asked on

Microsoft DHCP Provide Addresses to Different Subnets

I am in desperate need to segment our network (specifically the WiFi clients) by IP address instead of increasing the size from a /24 to a /16. The preference is the have a handful of /24 networks, one for each VLAN.

The problem is I am not certain how to do with this microsoft's Server 2008 R2 server's DHCP.

Ideally, I'd like to segment things using a VLAN and have each VLAN have a different subnet. The DHCP server would/could be a VM and would need to know about each VLAN and which range to provide to which VLAN.

Our Sonicwall firewall can handle virtual interfaces assigned to different VLANs and can therefore be set as the DG for each VLAN and do the routing across them, but the looming question is DHCP for each VLAN.

All of our switches are layer 2 HP switches and are currently doing VLANs for our VoIP traffic which works very well.

How/Can this be done? Is this the right approach?

Any help, direction or suggestions would be appreciated.

Thanks!

ASKER CERTIFIED SOLUTION

lruiz52

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

lruiz52

Check out the link below, shows how to set up switch to relay to DHCP server

http://www.hp.com/rnd/support/config_examples/5300xl_dhcp_relay.pdf

digitalwav

ASKER

Makes sense but I don't think we have layer 3 switches. They're all layer two. The majority are HP Procurve 2520, 2610 and V1910 and I don't see an option for that. My core is a 2910 but I don't see the option there either.

I seem to remember turning on routing on the 2910 and it took down the network. I am assuming that is because it needs all the routes setup for all the subnets and with the said might the 2910 be the one with the ip helper-address command? If it is, will it "help" all the other switches once the VLAN is created?

digitalwav

ASKER

Actually would it be possible to post the config of the 2910 and see if you can guide me? It looks like it has an ip route command already. the problem is I don't have a duplicate device to test on so I'm working live here.

lruiz52

Yes post a sanitized config and a network diagram of the current environment.

digitalwav

ASKER

Will do. May take a little bit.

lruiz52

No problem.

digitalwav

ASKER

Ok, this is pretty clean. I left some of the IP addresses as they're all internal but otherwise meaningless. the CORPSW names are the interfaces to the other switches.

; J9148A Configuration Editor; Created on release #W.14.38

hostname "CorpSW-0005"
mac-age-time 600
module 1 type J9148A
interface 38
   name "CORPSW-0001"
   no power-over-ethernet
exit
interface 40
   name "CORPSW-0002"
   no power-over-ethernet
exit
interface 41

   no power-over-ethernet
exit
interface 42
   name "CORPSW-0004"
   no power-over-ethernet
exit
interface 43
   no power-over-ethernet
exit
interface 44
   name "CORPSW-0003"
   no power-over-ethernet
exit
interface 46
   
   no power-over-ethernet
exit
interface 47
   
   no power-over-ethernet
exit
interface 48
   
   no power-over-ethernet
exit
trunk 46-48 Trk1 LACP
ip default-gateway 192.168.103.1
vlan 1
   name "DEFAULT_VLAN"
   untagged 1-6,8-40,42-45,Trk1
   ip address 192.168.103.15 255.255.255.0
   no untagged 7,41
   jumbo
   exit
vlan 100
   
   untagged 7,41
   no ip address
   exit
vlan 2
   name "VOIP"
   qos priority 5
   tagged 1-44
   voice
   no ip address
   exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-HDx sensitivity high
fault-finder duplex-mismatch-FDx sensitivity high
gvrp
ip dns domain-name "xxx.local"
ip dns server-address priority 1 192.168.100.25
ip route 0.0.0.0 0.0.0.0 192.168.100.4
snmp-server community "public" unrestricted
spanning-tree
spanning-tree Trk1 priority 4
no autorun
password manager

Open in new window

digitalwav

ASKER

The network is pretty flat for the purposes of this VLAN configuration. The key is how to get DHCP segmented to the specific VLANs.

Thanks!!

digitalwav

ASKER

Ok, so the VLAN config on the switches is complete, tested and working. The issue is DHCP. My test stations are using static addresses and between the VLAN, Switches and Firewall things appear to be properly segmented and secured.

So the question now is how do I get DHCP to each of the VLANs? I don't think I can do it at the switch but if the config listed above suggested it's doable how?

My other thought is to use a VM with a virtual adapter that's bound to the VLAN but that adds a lot of overhead for serving IP addresses.

Thanks.

SOLUTION

digitalwav

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

digitalwav

ASKER

SOLVED! IP Helper on the firewall did the proper forwarding. Thanks for the help!

digitalwav

ASKER

Using the VLANs on the switches and IP Helper on the sonicwall to forward DHCP requests to the proper Windows DHCP server everything got the correct IP address.

Aaron Street

The other way to have done it would be on the DHCP server configure the NIC to support VLAN tagging. then set up a trunk to the server nic and set an ip address for each vlan on it.

Ip helper address is tidy, but at a pinch you could have the dhcp server having an a virtual interface in every subnet.

digitalwav

ASKER

That was my option of last resort. I was lucky to have seen the option on the firewall.