Wireless Networks Thread, DHCP in Technical; OK.
On from my DNS query, we have run into a problem that I saw coming but need to try ...
2nd September 2005, 08:54 PM #1
On from my DNS query, we have run into a problem that I saw coming but need to try and fix before we spend lots of money calling in CSE to do for us: we have a split site computer network. My Systems Manager wants to keep our new "lower" site separate from our managed "upper" site, and to do this we have to dat installed a separate server, used local profiles with redirected folders etc., and it runs nice.
The "problem" occurs when we RIS image the systems. They don't know where to get their DHCP address from (the upper site server or the lower site server). This shows itself in lack of ability to browse to the REMINST folder all the way to not even seeing the server on the LAN at all!
I'm aware that you aren't "supposed" to run two DHCP servers on the same LAN. I told them this a while ago while planning was taking place. But no-one listens and they want what they want.
My solution would be to have CSE come in and make the LAN one contiguous space (install the server as a member of the upper site network etc). The Sys. Manager is reluctant and wants to try different solutions next week. We have exactly one week to decide what to do before things start getting critical mass.
All that said (sorry for the length), I want to know:
(a) If running two separate DHCP servers (with different subnets) on the same LAN is possible and can work, and
(b) How to make it work. Can I use prestaging of the clients in the AD and then RIS? Can I block DHCP broadcast requests on our switches so that DHCP requests don't travel across sites? Or is there another way?
Any advice via PM, email, or on the forum would be greatly appreciated.
IDG Tech News
2nd September 2005, 09:37 PM #2
I found this, not sure how much help this is :
Also I asked a question on EE here :
Just keep going back to that URL and checking up to see if anyone replies there ( As you can notice I copied and pasted your question above lol )
2 minds are better then 1 and 3 minds are better then 2 and so on and so fourth , so hopefully all this delegation and collaboration helps lol
3rd September 2005, 08:09 AM #3
This indeed can work and does as this is the way that I do it and allows for DHCP failover I have one server dishing out 192.168.0.1 -> 192.168.2.254 and the other doing 192.168.3.1 -> 192.168.4.254 this way we do not get any conflicts.
(a) If running two separate DHCP servers (with different subnets) on the same LAN is possible and can work
I am not sure how you have done your image for RIS but we do complete clean installs and have done this summer on over 500 machines, each machine when it hit the GUI protion of the install found either DHCP 1 or DHCP 2 and grabbed an IP and continued without issue.
Not one of the 500 PC's failed to get on the network and continue the install.
I am however running 1 domain, 2 Windows 2003 DC's both of the set as GC's with DC 1 being the FSMO role holder and schema master.
The domian is split into 2 ASync VLANs and controlled at switch level this is how I split the Admin and Curriculum networks but this is just extra in my case.
If you need any further help shout me ;-)
3rd September 2005, 07:28 PM #4
OK I'm sitting down ICTNUT - now can you explain that to me!!! :P:P:P hehe!
[to be serious tho' ]
....so if I had contiguous IP ranges as yourself, [172.16.57.x & 172.15.58.x] I could set my DHCP server to spread across the two ranges???
[news to me if you can!]
3rd September 2005, 08:19 PM #5
Great help ICTNUT!
What's different between our two networks is that (if I read you right) we are running two completely separate domains- each with their own DHCP server. If it were a case of one domain (as your own is) then spreading DHCP across more than one server makes a lot of sense.
What I've found out since asking the question is that a good way of actually blocking DHCP requests from crossing physical sites is to install either (a) a router (which won't forward broadcasts) or (b) use VLANs.
I'm going (I think) with (b) VLANs. One for each domain. Well, I'm going to try it anyway- lol!
Does this make sense?
Summary: two separate networks (I know it's stupid, but it's what they want); two separate DHCP servers; separated by two VLANs so that DHCP broadcasts stay on the local subnet only.
Thanks again- and if you think I'm heading down the wrong track here feel free to say so :-)
3rd September 2005, 11:27 PM #6
If you are talking about a DHCP box on each site (presuming one on yours and the other at the old OLPJ site) then IIRC you can add an extra tag on the DHCP request that is unique to each site and that can be blocked at switch level (I can't remember whether this requires layer 4 or layer 3 switches though ...) so one from site A never reacher site B ... Also, if you are using reservations via Mac address you can have the reservation on one server and not the other, and as long as you don't have any other addresses available within the scopes the rqueting machine will fail on the first server and make the request to the second server.
Speak with David Oram for more help on the switch side of things ... if you can get hold of him.
4th September 2005, 03:30 AM #7
One way to control DHCP between networks is with the use of class ids so that you can set scopes for certain machines with set class ids. You can set a classid with ipconfig as in
This takes a bit of manual config but strikes me as a fun tool.
4th September 2005, 08:46 AM #8
I think you may be suggesting we use tagging a la 802.1q (used in VLANs on layer 3 switches). We have two layer 3 switches (one on each site) and I'll get on to David Oram on Monday and get his body over here to configure them (he hasn't given us the correct username and password for the switches--incredible!). As you say, *if* I can get hold of him :-(
Thanks a bunch!!
4th September 2005, 08:48 AM #9
Thanks- that looks interesting but I'll have to dig deeper today and see what it offers. If it's *that* easy I'll be impressed! :-)
4th September 2005, 05:09 PM #10
@Kingswood: I belive that the VLAN route would be the best option for you and seeing as you have invested in Layer 3 switches I see no reason why you should not use them as they should be.
Configuring the VLAN's should be a doddle howver the tagging and if used backbone trunking is where the nightmare could rear it's head.
7th September 2005, 07:29 AM #11
Here's an update to the issue: I said that the Sys Admin wants the networks separate (as does the head of ICT) but after extensive discussions with .ICT (County) and also our managed solution providers, we are joining the networks and making sure that we can manage most of the LAN centrally.
It took a lot of convincing however. Thanks to all of you for your contribution- I actually went away and did my research and presented most of the points as arguments for or against managing these networks separately.
ICTNUT: you were right on the use of tagging and backbone trunking- apparently we would have had a lot of problems with this and shared internet access.
By thegrassisgreener in forum Mac
Last Post: 18th January 2008, 09:50 AM
Last Post: 25th January 2007, 12:11 AM
By barryfl in forum Wireless Networks
Last Post: 7th December 2006, 12:08 PM
By Grommit in forum Windows
Last Post: 4th December 2006, 11:55 AM
By Dos_Box in forum Wireless Networks
Last Post: 30th September 2005, 02:14 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)