I want to segment a flat network covering three floors into three
subnets (using VLANs and a L3 switch) but keep using a single DHCP
server running on Windows Server 2000. Can this be done with a single
NIC in the server?

I can imagine this working by connecting the DHCP server's NIC to a
switch port which is a member of all three VLANs. If Windows Server
supports 802.1q, it could use the VLAN tags to identify which subnet
the client should be assigned an address from. Is this feasible?

I don't know if it can be done with your switches or not but I know it can
be done with properly-configured routers. I have a single DHCP server that
serves addresses to five different subnets using DHCP Helper entries in the
routers.

--
Richard G. Harper [MVP Shell/User] (E-Mail Removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


"Bob Simon" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I want to segment a flat network covering three floors into three
> subnets (using VLANs and a L3 switch) but keep using a single DHCP
> server running on Windows Server 2000. Can this be done with a single
> NIC in the server?
>
> I can imagine this working by connecting the DHCP server's NIC to a
> switch port which is a member of all three VLANs. If Windows Server
> supports 802.1q, it could use the VLAN tags to identify which subnet
> the client should be assigned an address from. Is this feasible?

On Sun, 10 Sep 2006 05:41:29 -0400, "Richard G. Harper"
<(E-Mail Removed)> wrote:

>I don't know if it can be done with your switches or not but I know it can
>be done with properly-configured routers. I have a single DHCP server that
>serves addresses to five different subnets using DHCP Helper entries in the
>routers.

Thanks Richard,
I was hoping it might be possible. How do you configure DHCP so it
knows how to assign an address to the client from the proper subnet?

On Sun, 10 Sep 2006 05:41:29 -0400, "Richard G. Harper"
<(E-Mail Removed)> wrote:

>I don't know if it can be done with your switches or not but I know it can
>be done with properly-configured routers. I have a single DHCP server that
>serves addresses to five different subnets using DHCP Helper entries in the
>routers.

Forgot to ask if your server only has one NIC?

Yep, just one. Using routers, the DHCP server hands out addresses based on
which network segment the request comes from - if the request comes in on
the 10.101.0.x segment it hands out a network address in that range, if the
request is on the 10.101.32.x segment it hands out a network address in that
range, and so on. I suspect your switches will handle this just fine but
can't guarantee that this is so. You may need to get creative in setting
them up - I don't know that it's possible to put one port into multiple
VLANs so you may need to add routing rules.

--
Richard G. Harper [MVP Shell/User] (E-Mail Removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


"Bob Simon" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Sun, 10 Sep 2006 05:41:29 -0400, "Richard G. Harper"
> <(E-Mail Removed)> wrote:
>
>>I don't know if it can be done with your switches or not but I know it can
>>be done with properly-configured routers. I have a single DHCP server
>>that
>>serves addresses to five different subnets using DHCP Helper entries in
>>the
>>routers.
>
> Forgot to ask if your server only has one NIC?

On Sun, 10 Sep 2006 17:58:07 -0400, "Richard G. Harper"
<(E-Mail Removed)> wrote:

>Yep, just one. Using routers, the DHCP server hands out addresses based on
>which network segment the request comes from - if the request comes in on
>the 10.101.0.x segment it hands out a network address in that range, if the
>request is on the 10.101.32.x segment it hands out a network address in that
>range, and so on. I suspect your switches will handle this just fine but
>can't guarantee that this is so. You may need to get creative in setting
>them up - I don't know that it's possible to put one port into multiple
>VLANs so you may need to add routing rules.

Yes but how does the server determine which segment the request came
in from?

With multiple NICs, there's a one-for-one correspondance between
segments and the corresponding NIC. So the interface can be used to
identify the scope.

With one NIC, the only way I can imagine the server can identify which
subnet the request came from is via VLAN tags. Is this correct? How
is this adminstered in Windows?

No need to have a NIC on all three VLANs. In fact, I don't know of a way to
configure a switch to pass broadcasts between VLANs, and even if you could,
how would the server know which subnet it was supposed to assign an address
on?. What you need is a DHCP relay. Most mid-range routers will function as
DHCP relays. A dhcp relay listens for DHCP request broadcasts and does a
unicast to the DHCP server. The relay will use the IP address on the
interface that the DHCP request came from, so that addres will be on the
correct subnet. Windows knows which scope to offer an address from based on
the IP address of the relay.

....kurt

"Bob Simon" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I want to segment a flat network covering three floors into three
> subnets (using VLANs and a L3 switch) but keep using a single DHCP
> server running on Windows Server 2000. Can this be done with a single
> NIC in the server?
>
> I can imagine this working by connecting the DHCP server's NIC to a
> switch port which is a member of all three VLANs. If Windows Server
> supports 802.1q, it could use the VLAN tags to identify which subnet
> the client should be assigned an address from. Is this feasible?

The server knows which segment the request came from because ... well,
because it comes from that segment. I don't know of any clearer way to
describe it, really.

On my network the 10.101.0.x segment was the original network segment so
those requests don't require any routing - the request comes to the DHCP
server on that segment.

When we added the 10.101.32.x segment we added routing rules to the router
so that the two segments can see each other and put a DHCP Helper address in
the 10.101.32.x router so that it knows to pass DHCP requests to the
10.101.0.x DHCP Server. A PC in the 10.101.32.x range requests an address
and the DHCP server assigns it one in that range because I set it up with a
matching range to assign addresses from and the request is coming in from
the 10.101.32.x range.

DHCP knows nothing of VLAN tags and wouldn't care if it saw one. I don't
believe the switch will pass those outside itself anyway.

--
Richard G. Harper [MVP Shell/User] (E-Mail Removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


"Bob Simon" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Sun, 10 Sep 2006 17:58:07 -0400, "Richard G. Harper"
> <(E-Mail Removed)> wrote:
>
>>Yep, just one. Using routers, the DHCP server hands out addresses based
>>on
>>which network segment the request comes from - if the request comes in on
>>the 10.101.0.x segment it hands out a network address in that range, if
>>the
>>request is on the 10.101.32.x segment it hands out a network address in
>>that
>>range, and so on. I suspect your switches will handle this just fine but
>>can't guarantee that this is so. You may need to get creative in setting
>>them up - I don't know that it's possible to put one port into multiple
>>VLANs so you may need to add routing rules.
>
> Yes but how does the server determine which segment the request came
> in from?
>
> With multiple NICs, there's a one-for-one correspondance between
> segments and the corresponding NIC. So the interface can be used to
> identify the scope.
>
> With one NIC, the only way I can imagine the server can identify which
> subnet the request came from is via VLAN tags. Is this correct? How
> is this adminstered in Windows?

Thank you. That explains the exact point I didn't know and needed to
get.

On Sun, 10 Sep 2006 20:26:01 -0700, "Kurt"
<(E-Mail Removed)> wrote:

>No need to have a NIC on all three VLANs. In fact, I don't know of a way to
>configure a switch to pass broadcasts between VLANs, and even if you could,
>how would the server know which subnet it was supposed to assign an address
>on?. What you need is a DHCP relay. Most mid-range routers will function as
>DHCP relays. A dhcp relay listens for DHCP request broadcasts and does a
>unicast to the DHCP server. The relay will use the IP address on the
>interface that the DHCP request came from, so that addres will be on the
>correct subnet. Windows knows which scope to offer an address from based on
>the IP address of the relay.
>
>...kurt
>
>"Bob Simon" <(E-Mail Removed)> wrote in message
>news:(E-Mail Removed)...
>>I want to segment a flat network covering three floors into three
>> subnets (using VLANs and a L3 switch) but keep using a single DHCP
>> server running on Windows Server 2000. Can this be done with a single
>> NIC in the server?
>>
>> I can imagine this working by connecting the DHCP server's NIC to a
>> switch port which is a member of all three VLANs. If Windows Server
>> supports 802.1q, it could use the VLAN tags to identify which subnet
>> the client should be assigned an address from. Is this feasible?
>

"Bob Simon" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Yes but how does the server determine which segment the request came
> in from?

The information is included in the packet that comes from the Router to the
DHCP Server. (no I do not know the anatomy of the packet).

The VLANs are pretty much irrelevant. They only really exist inside the L3
Switch itself. Everthing outside the L3 Switch is just straight normal LAN
segments. The exception would be a VLAN aware switch further down the
line,...but then the VLAN only exist on the physical cable between the two
VLAN capable switches. In other words the VLAN only exists within the
"switch fabric",...it is physical beyond that.

One last exception would be a VLAN aware Nic in a machine if someone carried
the VLAN that far. But in any case it has nothing to do with DHCP,...if the
segments are virtual or physical means nothing to DHCP. VLANs only operate
at the first three OSI layers,...DHCP, as far as a the DHCP Service is
concerned, operates above the OSI model althogether, even though the
addresses it gives out operate at Layer3.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com