    Expert Comment

    Server clustering has been in existence since Server 2000.

    The steps in the link will guide you.

    Your alternative is to use load balancers which I will assume you don't have right now. Server clustering is very easy to configure though just in case you feel intimidated. Just follow the steps

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
    It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
    This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now