DHCP scope problem

We have two DHCP servers on our main network (net1) that lease addresses to
clients as expected. Both have single interfaces on the main network. AD is
Windows 2003 native. DHCP servers are also Windows 2003.

I now have a requirement to lease addresses to clients based on class ID.
I'm setting the class id on authenticated domain clients via logon script.
What I would like to happen is that when a valid domain client requests an
IP address, they are allocated an IP from a scope (call it scope1) that ONLY
has options with the class ID associated with it. Any other devices that
don't have this class ID will get an IP address from another scope (scope2)
pool, putting them on a different logical subnet (net2). This net2 subnet is
not physically seperated from the main network, and broadcast traffic from
both will pass accross the same wire. There is a VLAN on a router that will
route traffic to the main network though (but this is not the problem!).
I've configured this router with DHCP relay and ip-helper settings.

The issue is that one of the two DHCP servers is being tasked with
allocating addresses based on the class ID, but the allocation is erratic
and not consistent. This means a host with the valid class ID will get
allocated an address from scope2 and get put on the wrong subnet, or
non-valid devices that should be on net2 get addresses on the main network
(net1). My thinking is that the 'default' (non class specific) options would
get allocated from scope2 by default UNLESS the host's class ID matches,
when an address should be allocated from scope1. I've tried putting both
scopes into a superscope (which didn't work). I've also added a second
interface to the DHCP server, with an IP address on net2. I tried changing
the DHCP bindings so that by default, DHCP was bound to the net2 interface.
I though this worked better, but then had the same problem again.

I know DHCP options allocated via class ID work ok, but only when being
allocated from a single scope. We currently allocate them in addition to
'normal' scope options. I know in a normal environment where the two subnets
are physically seperated (isolating broadcast traffic) this would not be a
problem, but I don't have this luxury. I would be prepared to use vlan
tagging if I thought it was possible, but because you don't know what subnet
the host is going to be on until the ip address is allocated via DHCP, I
don't know if this would work.

Is what I'm trying to acheive actually possible with DHCP? I'm trying this
on a lab network at the moment prior to rollout.

Thanks




tman

Hi Tman,

Remember that DHCP servers are found by broadcast and whichever responds
first is the server that will be used. This means that having different
scopes and configs for the classes between two different servers will only
work when the workstations happen to hit the correct server.

I have a blog posting on high-availability DHCP that will explain making
both servers work for the scopes. Hopefully this will help:
http://techsterity.com/blogs/bestpra...lity-DHCP.aspx

--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Project+
http://www.techsterity.com
Chicago, IL

Remember: Marking helpful answers helps everyone find the info they need
quickly.


"tman" wrote:

> We have two DHCP servers on our main network (net1) that lease addresses to
> clients as expected. Both have single interfaces on the main network. AD is
> Windows 2003 native. DHCP servers are also Windows 2003.
>
> I now have a requirement to lease addresses to clients based on class ID.
> I'm setting the class id on authenticated domain clients via logon script.
> What I would like to happen is that when a valid domain client requests an
> IP address, they are allocated an IP from a scope (call it scope1) that ONLY
> has options with the class ID associated with it. Any other devices that
> don't have this class ID will get an IP address from another scope (scope2)
> pool, putting them on a different logical subnet (net2). This net2 subnet is
> not physically seperated from the main network, and broadcast traffic from
> both will pass accross the same wire. There is a VLAN on a router that will
> route traffic to the main network though (but this is not the problem!).
> I've configured this router with DHCP relay and ip-helper settings.
>
> The issue is that one of the two DHCP servers is being tasked with
> allocating addresses based on the class ID, but the allocation is erratic
> and not consistent. This means a host with the valid class ID will get
> allocated an address from scope2 and get put on the wrong subnet, or
> non-valid devices that should be on net2 get addresses on the main network
> (net1). My thinking is that the 'default' (non class specific) options would
> get allocated from scope2 by default UNLESS the host's class ID matches,
> when an address should be allocated from scope1. I've tried putting both
> scopes into a superscope (which didn't work). I've also added a second
> interface to the DHCP server, with an IP address on net2. I tried changing
> the DHCP bindings so that by default, DHCP was bound to the net2 interface.
> I though this worked better, but then had the same problem again.
>
> I know DHCP options allocated via class ID work ok, but only when being
> allocated from a single scope. We currently allocate them in addition to
> 'normal' scope options. I know in a normal environment where the two subnets
> are physically seperated (isolating broadcast traffic) this would not be a
> problem, but I don't have this luxury. I would be prepared to use vlan
> tagging if I thought it was possible, but because you don't know what subnet
> the host is going to be on until the ip address is allocated via DHCP, I
> don't know if this would work.
>
> Is what I'm trying to acheive actually possible with DHCP? I'm trying this
> on a lab network at the moment prior to rollout.
>
> Thanks
>
>
>