Questions

Windows DHCP and VLANs

Tags:
+
0 Votes
Locked

Windows DHCP and VLANs

ryland
Ok I have two vlans - Vlan 1 default and Vlan 5 Service. I know that on my switches I need to add a IP address helper of the DHCP so the systems can get to DHCP. My question is when setting up thge scopes on the Windows Server, I have my default scope, I then go in and setup the scope of the second vlan's subnet. How to I make the scopes vlan dependant. How do I keep computers from default vlan from getting servered IPs from the service vlan and visa versa?

Thank you very much in advance.

Ryland
  • +
    0 Votes

    VTP

    CG IT

    VLANs don't talk to each by default. You need a layer 3 switch [router] trunk the switch port connected to the router.

    +
    0 Votes
    ryland

    Ok, what about the settings on the Windows DHCP server?
    Thanks

    +
    0 Votes
    lowlands

    there are no VLAN specific settings to set on the DHCP server. That is other than possibly router info etc.

    The DHCP server "knows" what VLAN a client is coming from and will assign an IP address accordingly

    +
    0 Votes
    ryland

    Thank you, was not sure if DHCP would know. Logically it did not make sense unless it did.

    +
    0 Votes
    MWRMWR

    I'll probably figure this out before this gets answered, but right now that part is what really is baffling me - the trunk/router bits I understand and I can sure make scopes on W2k3 DHCP. I'm looking for the link to the VTP (vlan database of VLAN name, VLAN type, mtu... and its operational state) ...but they are in router. Hmm, I've learnt parts but never joined them up. Then there's the vmps server.... Let's assume the vlan-id gets allocated in networkland with vmps assistance; that's done by MAC address iirc. So we have something arriving at DHCP server knowing its vlan-id (and MAC address). If we reserved every MAC address by scopes corresponding to vlan-subnet it could be done (Vlan seems a bit irrelevant though). The sheer effort of keeping VLAN-MAC and DHCPscope-MAC tables in-step sounds like an administrative nightmare. Surely I have this fundamentally wrong - or is there a unifying tool ?

    +
    0 Votes
    MWRMWR

    from www.lanarchitect.net article:
    "When you created the scopes, you had to define the separate IP ranges of all the corresponding scopes it should operate in. That alone is enough configuration to match up the scopes with the subnets they will serve. When the DHCP server receives the DHCP forwarded request from the DHCP relay agent (or IP Helper), it simply examines the source IP of the DHCP relay agent that forwarded the request, then matches it up to the scope that serves the subnet of the DHCP relay agent and grants an IP-configuration-set back to the relay agent. Then that IP-configuration-set is passed on by the DHCP relay agent to the original client that made the DHCP request in the first place."

    Right, going back to basics, the physical lan socket is going to define the VLAN {because the switch port physically defines it - maybe by MAC-VMPS and implied "just one MAC at a time" usage}
    The VLAN constrains the ip address subnet and Helper redirector. This Helper redirector* tells DHCP server which subnet and scope to use.

    * Further Clarification to do:
    1. so multiple ip address on single mac-card is outlawed or just won't work with VLANs

    +
    0 Votes
    everestes009

    #ip address-helper [ip address of your DHCP] on each vlan, and scopes of addresses on DHCP to correspond to subnets on your vlans. DHCP will do the rest. don't forget to configure interVlan routing on the switch if it supports the feature, or on your router.

  • +
    0 Votes

    VTP

    CG IT

    VLANs don't talk to each by default. You need a layer 3 switch [router] trunk the switch port connected to the router.

    +
    0 Votes
    ryland

    Ok, what about the settings on the Windows DHCP server?
    Thanks

    +
    0 Votes
    lowlands

    there are no VLAN specific settings to set on the DHCP server. That is other than possibly router info etc.

    The DHCP server "knows" what VLAN a client is coming from and will assign an IP address accordingly

    +
    0 Votes
    ryland

    Thank you, was not sure if DHCP would know. Logically it did not make sense unless it did.

    +
    0 Votes
    MWRMWR

    I'll probably figure this out before this gets answered, but right now that part is what really is baffling me - the trunk/router bits I understand and I can sure make scopes on W2k3 DHCP. I'm looking for the link to the VTP (vlan database of VLAN name, VLAN type, mtu... and its operational state) ...but they are in router. Hmm, I've learnt parts but never joined them up. Then there's the vmps server.... Let's assume the vlan-id gets allocated in networkland with vmps assistance; that's done by MAC address iirc. So we have something arriving at DHCP server knowing its vlan-id (and MAC address). If we reserved every MAC address by scopes corresponding to vlan-subnet it could be done (Vlan seems a bit irrelevant though). The sheer effort of keeping VLAN-MAC and DHCPscope-MAC tables in-step sounds like an administrative nightmare. Surely I have this fundamentally wrong - or is there a unifying tool ?

    +
    0 Votes
    MWRMWR

    from www.lanarchitect.net article:
    "When you created the scopes, you had to define the separate IP ranges of all the corresponding scopes it should operate in. That alone is enough configuration to match up the scopes with the subnets they will serve. When the DHCP server receives the DHCP forwarded request from the DHCP relay agent (or IP Helper), it simply examines the source IP of the DHCP relay agent that forwarded the request, then matches it up to the scope that serves the subnet of the DHCP relay agent and grants an IP-configuration-set back to the relay agent. Then that IP-configuration-set is passed on by the DHCP relay agent to the original client that made the DHCP request in the first place."

    Right, going back to basics, the physical lan socket is going to define the VLAN {because the switch port physically defines it - maybe by MAC-VMPS and implied "just one MAC at a time" usage}
    The VLAN constrains the ip address subnet and Helper redirector. This Helper redirector* tells DHCP server which subnet and scope to use.

    * Further Clarification to do:
    1. so multiple ip address on single mac-card is outlawed or just won't work with VLANs

    +
    0 Votes
    everestes009

    #ip address-helper [ip address of your DHCP] on each vlan, and scopes of addresses on DHCP to correspond to subnets on your vlans. DHCP will do the rest. don't forget to configure interVlan routing on the switch if it supports the feature, or on your router.