DHCP design questions

Given the following non-routed (MASK 255.255.0.0) network, what is the best
DHCP solution?

Network: 10.10.0.0/16

Subnets:

10.10.0.0/24 = Router & device management (static)
10.10.1.0/24 = Servers (static)
10.10.2.0/24 = DHCP Workstations
10.10.3.0/24 = DHCP VPN
10.10.4.0/24 = External Systems (static)
10.10.5.0/24 = Printers (static)

Trouble is that for DHCP to respond the LAN Workstations, the Scope must be
defined as a /16 network. Using the /24 network for the scope results in the
DHCP server to never respond to the DHCP Clients. Using the 10.10.2.0/16
network for the Workstation scope results in the inability to define the
10.10.3.0/24 VPN scope.

Should DHCP use the superscope for the 10.10.2.0/24 and 10.10.3.0/24 scope
definitions? If so how does one segregate the Workstations from VPN use of
the superscope?

VPN is using ISA which is RRAS VPN using a DHCP Relay, this currently shares
the Workstation scope.

The issue is that there is a need for more than the 254 IPs when the
Workstation and VPN IPs are combined.

Thanks,

Andy

"Andy Long" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Given the following non-routed (MASK 255.255.0.0) network, what is the
> best DHCP solution?
>
> Network: 10.10.0.0/16
>
> Subnets:
>
> 10.10.0.0/24 = Router & device management (static)
> 10.10.1.0/24 = Servers (static)
> 10.10.2.0/24 = DHCP Workstations
> 10.10.3.0/24 = DHCP VPN
> 10.10.4.0/24 = External Systems (static)
> 10.10.5.0/24 = Printers (static)
>
> Trouble is that for DHCP to respond the LAN Workstations, the Scope must
> be defined as a /16 network.

No, the scope must not be /16.

You can't have subnets without a LAN Router.

You use Subnets to protect from Broadcasts. Subnets create Broadcast
Domains.

Subnets should hold up to 250-300 Hosts before you need to create a new one
because that number of Hosts is the point where Ethernet efficiency starts
to drop off. So your choice of /24 is the perfect size.

> Should DHCP use the superscope for the 10.10.2.0/24

No Superscopes!!!! They are for Multi-Netting,...you are not
Multi-Netting.
Create one "normal" Scope per Subnet,...all on one DHCP Server with *one*
nic.
Configure the LAN Router to forward DHCP Queries to the DHCP Server
(commonly called DHCP Helper Addresses)

> The issue is that there is a need for more than the 254 IPs when the
> Workstation and VPN IPs are combined.

How many IP#s are in use total? I don't care what kind of Host it is or
where it is,...I just need a total number.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

In this case, I would leave them as /24 and define VLANs for each subnet to
the /24 range. This way DHCP will work as designed. You can still use a
summary route on the /16 to hit the rest of your network though on the
routing protocol side.

Otherwise, list all of those as part of the 10.10.0.0/16 subnet and create a
DHCP scope to match the /16 just issuing the leases for the smaller ranges.

If you need filtering rules you can do a match on your ACLs to capture the
specific areas as 10.10.1.0 0.255.255.255 and apply router/ switch policies
that way. This does not give you the segmentation of a /24 though.

I would do the VLANs with VLSM if my equipment supported it. Just remember
to specify IP Helper-address for the DHCP servers for each VLAN needing DHCP.
--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Project+
http://www.techsterity.com
Chicago, IL

Remember: Marking helpful answers helps everyone find the info they need
quickly.


"Andy Long" wrote:

> Given the following non-routed (MASK 255.255.0.0) network, what is the best
> DHCP solution?
>
> Network: 10.10.0.0/16
>
> Subnets:
>
> 10.10.0.0/24 = Router & device management (static)
> 10.10.1.0/24 = Servers (static)
> 10.10.2.0/24 = DHCP Workstations
> 10.10.3.0/24 = DHCP VPN
> 10.10.4.0/24 = External Systems (static)
> 10.10.5.0/24 = Printers (static)
>
> Trouble is that for DHCP to respond the LAN Workstations, the Scope must be
> defined as a /16 network. Using the /24 network for the scope results in the
> DHCP server to never respond to the DHCP Clients. Using the 10.10.2.0/16
> network for the Workstation scope results in the inability to define the
> 10.10.3.0/24 VPN scope.
>
> Should DHCP use the superscope for the 10.10.2.0/24 and 10.10.3.0/24 scope
> definitions? If so how does one segregate the Workstations from VPN use of
> the superscope?
>
> VPN is using ISA which is RRAS VPN using a DHCP Relay, this currently shares
> the Workstation scope.
>
> The issue is that there is a need for more than the 254 IPs when the
> Workstation and VPN IPs are combined.
>
> Thanks,
>
> Andy
>
>
>