Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

I need to understand guest networks and VLANS

Posted on 2015-01-23
4
Medium Priority
?
172 Views
Last Modified: 2015-01-29
I will try my best to to keep this question simple, however I am a little confused, so bear with me.
Our DHCP scope has run out of IP addresses.
DHCP (on Windows 2008) has been giving out IP addresses to all and sundry.
We have a scope set up for our LAN (192.168.2.x)
We have a scope set up for VOIP (192.168.10.x)
Netgear switches are tagged accordingly.
We have a number of WAPS which allow LAN access to authenticated users and guest/clients access to the Internet.
Our Windows DHCP server has been giving IP addresses from 192.168.2.x to the guest/clients.
My immediate action is to set up a separate scope for these unauthenticated guests/clients so that they get andifferent IP from the authenticated LAN users and just get access to the Internet.
On the WAPS, you can define the VLAN ID.
I am assuming that I can't define the VLAN on the switch because these WAPS also serve LAN users.
I note that there is nowhere in DHCP to define VLANS.
Example: When somebody attaches to the guest/client network with their phone, after entering the key, they can access the internet. Q: If I define this connection as VLAN ID 4 - how is this routed to my firewall and how can I make sure that VLAN4 gets its IP addresses from a specific scope i.e. not the LAN scope?

Lets start with that and see if I can get some direction.

Many thanks in advance!
0
Comment
Question by:fuzzyfreak
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 50

Accepted Solution

by:
Don Johnston earned 2000 total points
ID: 40566225
If I understand your question correctly...

Assuming that you have defined the scopes on your DHCP server.  And there is a router (or firewall or layer-3 switch) which is performing inter-VLAN routing. And you have an IP helper configured on the router's interfaces.

When the client sends a DHCP request, the router will forward that to the DHCP server.  The source address (on the forwarded packet) will reflect the network which the request came from.  When the DHCP server receives the request, it will see the network the request came from and offer an IP address on that network.
0
 
LVL 4

Author Comment

by:fuzzyfreak
ID: 40566333
Thanks for your explanation.  Let me try to understand -

A router performing inter-VLAN routing - how can I figure out what is doing this?  I suspect it is either my switches or my firewall.
The source address will reflect the network - I don't understand how if it is simply tagged with a VLAN id - how does DHCP know?
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40566349
A router performing inter-VLAN routing - how can I figure out what is doing this?  I suspect it is either my switches or my firewall.
Whatever the default gateway for any of your networks are.  That's what is doing the inter-VLAN routing.
The source address will reflect the network - I don't understand how if it is simply tagged with a VLAN id - how does DHCP know?
The router (or whatever device is doing the inter-VLAN routing), will put the source network as the source address of the DHCP request. That way the DHCP server knows what network the request came from and will offer an address on that network.
0
 
LVL 4

Author Comment

by:fuzzyfreak
ID: 40577267
Thank you very much for your answer, this has helped me immensely.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question