13

At my job we are prepping to transition from multiple LANs connected over slow VPN connections to a single MAN connected over fiber, and I've got a few questions.

First of all, we are planning on making each physical site its own VLAN, but we would like to have a single DHCP server at the data center hand out IPs to each VLAN. We've pretty much got the VLAN tagging structure all worked out, but we would like to have our single DHCP server assign different subnets of IPs to each VLAN. For instance:

  • VLAN 2 gets 10.0.2.x through 10.0.4.x
  • VLAN 3 gets 10.0.5.x through 10.0.7.x etc.

We are an Active Directory based shop and we have a Server 2003 box handling DHCP (though we aren't averse to upgrading it to server 2008.)

Is this feasible, or am I pipe-dreaming?

HBruijn
  • 72,524
  • 21
  • 127
  • 192
EightQuarterBit
  • 243
  • 1
  • 2
  • 7

2 Answers2

8

This is doable, but it does usually require some support from your network infrastructure. Cisco calls it a 'DHCP Helper Address', and will forward DHCP requests from one VLAN to a specified DHCP server. We're using it all over our enterprise to have a single DHCP in the middle.

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
  • Ah, yes, I remember reading something about DHCP helper. On our 3com hardware (4500G and 5500G switches for the most part) it's called UDP relay, unless I am misunderstanding the documentation(?) How does this work with specifying a subnet range per VLAN though? In other words, I'm having trouble grasping how the server will "understand" where each request is coming from and assign a proper IP based on the VLAN the request came from. – EightQuarterBit Feb 11 '11 at 03:19
  • 2
    IP Helper transforms the DHCP broadcast into a unicast request. Since the unicast address has the router IP address associated with that VLAN as its source, the DHCP server can take that address and use it to determine the proper scope for the lease. – jgoldschrafe Feb 11 '11 at 03:35
  • 2
    The server knows which ip address pool to assign the ip address from because the source ip address of the DHCP request will originate from a subnet for which the server has address pools configured. In other words: a DHCP packet being forwarded (unicast) from a router with ip address 192.168.1.1 (internal interface - the interface the request was received on) will illicit the server to assign an ip address from a pool configured for the 192.168.1.0 subnet. - http://allaboutmylife.wordpress.com/2007/10/17/ip-helper-addresses-for-dhcp/ – joeqwerty Feb 11 '11 at 03:39
  • 2
    The more generic non-vendor specific term is 'DHCP Relay' – Zypher Feb 11 '11 at 03:51
  • 2
    Different vendors call it different things. I've seen DHCP-Relay, DHCP-Helper, Bootp-Relay, UDP-helper... – David Mackintosh Feb 11 '11 at 04:01
  • Ahh, OK, duh, that makes sense. I was expecting a vastly more complex solution. Sometimes the simple things are the hardest. Thanks @joeqwerty , @jgoldschrafe and @Sysadmin1138 – EightQuarterBit Feb 11 '11 at 04:07
  • Glad to help... – joeqwerty Feb 11 '11 at 11:14
3

We're doing this with Server 2003 where I am. The key is our central layer 3 device (in our case an old 3Com 4900 SX). It has what 3Com calls a "virtual interface" for each vlan. When dhcp requests arrive at the device from the outside it forwards them using same vlan interface they arrived on. The dhcp server just has a scope setup for each vlan with no other special configuration details. It matches the dhcp request to the originating interface on the layer 3 device to know which scope to use. That's out of the box behavior for the windows dhcp server.

The downside to this approach is that segment with your server must now be a member of all vlans (on the same virtual segment). This means all your broadcast traffic will now go up the fiber link to your main office (though not down all the other links to other branches), and it's nice to keep those links as clean as possible. It'll also use time on what is likely already your busiest local segment to reach your server. But this is probably unavoidable anyway.

Update:
Looking again, we do use the 003 (Router) option under Scope Options to match the address of the virtual interface with the correct vlan. That may have something to do with it as well, but I think that really just sets the default gateway.

Joel Coel
  • 12,910
  • 13
  • 61
  • 99
  • Yea, we were planning on making the data center a member of all VLANs anyway, so that's not a problem. We don't think the broadcast traffic will be too much of an issue. Like my response to the post above however, the server aspect still baffles me. Pardon my slowness, we're all still pretty new to VLANs over here ;-) – EightQuarterBit Feb 11 '11 at 03:23
  • @EightQuarterBit: See my comment to sysadmin1138's answer. – joeqwerty Feb 11 '11 at 03:40
  • 1
    The 003 option sets the router(s) (default gateway) assigned to the DHCP clients as part of their ip configuration and isn't used in any way in determining which address pool to assign the ip address from. – joeqwerty Feb 11 '11 at 03:58
  • I was pretty sure of that, but I wanted to be sure it wasn't playing a role with our dhcp scope selection as well. – Joel Coel Feb 11 '11 at 14:39