DHCP / Sites / OUs

[Bit Surfer]

Consider this:

Three buildings connected by private WAN links;
One subnet between the buildings;
One Active Directory domain;
One DHCP server in each building

If I wanted to force users to use the DHCP server in *their* building, there
doesn't seem to be a way to do this short of subnetting. Am I correct? I
can't seem to find a way to do this with either OUs or Active Directory
sites. Reason for doing this is to minimize traffic over the WAN links. I
think in theory the DHCP clients are supposed to get leases from the first
DHCP server that responds. You would think that the DHCP server on the same
ethernet segment would respond first, but I'm finding that servers at the
remote locations are handing out addresses to the other locations. Would
prefer to prevent this and would prefer not to make new subnets for each
location. I'd also rather not do any sort of packet filtering as that would
raise the administrative overhead.

Tell me I can have my cake & eat it too! <g>

Thanks.

 

[Herb Martin]

If I wanted to force users to use the DHCP server in *their* building,
there

doesn't seem to be a way to do this short of subnetting. Am I correct? I

Yes. Normal is to have a separate subnet -- DHCP scopes
are specific to subnets.

There is NO security in DHCP -- servers offer addresses
promiscously and clients take what they are offered.

Neither domain, nor even OS matters. A Win2000 machine
can get an address from a Linux box or vice versa; both
can get addresses from "hardware routers."

can't seem to find a way to do this with either OUs or Active Directory
sites. Reason for doing this is to minimize traffic over the WAN links.

I

You really should have SUBNETS if you have a WAN -- that
is a much bigger influence on minimizing traffic than the
near trivial DHCP issue.

think in theory the DHCP clients are supposed to get leases from the first
DHCP server that responds. You would think that the DHCP server on the same
ethernet segment would respond first, but I'm finding that servers at the
remote locations are handing out addresses to the other locations. Would

Fastest server is considered best -- the WAN cannot be much
of a bottleneck it seems.

Subnet.

prefer to prevent this and would prefer not to make new subnets for each
location. I'd also rather not do any sort of packet filtering as that would
raise the administrative overhead.

You don't have to "acket filter" to subnet -- you will only
be limiting BROADCASTS by default. Routers can pass
all directed traffic but their default is to block broadcasts --
which is actually what you want in a WAN.

 

[Bit Surfer]

Thanks for the response.

I realize that subnetting would be the preferred way of segregating the
physical locations. The thing is, even though I call it a WAN, it would be
best described as a glorified LAN. Each of the buildings is within a mile
of each other and they are all connected via point-to-point HDSL links. The
HDSL lines were provisioned by the local telco and literally just bridge the
locations by way of old Pairgain megabit modems on each end of the link.
Point being, there aren't any routers or firewalls at the locations that
could do routing or packet filtering. Subnetting would require that we
either purchase routing hardware, or configure one of the existing windows
boxes to act as a router - I'd rather not do that. Security realy wasn't
the point, my biggest gripe is that is seems silly that someone in office A
would get a lease from a server in office B when they have a server sitting
beside them. Just curious if there were any other way to address this short
of re-engineering the entire network layout.

Thanks again.

 

[Herb Martin]

could do routing or packet filtering. Subnetting would require that we

either purchase routing hardware, or configure one of the existing windows
boxes to act as a router - I'd rather not do that. Security realy wasn't
the point, my biggest gripe is that is seems silly that someone in office A
would get a lease from a server in office B when they have a server sitting
beside them. Just curious if there were any other way to address this short
of re-engineering the entire network layout.

Routers are cheap and if you aren't worried about broadcasts
quit wringing your hands over a few DHCP packets -- it's a
non-issue (if broadcasts aren't either.)

In fact it is working precisely the way it was intended on a
(glorified) LAN; the fastest DHCP server is provisioning the
clients.