One Win2K DHCP Server, Multiple VLANs 5

[jasrob]

I have two 6500 Catalyst switches with MSFCs which I am about to introduce into our network, which currently has two subnets and has no VLANs implemented. The client PCs (Windows 2000 Pro) connect to the network via Cisco 2950-48 Switches which connect to the 6500s using gigabit fibre.
I have been attempting to use one Windows 2000 Server, set up as a Domain Controller, running DHCP, DNS and WINS to allocate different address ranges to different VLANs via a Superscope.
The DHCP server is to give addresses out to clients on its own VLAN as well as other VLANs. I have configured the default gateways of each DHCP scope with the IP address of the HSRP address of each VLAN configured on the MSFCs and am using the IP helper command in each VLAN on the MSFC to point to the address of the DHCP server.
This does work to some extent - if I plug a PC into the network that has not already obtained a DHCP lease, it will pick up an address from the correct scope associated with a VLAN. My problem is that if I want to move that PC to a different VLAN, either by physically plugging it into another switch port on the 2950-48 configured for a different VLAN or by changing the VLAN port membership, when I try to renew the lease, the client says it cannot find a DHCP server.
However, if I delete the client's original reservation from the DHCP server, apply a static ip address that exists in the VLAN I want the client to be in and then change the client back to use DHCP, it will pick up the correct IP information from the correct scope.
There must be an easier way than this!
I even tried reducing the DHCP lease duration to 2 minutes, which didn't work either.
Any ideas?
Jasrob

 

[ttnnee]

I am not sure how to configure the microsoft side of it, but when we deploy vlans are dhcp server has a multi-port nic. We assing a scope for each nic and put that nic in the correct vlan. Then machines in that vlan will talk to only that one nic that is sitting in its vlan. I dont think you configure superscopes when deploying this. Just create a couple scopes that corresepond with the ip address on each nic.

 

[BuckWeet]

On the 65xx switches, you're doing layer 3 switching correct? under the vlan interfaces, did you use the "ip helper-address" command to have broadcasts directed to the dhcp server?

I use that command all the time and it works just like what you're looking for..


BuckWeet

 

[jasrob]

BuckWeet,
Yes, I am doing Layer 3 switching and using the ip helper-address command on each VLAN interface to point to the DHCP server.
So if you move PCs between VLANs, do they automatically pick up the correct IP information without any trouble, or do you have to release and renew the IP configuration at the client?

Jasrob

 

[ikendo]

I have 3x2500 and 2x1900, Im using IP ADDRESS helper its works fine on me. I have only 2 subnet setup in my lap sofar.

 

[BuckWeet]

That is the proper way to do it, but sometimes what happens is on the client, it tries to go to the DHCP server and release the old address before it gets a new one, that is probably the problem you're having. But the IP-Helper command is the way to do it...


BuckWeet

 

[jasrob]

I worked it out - it didn't work properly with a Superscope on the Win2K DHCP server, but if I use separate scopes, it works fine.
Thanks for the tips!
Jasrob

 

[MJewell]

Oh... just noticed you said Superscopes, Superscopes are for having more then 1 subnet on a single vlan, I haven't exactly figured out how it works, but yes, seperate scopes are what you need... when the client requests DHCP, the router forwards the request to the DHCP server with a gateway tag on it to tell the DHCP server what subnet to assign to the client.

Mike

 

[webnetwiz]

I think this post might've just saved my life, I'm about to collapse 2 smaller LANs in 1 building into a multi-VLAN "all cisco" LAN, and move all clients onto a single AD forest, but separate VLANs for security and organizational purposes. I thank you all for participating in this discussion.

 

[jrobs]

And yet another life saved! I've been banging my head on this for 4 days now...all I had to do was remove the Superscope and it started working fine!

Thanks!

 

[ADB100]

Just one more thing about IP Helper Addresses that will maybe pop up on the Microsoft side......

By default if you configure a IP Helper Address IOS will forward 8 different types of UDP broadcasts:

TFTP (69)
DOMAIN (DNS 53)
TIME (123)
NetBIOS-NS (137)
NetBIOS-DGM (138)
TACACS (49)
BOOTPC (68)
BOOTPS (67)

For DHCP forwarding to work you need to allow the 2 BOOTP protocols : BOOTPC (Client UDP 68) & BOOTPS (Server UDP 67), this is what DHCP uses. If you don't disable the other protocols they will automatically be forwarded to your IP Helper (your DHCP Server?). If your DHCP Server is also a domain controller you will start to get error messages being logged in the MS Events about who is the Master Browser for the network. If all you need to use IP Helpers for is to forward DHCP broadcasts then disable all other default protocols:

In global config enter:

no ip forward-protocol udp tftp
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs


Best of luck

Andy