DHCP and multiple VLAN's

Hi,
I have a site with multiple VLAN's (say 10,20,30 for example). I wish
to setup a DHCP server on an existing windows 2003 box that can give
out IP's to clients on any of these VLAN's. At the moment the server is
sat on VLAN 10 and there is a checkpoint firewall providing the routing
between the VLAN's. Whats the best way to setup DHCP on the server so
it can work in this way? Is superscopes the right way? Or is there
another, better, configuration?
Thanks for any help


--
GordonCopestake
------------------------------------------------------------------------
GordonCopestake's Profile: http://forums.techarena.in/member.php?userid=29185
View this thread: http://forums.techarena.in/showthread.php?t=798617

http://forums.techarena.in

You may multihome the sever by tagging the port on the switch and using your
network driver to also tag your packet in the good vlan.

The network driver (intel/broadcom tools) will create as many virtual
network car as VLAN.

Else your checkpoint will have to do proxy DHCP.


--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com


"GordonCopestake" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> Hi,
> I have a site with multiple VLAN's (say 10,20,30 for example). I wish
> to setup a DHCP server on an existing windows 2003 box that can give
> out IP's to clients on any of these VLAN's. At the moment the server is
> sat on VLAN 10 and there is a checkpoint firewall providing the routing
> between the VLAN's. Whats the best way to setup DHCP on the server so
> it can work in this way? Is superscopes the right way? Or is there
> another, better, configuration?
> Thanks for any help
>
>
> --
> GordonCopestake
> ------------------------------------------------------------------------
> GordonCopestake's Profile:
> http://forums.techarena.in/member.php?userid=29185
> View this thread: http://forums.techarena.in/showthread.php?t=798617
>
> http://forums.techarena.in
>

I would prefer not to multi-home the server as the main reason for the
vlans is security (everything has to go through the firewalls between
servers and clients). In that case it looks like I will investigate
using the firewall as a BOOTP/DHCP relay agent?


--
GordonCopestake
------------------------------------------------------------------------
GordonCopestake's Profile: http://forums.techarena.in/member.php?userid=29185
View this thread: http://forums.techarena.in/showthread.php?t=798617

http://forums.techarena.in

yes, indeed.
If you have checkpoint on Nokia, from Nokia Voyager, it's in Config /
Routers Service BOOTP Relay.

It's named bootp, but inside it's both dhcp and bootp

--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com


"GordonCopestake" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> I would prefer not to multi-home the server as the main reason for the
> vlans is security (everything has to go through the firewalls between
> servers and clients). In that case it looks like I will investigate
> using the firewall as a BOOTP/DHCP relay agent?
>
>
> --
> GordonCopestake
> ------------------------------------------------------------------------
> GordonCopestake's Profile:
> http://forums.techarena.in/member.php?userid=29185
> View this thread: http://forums.techarena.in/showthread.php?t=798617
>
> http://forums.techarena.in
>

hi,
in that case you have the dhcp relay solution, or check on router the dhcp
server.
--
Dragos CAMARA
MCSA Windows 2003 server


"GordonCopestake" wrote:

>
> I would prefer not to multi-home the server as the main reason for the
> vlans is security (everything has to go through the firewalls between
> servers and clients). In that case it looks like I will investigate
> using the firewall as a BOOTP/DHCP relay agent?
>
>
> --
> GordonCopestake
> ------------------------------------------------------------------------
> GordonCopestake's Profile: http://forums.techarena.in/member.php?userid=29185
> View this thread: http://forums.techarena.in/showthread.php?t=798617
>
> http://forums.techarena.in
>
>

"GordonCopestake" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> between the VLAN's. Whats the best way to setup DHCP on the server so
> it can work in this way? Is superscopes the right way?

No Superscopes!

You simply setup a separate distinct independent Scope on the DHCP Server
for each subnet.
Then on the "routing device" you configure it to forward the DHCP Queries to
the DHCP Server. It is often called a "Helper Addresse", but see the
documentation of your "routing device" for specific details. In the end it
is the "routing device" that makes it all happen,...the DHCP Server really
isn't doing anything out of the ordinary.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


> Or is there
> another, better, configuration?
> Thanks for any help
>
>
> --
> GordonCopestake
> ------------------------------------------------------------------------
> GordonCopestake's Profile:
> http://forums.techarena.in/member.php?userid=29185
> View this thread: http://forums.techarena.in/showthread.php?t=798617
>
> http://forums.techarena.in
>

Thanks for your replies. I managed to solve this by installing the
Solaris 10 DHCP server on the firewall node and enable the Relay
option. Works great without messing around with superscopes.


--
GordonCopestake
------------------------------------------------------------------------
GordonCopestake's Profile: http://forums.techarena.in/member.php?userid=29185
View this thread: http://forums.techarena.in/showthread.php?t=798617

http://forums.techarena.in

"GordonCopestake" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> Thanks for your replies. I managed to solve this by installing the
> Solaris 10 DHCP server on the firewall node and enable the Relay
> option.

Installed on the firewall node? I have no idea what that means. You just
put a normal DHCP Server on a normal IP Segment with a normal Nic just like
you would any PC. VLANs are pretty much irrelevant,...it doesn't matter if
the cable segmenting is physical or virtual.

> Works great without messing around with superscopes.

Superscopes are only for Multi-Netting which is not what is being done here.
Multi-Nets are "old school" that go back before the invention of VLANing.
VLANing has pretty much wiped out the reason for Multi-Nets to ever exist,
and hence, the reason to ever need a Superscope. The whole Superscope
feature could be completely removed from the DHCP Service and left out in
later versions and life would go on. Even back when Multi-Netting was
popular I probably would never have one,...there are simply just too many
good ways to avoid using such a bad networking topology.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

Phillip Windell;3085503 Wrote:
> "GordonCopestake" <(E-Mail Removed)> wrote i
> message
> news:(E-Mail Removed)...
> >
> > Thanks for your replies. I managed to solve this by installing the
> > Solaris 10 DHCP server on the firewall node and enable the Relay
> > option.
>
> Installed on the firewall node? I have no idea what that means. Yo
> just
> put a normal DHCP Server on a normal IP Segment with a normal Nic jus
> like
> you would any PC. VLANs are pretty much irrelevant,...it doesn't matte
> if
> the cable segmenting is physical or virtual.
>

i have a Checkpoint firewall doing all the routing between the VLAN'
running Solaris 10. I have hosted the DHCP Relay Agent on this box i
all i meant. As this box has a virtual interface on every VLAN it work
very well without the need for more configuration. Plus I can contro
the DHCP requests using firewall rules

--
GordonCopestak
-----------------------------------------------------------------------
GordonCopestake's Profile: http://forums.techarena.in/member.php?userid=2918
View this thread: http://forums.techarena.in/showthread.php?t=79861

http://forums.techarena.i

"GordonCopestake" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...

> i have a Checkpoint firewall doing all the routing between the VLAN's
> running Solaris 10. I have hosted the DHCP Relay Agent on this box is
> all i meant. As this box has a virtual interface on every VLAN it works
> very well without the need for more configuration. Plus I can control
> the DHCP requests using firewall rules.

Ah, ok. Very good then.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/e...epartners.mspx
-----------------------------------------------------