Link to home
Start Free TrialLog in
Avatar of KConner32
KConner32

asked on

2 Subnets with 2 separate gateways joined together and Windows DHCP

I have 2 networks (main house and workshop).  Both have a seperate modem/router.  Both pieces of equiptment are very basic and because of the internet vendor I cant swap these out.  I set one up using a subnet of 192.168.0.0 and the other using 192.168.2.0.  I joined these routers together using an ethernet cable.  Both routers let me define a single static route.  All is great.  A device on subnet A, goes out through Router A, a device on subnet B goes out on router B.  But I can also access A from B without going out through the internet and VPNing in.

However it only works if the IP addresses (and specifally the default gateway) are correct.  I have a ton of iOT things so I dont want to static assign everything.  I put two DHCP servers on Subnet B.  Each is configured with a static IP for only 1 network (DHCP A has a static IP for A, and DHCP B has a subnet  B address).  I get a lot of cross assignments (Device plugged into A, gets a B address).

Again, I am very limited on what I can do with the routers.  If needed I can add a third router in or managed switch or whatever.

User generated image
Avatar of hypercube
hypercube
Flag of United States of America image

It would help to know what the settings are that "will only work" in this arrangement.
Could you please show the NIC settings, i.e. like from ipconfig /all on DHCP Servers 1 and 2 and the computer on 192.168.0.0/24?  

Why is DHCP Server 1 on 192.168.2.0/24?  It doesn't seem that this would work unless there is a 2nd IP address on the NIC or..... ?

What is your question if it's working?  What's the objective you hope to achieve?

Your issue is in the poor design.

The question is having two external connection what is it you want to achieve.

Using a single device that can have two WAN ports to then feed two vlans one for the workshop and obey for the house.
If the device is capable,of setting up ip helpers/DHCP relay agents you would only need a single DHCP server with multiple scopes (2 in this case: 192.168.0.0 as primary and an unattached 192.168.2.0/24 segment)

An Ethernet cable does not block broadcast packets which is what a dhcpdiscovery packet is.
A device needing an ip broadcasts a dhcpdiscovery. In your situation, both DHCP servers respond. Depending on the device the first responce packet it receives. That is the ip range it will get the IP from.

Not sure which rpurers you are using that each does not handle the DHCP function such that you need DHCP servers.?


Look at Cisco's ASA, juniper Srx, sonicwall tz180, checkpoint....
Advantages deal with devices having access to Internet as long as one connection is functional.
Your IoT things... how are they connected? Wirelessly?
Avatar of KConner32
KConner32

ASKER

Hello Thanks for the repliues.
I should start out by saying I clearly dont know a whole lot about networking.

So let me go back to the basics.  Just 2 networks, each with a separate modem/router to the internet.  However, I would like to be able to send some traffic straight from network A to network b without going out through the internet.

I configured a static route on both the routers to allow traffic from A to B and B to A.  This all works fine if the IP addresses on pcs are static.
PC on network A, has an IP of 192.168.0.10, mask of 255.255.255.0 and a default gateway of 192.168.0.1
PC on network B, has an IP of 192.168.2.10, mask of 255.255.255.0 and a default gateway of 192.168.2.1

The problem is DHCP.  If I set the workstations to get their IPs from DHCP, sometimes PC on Network A will get a Network B address since its just a broadcast and he who answers first wins.

I need PCs on A to have A addresses and PCs on network B to have B addresses but want to avoid doing everything static.  

So in my idiot brain, I somehow want a static route that wont let DHCP through.  I figure I need some other piece of hardware between the two networks, but I dont understand what and how I would configure it.





@some one , yes, I have 2 Unifi Access Points and most of the stuff connects through that.  Is there a way in Windows to control DHCP scope by connection type?


SOLUTION
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
@Fred Marshall, so the servers are all on an ESX box, and yes I set a second nic on that box and used a 192.168.0.x ip address on the second nic, and had the DHCP bind only to the second nic (see I told you I didnt know much about networking).  I had this delusional concept that the DHCP server might know the original gateway the request travelled through and try to match it.  I know that is wrong now.


In ypur current setup/configuration IP allocation is randomized.

To achieve what you want,

Internet A - \.                           - 192.18.0.0/24 or any other segment
                        Single firewall
Internet B -/.                             -192.168.2.0/24 or any other segment/s

The firewall will either distribute IPs based on the connected segment or use ip helpers/DHCP relay to forward DHCP requests to a DHCP server that will issue the correct ip for the segment from which the request came.

In your current scenario, you can not control which response a device will use to obtain an IP.

Consider it this way.

You are within an ear shot of two people. Each is directed to raise a marker. One has red while the other is blue.

The proper setup would call out the individual's name to assign the person to the correct color group.
In your case, all is heard is "hey" and the color assignment is based on in whose direction you looked first.

What is your background, as I might be able to tailor the analogy to hopefully better convey the situation and how it needs to be.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Ok, I think you are all correct.  I have two basic residential routers that either intentionally crippled ( my Arris had a really basic interface until the tech gave me the MSO login), or are just basic.  But I also see the solution from Fred and "Some One" is correct.  I am going to go with just a basic router connecting the two segments, turn on DHCP on both of the isp routers for their segment,  set their static routes to use the "middle router interface" then use the firewall on the router in the middle to allow the traffic I need through.  Seems simple when you guys say it.  I think I was just stuck on trying to solve the problem somehow with the DHCP server.  Now to figure out how to make all three of you the correct answer.
Arnold, I did say that the DHCP servers should be in their own VLANs, and you can do it all with one DHCP server if you want to.
some one, I did not say you did not.

The issue is that it is impossible to setup two controlled DHCP segments on a flat network.
Ok, Arnold. It just sounded like you were trying to tell Fred and I what the issue was...

Fred and "some one" the issue is that the DHCP servers are on the same side, in the virtualized environment.

without a VLAN that prevents broadcasts from reaching the wrong DHCP server and an IP helper/DHCP Relay agent there is no way to control the IP allocations in the current configuration.

I was confirming that I'd already acknowledged that. I had already said...

The DHCP servers can then be on their own VLANs too and service only devices in their VLAN (although you could do it all from one really).

...but it's all good. We all appear to be on the same page.

Actually though, it's not completely impossible to control two separate DHCP infrastructures on a flat network. Depending on the DHCP server largely, you can use MAC exclusions or client options to specify who gets what from which server. You can also use simple reservations by limiting the scope to the exact size you need on each server.
The asker did not want to go the route of reservation use if IoT devices.

One can use VLAN assignment if there is a level three managed switch. There are many ways to achieve this. The asker using routers provided by the ISP means there is no managed switch.

IMHO, the option chosen while addresses the segments, seems a waste as it avoids taking advantage of two feeds.
It is possible that if one goes down, the other will follow if from the same provider.