Setting up DHCP services on NEW subnets

[glamprecht1]

I work for Company A and our win 2003 AD setup is strong and robust. We currently have about 250 users and the whole network is rock solid.

In the same building there is Company B and they are in a workgroup.
We are acquiring Company B and need to bring them into our Domain.
We want to leave their subnet info as is but have their workstations get addresses from DHCP; preferably one of our servers.

What is the best way to accomplish this? From what I am reading it seems as if I need to set up a DHCP relay agent on their subnet (60 users) that will relay requests to our DHCP server. But, I will want to configure scopes to hand out addresses in their native IP range.

We currently have a scheme similar to 10.1.x.x and they have something like 192.168.x.x

They will lose their T1 for internet and will be routed out our WAN pipe for internet. We will want them to use our DNS, DHCP and so on.

Could someone suggest what best practice is and or offer advice on how to accomplish this?

Thanks!!

 

[Davetoo]

You could simply setup the scope for thier IP schema on your server, then put forwarder in your router to route their DHCP requests to the server. It will respond from the proper scope. For Cisco routers, it's the iphelper command on the router.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

 

[Cstorms]

Just to add filler, this would be accomplished by creating a superscope to incorporate the second subnet.

Cory

 

[glamprecht1]

Thanks for the reply Davetoo

There is not a router in-between us and them. Right now we have a pix and they have a pix.
We are currently researching the network integration aspect and still are not sure witch way we will go. It does look like we will need a router though.

So, your suggestion is to use a cisco router to route the DHCP requests and not to bother with a Relay agent?

 

[Davetoo]

Actually, you don't have to superscope this at all. If Company B wishes to remain separated from your physical network, then they can. The simplest method would be to treat Company B's entire network as a VLAN on your network, use ip helper to forward their DHCP requests to your server, and route their traffic according to your business needs based up on the security of the VLAN integration.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

 

[lowrad]

Or you can set up a Superscope:

http://technet2.microsoft.com/windo...a7e3-4c86-96d1-d706e27116f21033.mspx?mfr=true

Look at Example 3.


Patrik

 

[lowrad]

I'm too slow today. hehe

 

[tylan]

There's not much difference between a standard scope and a super scope. The biggest difference is that there is only one set of DHCP options for the entire super scope. Other wise the DHCP options are unique to each individual scope.

If you want traffic to flow both ways you'll probably want to dump their PIX. If you already have a router you can use that to tie the to nets together. I'm not sure if you can do this w/o a router. You could alo use a layer3 switch. You are going to end up with some VLANs, that's all.

You DHCP server will know which IPs to give out based upon which VLAN the request is coming from.

 

[glamprecht1]

Company B will need to keep its network config/setup.

We just need to Migrate them into our Domain with the least amount of fuss. They will be using many of our resources but will continue to use some of thier own existing ones.

With that being said, Davetoo....Your Vlan Scenario is what we were thinking of. We just need to acquire the technical Savvy to pull it off.

 

[Davetoo]

I've really warmed up to VLAN's over the past few months. It simplifies so many things with disparate systems/requests from different departments. I currently am running six VLAN's in all kinds of configurations via my Cisco router. I'm waiting on an upgrade to my Watchguard firewall as I'll be using it shortly to manage them as I want to use the different interfaces on it to keep some VLAN's totally away from the rest...i.e. Internet only traffic.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

 

[LawnBoy]

I agree with Davetoo, VLANs is da bomb. Easy and versatile.

"We must fall back upon the old axiom that when all other contingencies fail, whatever remains, however improbable, must be the truth." - Sherlock Holmes

 

[ADB100]

There's not much difference between a standard scope and a super scope. The biggest difference is that there is only one set of DHCP options for the entire super scope. Other wise the DHCP options are unique to each individual scope.

Admin-wise no there isn't much difference. However SuperScopes have a hidden evil...... If you have two separate IP subnets separated by a router and you create two DHCP Scopes for each subnet, everything will work fine. If you then make a SuperScope and add the two scopes to it will all look like it is working, however move a PC from one network to the other and watch what happens.....

The DHCP server assumes both the subnets are on the same physical broadcast domain so will happily let the moved PC keep the same IP address. SuperScopes are designed for networks where the routers have Secondary IP addresses instead of correctly splitting them into separate VLANs and routing between them - a bit of a 'bodge' if you like.

I have seen this problem so many times..... Server guys usually configure SuperScopes because they look like a simple way of administering multiple scopes, but the don't realise they do something else as well. They then start scratching their heads and wonder why their DHCP server is hading out the wrong IP addresses.

Andy

 

[tylan]

Andy is dead on.

Thanks for adding that comment. I didn't realize that the superscopes were that much different.

A quick google for the term "superscope" brings up plenty of information. The main feature of the superscope is for multinets - locally attached networks that have multiple logical subnets on one physical network. That's not VLANs.

Good catch Andy.

 

[Davetoo]

Um....sorry, but my VLAN is exactly described as "locally attached networks that have multiple logical subnets on one physical network".

I have one physical network, five described VLAN's all with their own subnet that can or can not communicate with one another based upon my ACL's on my router. All of the disparate subnetted VLAN's receive their IP's from my one DHCP server.

VLAN is the better solution for this issue, IMHO (along with some physical reworking of the network, of course).

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

 

[tylan]

I think that my phrasing may have been unclear... I was just trying to say that superscopes are not needed for VLANS.

A multinet refrers to running multiple subnets on the same segment which isn't the same as a VLAN. VLANs logically segment the physical LAN traffic with frame tagging. VLANs are not the same as a multinet. In my experience, multinets have basically been replaced by VLANs.

SuperScopes are designed for networks where the routers have Secondary IP addresses instead of correctly splitting them into separate VLANs and routing between them

I was trying to say that VLANs are the way to go, and two independent scopes are more desireable than a single superscope. Sorry for the previous post which was less than clear.

 

[Davetoo]

Gotcha...correct, VLAN's negate the need for a superscope. And again, correct, VLAN's negate the need of multinet's because they preform the same chores as the multinet without the hassle...that's why I was equating them as to being the same, which was a bit unclear on my part.

I agree...it's like a Crackberry...until you've use done, you really don't understand all the fuss.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.