1,105,290 Community Members

Help with DHCP - Multiple Subnets

Member Avatar
Harry_Greatorex
Junior Poster in Training
53 posts since Dec 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

Ok this may be alot to take it at first, but stay with it...

I am head of IT at a community centre, and i want to set up DHCP role on a Windows server 2008 32bit Server. The server currently has 1 static ip, and gets it's internet from a standard router, and lets say that is adapter 1.

I have installed another network card in it, which i intend to provide and connection for all the client PC's, which are running off a switch. The DHCP going from adapter 2 i want to have a different subnet. So this is how it currently looks...

Adapter 1:

IP address: 192.168.1.19
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.254

Adapter 2:

IP address: 172.25.16.1
Subnet Mask: 255.255.252.0
Default Gateway: 172.25.16.1

All i want adapter 1 to do, is supply the server, and the clients running off adapter 2, a internet connection. The way i thought to do this is to share the connection from adapter 1 to adapter 2, but after a bit of research, it turns out you cannot share a internet connection under the same subnet.

So, is there a way to get a internet connection to adapter 2 for the clients? Effectively, the network will have 2 DHCP servers, the server, and the router. I want the client PC's to not know about the router, and have their IP addresses and Internet come "from the server".

Ok it's a bit long winded, but i think i explained well enough, help will be grately appreciated!

Member Avatar
JorgeM
IT Addict
6,381 posts since Dec 2011
Reputation Points: 567 [?]
Q&As Helped to Solve: 953 [?]
Skill Endorsements: 172 [?]
Moderator
Featured
Sponsor
 
0
 

There are several ways to accomplish this. The best approach in my opinion is to connect this DHCP server and all of hte client to a switch that is connected to the router. On the router, turn off DHCP services.

Next, do not enable more than one NIC on the DHCP server, its not necessary. Place all clients on the 192.168.1.x/24 subnet. Just create one DHCP scope on the DHCP server for this subnet. So, you will create a range for IP leases, subnet mask = 255.255.255.0, their default gateway will be 192.168.1.254 and their DNS settings will be whatever DNS you want to use for your server and clients... it can be the router as well since the router is performing a DNS Proxy role.

Why is this a better solution than what you proposed... its a simpler design, easier to configure and troubleshoot. What you proposed will require that you enable routing and remote access on the DHCP server and either add NAT, or full routing between the server and your edge router. Full routing will require that you add routes on your router for the 172.25.16.x segment. I do not recommend this design.

Member Avatar
rubberman
Senior Poster
3,986 posts since Mar 2010
Reputation Points: 513 [?]
Q&As Helped to Solve: 500 [?]
Skill Endorsements: 87 [?]
 
0
 

You can do what JorgeM suggests, or you can separate the clients from the router, physically, and turn your server into a router. That way, they can ONLY get their IP addresses from the server. It will require more work on your part, and all the client traffic will get routed through your server's two NICs, but it WILL key the clients from accessing the router directly.

Member Avatar
Harry_Greatorex
Junior Poster in Training
53 posts since Dec 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

Thank you both for your input. JorgeM, that is moreless how the network was before I took over, and yes I agree it's definitely the easiest way around it.
Rubberman, I know it's more work but that is what I would like to do ideally, as I don't want the clients to know about the router.
I have thought about turning DHCP off in the router, but my reason for going against that is because it hosts a wireless access point in which Visitors can connect to, and I'm not sure they could connect through the server DHCP scope?

thanks again!

Member Avatar
JorgeM
IT Addict
6,381 posts since Dec 2011
Reputation Points: 567 [?]
Q&As Helped to Solve: 953 [?]
Skill Endorsements: 172 [?]
Moderator
Featured
Sponsor
 
0
 

You should reconsider, just my opinion.

Passing all of your traffic through the server may slow down your Internet traffic. A windows box will not route as quick as your $39 router. In addition, as I mentioned, its another layer on your network.

In any case, you will have to leave both DHCP services up and running because you will not be able to create multiple DHCP scopes on the router.

Therefore, on the DHCP server go into its bindings from the DHCP admin console and uncheck the binding for the NIC on the 192. Network. You'll only want DHCP to listen and serve on the other NiC. This DHCP server would be able to service your clients only if the router had a DHCP relay agent service, also known as IP helper in the Cisco world. Since it likely doesn't you will need to leave both running. This will force you to ensure that you don't place clients on the wrong subnet.

Next, on the server , you will need to enable RRAS and enable NAT so you don't have to worry about the routing, but this config creates a double NAT on your network. No big deal but if you don't want this option, you will need to configure routes on both th server and router.

I have a videos related to RRAS on my channel you can refer to.

Member Avatar
Harry_Greatorex
Junior Poster in Training
53 posts since Dec 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

thanks for your input, i understand from where your coming from, but i dont mind extra work/another layer onm the netork. The network is all gigabit (1000MBPS), except the router is only megabit (100MBPS) so im not sure the server would slow anything down. I justr really need 2 networks, one from the router DHCP for wireless devices, and a wired DHCP network coming from the DHCP on the server, on 2 different subnets. Thanks again.

Member Avatar
skilly
Posting Whiz in Training
270 posts since Mar 2010
Reputation Points: 23 [?]
Q&As Helped to Solve: 22 [?]
Skill Endorsements: 0 [?]
 
0
 

i'm curious what your motivation for this is, but you could also play around with bridging the adapters on the server.

Member Avatar
CimmerianX
Practically a Master Poster
658 posts since Jul 2010
Reputation Points: 53 [?]
Q&As Helped to Solve: 83 [?]
Skill Endorsements: 13 [?]
 
0
 

My 2 cents, slap DD-wrt on that router and you can separate out 2 wifi subnets, 1 for guests, and 1 bridged to the wired lan for your employees. I've done this many times.

Member Avatar
Harry_Greatorex
Junior Poster in Training
53 posts since Dec 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

im not sure why, but i think because the router is under such constant heavy load, and the fact that it is only basic, not all my group policies are going through. Some things are taking a while, such as folder redirection, all i want is for the clients not to go through the router, and to just go to the server, using that as the router. does that make sense? I just thought that if the only place the clients are being slowed down is the router, take that out the equation...?

Member Avatar
JorgeM
IT Addict
6,381 posts since Dec 2011
Reputation Points: 567 [?]
Q&As Helped to Solve: 953 [?]
Skill Endorsements: 172 [?]
Moderator
Featured
Sponsor
 
0
 

A windows router is much slower than even the most inexpensive consumer based router. You need to investigate the actual cause if the problem before you make changes to your network design, just my two cents.

Member Avatar
thrillride01
Newbie Poster
21 posts since Mar 2013
Reputation Points: 0 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

I aggree, Windows SUX! I have a question, what exactly are you using the server for? Is it just for routing purposes? If it is, take that crappy widows off of it and install something like PFSense. If your running group policies on the server, then find an old computer that is not being used and add your second nic to it and load PFSense on it. With the PFSense box, you have a whole lot more functionality then you do with your basic router (like running several different subnets as well as caching and onboard antivirus as well as the firewall features) and it can all run off of a small computer. Go to this link and watch the video http://www.youtube.com/watch?v=Q0JFfpG4BWI . Any questions, just hit me back.

Member Avatar
Harry_Greatorex
Junior Poster in Training
53 posts since Dec 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

Hmm ok i understand, thanks. To be honest, i dont really want to get rid of the server, espicially as its fairly new, but i do need it for GP, folder redirection, and it is also doing windows deployment, which is very useful.

Member Avatar
thrillride01
Newbie Poster
21 posts since Mar 2013
Reputation Points: 0 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

I aggree, but you don't need to get rid of the server, just put it on the same subnet as your PFSense box.

You
This article has been dead for over three months: Start a new discussion instead
Post:
Start New Discussion
View similar articles that have also been tagged: