Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, April 9, 2012 3:27 PM
Hi,
I have to design an addressing solution using DHCP server in Windows server 2008.
I will need to create 2 scopes, one vlan each, let's say:
172.29.0.2 - 172.29.0.253 - vlan 1600
172.30.0.2 - 172.30.0.253 - vlan 1700
I am using ip-helper address on a L3 Cisco switch connected to the Win2008 server, pointing towards the IP addresses of the DHCP server :
172.29.0.1 /24
172.30.0.1/24, defined as secondary IP address on the same NIC.
My question is : will this setup ever work ? Because now, I am successfully assigning IP addreses on the 1st IP address of the interface, but failing on the secondary IP (I get a ICMP destination unreachable when tracing with wireshark). However, when I ping an IP address that is on the router, part of the secondary subnet, I have reply.
What could be my problem ?
All replies (13)
Monday, April 9, 2012 4:39 PM | 1 vote
The DHCP server only needs one IP address. If you assigned a secondary address to the DHCP's server's NIC, you probably did not bind this IP to the DHCP service. YOu do that through the DHCP admin console. Right click IPv4, advanced tab for bindings. However, do not add the second IP and bind it to DHCP. Remove that IP from the DHCP server's NIC.
On your IP Helper, for BOTH VLANs, send the DHCP traffic to the 172.29.0.1. The DHCP server will know which scope to issue a lease from. The way it works is that the IP Helper will modify the packet before it sends it to the DHCP server. It modifies the GIADDR portion of the packet. When the DHCP server receives the packet, if the GIADDR contains VLAN information, it picks the correct scope.
http://www.itgeared.com/articles/1112-dhcp-relay-agent/
Guides and tutorials, visit ITGeared.com.
Tuesday, April 10, 2012 6:07 AM
Hi,
I agree with Jorge. There is no need to add a second IP address for DHCP server. You can just create a new DHCP scope for the VLANs, and then on the L3 switch enable relay agent and point to the only DHCP server IP address.
Best Regards,
Aiden
Aiden Cao
TechNet Community Support
Tuesday, April 10, 2012 11:09 AM
Hi guys,
My main problem is that now I have to differentiate between the 2 scopes based on the same MAC address I am seeing in the DISCOVER.
The difference is that for one subnet, the DHCP client uses option 60 with a specific string.
My concern is how do I differentiate between the 2 scopes if I do not have multiple IP, by use of scope options ?
What option would help ? I heard that option 54 would be one choice but I did not find any helpful information about it over the net.
Thanks!
Tuesday, April 10, 2012 9:30 PM
Liviusbr wrote:
Hi guys,
My main problem is that now I have to differentiate between the 2
scopes based on the same MAC address I am seeing in the DISCOVER.The difference is that for one subnet, the DHCP client uses option 60
with a specific string.My concern is how do I differentiate between the 2 scopes if I do not
have multiple IP, by use of scope options ?What option would help ? I heard that option 54 would be one choice
but I did not find any helpful information about it over the net.Thanks!
I don't understand your question. Of course you can have 2 scopes - one
for each ip-adress-range. It's only, that the server does not need
several IP-addresses if it is servicing several scopes via an ip-helper
device.
Regarding option 54 I would not mess around with this option, as this
is automatically set by the server in it's DHCPOFFER messages and the
clients use it in their DHCPREQUEST messages.
Wolfgang
Tuesday, April 10, 2012 9:57 PM
I think you may be complicating the DHCP process. In the example where you have two DHCP scopes, the IP range, reservations, options, etc... are independent of each other. Your DHCP server will decide which scope to use based on the information in the GIADDR portion of the packet it receives. The relay agent is responsible for filling in this information, based on the vlan the packet originated from. That's all there is to this process in a nutshell.
Guides and tutorials, visit ITGeared.com.
Tuesday, April 10, 2012 10:08 PM
Jorge,
I have spent some time today on testing this.
Related to DHCP relay, the device where I need to configure external server IP address does not accept similar IP addresses for different VLANs. So that's why I was using 2 different IP addresses, defined in the DHCP network card as secondary. What's interesting is that the DHCP serves the request coming from the subnet where the primary IP address on the NIC resides, however, for the second VLAN and IP range, I see the request coming, with a different relay agent IP address, but windows replies with ICMP port unreachable. Note that the relay agent IP address is reachable from the windows machine if I do a ping.
So that was the real reason to implement NIC with multiple vlans or 2 different NICs each one on a different NIC. Both solutions work. If you have a better idea, please share.
My real issue is that I have to serve DHCP requests for a single MAC which has 2 logical interfaces, in one VLAN each.
Windows thinks that by seeing the same MAC in 2 consecutive requests, even if they come from different relay agents, it should assign the same IP, which is not really what I intend to do.
Now my concern is how do I make DHCP server aware of this fact ? Note that I have this issue when I try to serve both scopes using one NIC (there is no way to bind a scope to a secondary IP address)
Thanks,
Liviu Sisu
Wednesday, April 11, 2012 4:54 PM
With regard to : Related to DHCP relay, the device where I need to configure external server IP address does not accept similar IP addresses for different VLANs.: Are you sure, I have never heard of such an issue. So if you have 20 vlans, you would need to have unique IPs to send the DHCP traffic to? that doesnt make any sense. Maybe you can contact the vendor support center and validate this. Rather than trying to architect a solution around this problem, I would try to resolve the problem so that you can simplify the design.
Guides and tutorials, visit ITGeared.com.
Wednesday, April 11, 2012 6:01 PM
Hi Jorge,
I am 100% sure, I work at the vendor providing the equipment you are talking about. That's the current implementation for now, I know it's a bit weird and the plan is to change this in the next release. For now, I need to workaround this by implementing different IP addresses on the DHCP server. Luckily, I only have less that 10 VLANs so there's not much hassle.
However, my question still remains in regards to IP allocation for the same MAC address but on different VLANs. What option can I use in order to assign different IP addresses for same MAC but multiple VLANs ? Bear in mind that the relay agent IP address is different for each VLAN.
Thanks,
Liviu
Wednesday, April 11, 2012 7:48 PM
Liviusbr wrote:
Hi Jorge,
I am 100% sure, I work at the vendor providing the equipment you are
talking about. That's the current implementation for now, I know it's
a bit weird and the plan is to change this in the next release. For
now, I need to workaround this by implementing different IP addresses
on the DHCP server. Luckily, I only have less that 10 VLANs so
there's not much hassle.However, my question still remains in regards to IP allocation for
the same MAC address but on different VLANs. What option can I use in
order to assign different IP addresses for same MAC but multiple
VLANs ? Bear in mind that the relay agent IP address is different for
each VLAN.Thanks,
Liviu
Hi Liviu,
in your first post you told, that you are using the ip-helper on a
cisco switch. Now you are telling us, that you are working at the
vendor of this equipment, which for me would mean, that you are working
with/for cisco. As far as I know most of the switches from cisco do not
require such a complicated setup, as you are trying to setup.
Further I am absolutely sure, that cisco itself has very experienced
and knowledgeable network engineers, whose networking knowledge exceeds
the knowledge of most of the users of this forums. So if you are really
working for cisco I would recommend you to contact their networking
specialists as I am absolutely sure, that they have tested almost all
possible ip-helper scenarios you can think of and know the answers to
your problem most likely.
Further the dhcp asssignment of the correct ip-address depending on the
originating LAN/VLAN is only dependent on the correct communication
between the ip-helper(dhcp-relay agent) and the dhcp server regardless
of the ip-address of the dhcp-server and the ip-address of the
ip-helper.
In your scenario it seems, that your ip-helper is not working correctly
(according to your posts) - this cannot be cured at the server side,
but has to be cured at the ip-helper side.
Wolfgang
Wednesday, April 11, 2012 8:05 PM
Hi Wolfgang,
I am not working for Cisco unfortunately, but for a different vendor.
My equipment connects to a cisco L3 switch. In my equipment, when working in relay, I need to set the external server DHCP address. However, for each vlan, i need a unique DHCP server IP (there is a limitation). What have I done : for each vlan I have defined the DHCP server IP address as being the IP address of the VLAN interface on the L3 switch.
On the L3 switch, I have defined ip-helper address on each vlan interface, towards the DHCP server IP address. I know that this is a bit weird, since I have like a double IP-helper address defined, but I'm trying to find a workaround to the fact that I cannot use same DHCP IP address for different vlans in my equipment.
Thursday, April 12, 2012 1:46 PM
Liviusbr wrote:
Hi Wolfgang,
I am not working for Cisco unfortunately, but for a different vendor.
My equipment connects to a cisco L3 switch. In my equipment, when
working in relay, I need to set the external server DHCP address.
However, for each vlan, i need a unique DHCP server IP (there is a
limitation). What have I done : for each vlan I have defined the DHCP
server IP address as being the IP address of the VLAN interface on
the L3 switch.On the L3 switch, I have defined ip-helper address on each vlan
interface, towards the DHCP server IP address. I know that this is a
bit weird, since I have like a double IP-helper address defined, but
I'm trying to find a workaround to the fact that I cannot use same
DHCP IP address for different vlans in my equipment.
Okay this setup is absolutely non-standard and IMO not supported at
all. And as I and some other posters, too already pointed out, you
cannot do anything on the server side to get this working, if your
device does not send the correct information to the server. Instead of
trying to get your complicated and expensive(you need an additional
switch) setup working your efforts would be better invested in
convincing your developers to change the code of your device to comply
with standard ip-helper protocol definitions.
Wolfgang
Thursday, April 12, 2012 3:12 PM
Hello Liviusbr,
I wish that I had something else to add to this thread to be of help. Unfortunately, I also support that the way to resolve this is on the IP Helper side. If this is a limitation of the equipment, what you could do (although I do not recommend either option below) is not use the IP helper on the L3 switch and do one of the following:
1) Install a Windows Server on each network segment, install RRAS, enable the IP-Relay Agent. Point the relay agent to the DHCP server's IP.
2) Set up the DHCP server with mutliple NICs. Plug in each DHCP server's NIC into each VLAN. Create all scopes, bind all NICs to the DHCP service.
Guides and tutorials, visit ITGeared.com.
Thursday, April 12, 2012 3:51 PM
Hi Jorge,
Thanks for your help. Eventually I installed a VLAN aware NIC and that solved my problem.
Actually I made it work in some way - by the use of relay agent - but I do not really remember what scenario was the lucky one, but I managed to see offers going through.
But in the above case, the problem was that my equipment has the same MAC over both logical interfaces - identical MAC for 2 different VLANs, so the DHCP server was mistakenly assigning the same IP address over different VLANs. I took a look in wireshark and the relay agent IP addresses were different.
Probably the use of DHCP options would tackle this one as well - I did not know what option to implement though and I rather chose to go on separate VLAN interfaces on the DHCP server.