Migrating from DCHP Superscopes to VLAN

[Guest]

I recently started at a company using RFC1918 addresses in a large flat layer
2 network with one border router (1 primary and 2 secondary addresses on
fa0/0 along with EIGRP).

Before I started working here, their implementation method to accomodate the
500+ computers, was to setup a DHCP server with 3 DHCP scopes and
three NICs (one for each DHCP scope/network) and then run superscope. We are
part of a larger Active Directory Forest.

I've recommended we migrate to VLANS with a single DHCP server issuing
addresses for each of the separate VLAN subnets (we have Cisco devices, so I
will be using the ip helper commands).

I'm starting to get the feeling that the Windows Server Administrator does
not know Windows Server Operating systems very well (I'm kind of weak in that
area, but that's not my primary area of expertise), so I'd like to be able to
provide some help.

I plan to bring up the layer 3 switch and gradually migrate groups over to
the new VLANs using non-RFC 1918 address space (I don't have a choice, we are
part of a larger company and they are converting all branches). Once done,
we will stop using the current RFC 1918 addresses.

Two questions:

1. Can we keep the current DHCP/Superscope configuration AND create new
scopes using address space from the new VLAN subnets?

2. If we can't do question 1, what are some alternate options (maybe bring
up a temporary DHCP server to serve the VLANS until we are fully migrated
over)?

 

[Rick Gouin]

As long as the addresses you want to use in the new VLAN subnets aren't
included in the already created superscope, then yes, you can run them
concurrently.

You can have normal scopes and superscopes coexisting, as you can also
have multiple superscopes and combinations there of.

More on superscopes here:
http://www.microsoft.com/resources/...ddocs/en-us/sag_DHCP_imp_UsingSuperscopes.asp

Regards,
Rick Gouin, MCSE

 

[Phillip Windell]

1. Can we keep the current DHCP/Superscope configuration AND create new
scopes using address space from the new VLAN subnets?

Get rid of the Superscopes. Just use a separate "normal" Scope for each
subnet. The DHCP should only have one Nic and will "live" in only *one*
subnet. The LAN Router that handles the VPN routing needs to be configured
to forward DHCP Queries to the DHCP Server. This is the standard way it is
done and is also the simplest and most trouble-free way to do it. The
Router and the DHCP Server combined together are smart enough to give the
right Address from the right Scope to the right Client without doing
anything special.

Don't over complicate it and don't try to "outsmart the system". Most
problems I see with this DHCP stuff are caused by the people doing it to
themselves in one of those two ways (or both).

2. If we can't do question 1, what are some alternate options (maybe bring
up a temporary DHCP server to serve the VLANS until we are fully migrated
over)?

You can do #1 just fine. As far as the migration process, I can not say
because I don't know what you expect to have when you are done vs what you
have to start with. A proper size subnet should be below 300 hosts so the
500+ won't fit into that, so I don't know about making a "smooth"
transitition. There are some migration techniques that involve the
*temporary* use of a Superscope, but I found it rather difficult to
understand and follow. You can probably find material on that on MS's sites
by just using DHCP and Superscope in a search.

With ours, I went from one subnet to about 8, but I had less machines. I
just used our existing address set as the first VLAN and then just added in
the others. I then moved machines into the new subnets a little at a time. I
didn't try to do it all at once. Maybe you could create a large temporary
VLAN with enough addresses for most of your machines and use it as a holding
area,..configure the other permanent VLANs and then move the machines over
into them. When finished you can eliminate the temporary one and delete the
Scope.

 

[Guest]

Rick, thanks your response sounds like exactly what I can use to help our
server administrator. Also the link you directed me to speaks directly that
what we need to know.

Thanks,

Adrian Martinez

 

[Guest]

Thanks Phillip.

Get rid of the Superscopes. Just use a separate "normal" Scope for each
subnet. The DHCP should only have one Nic and will "live" in only *one*
subnet. The LAN Router that handles the VPN routing needs to be configured
to forward DHCP Queries to the DHCP Server. This is the standard way it is
done and is also the simplest and most trouble-free way to do it. The
Router and the DHCP Server combined together are smart enough to give the
right Address from the right Scope to the right Client without doing
anything special.

Don't over complicate it and don't try to "outsmart the system". Most
problems I see with this DHCP stuff are caused by the people doing it to
themselves in one of those two ways (or both).


You can do #1 just fine. As far as the migration process, I can not say
because I don't know what you expect to have when you are done vs what you
have to start with. A proper size subnet should be below 300 hosts so the
500+ won't fit into that, so I don't know about making a "smooth"
transitition. There are some migration techniques that involve the
*temporary* use of a Superscope, but I found it rather difficult to
understand and follow. You can probably find material on that on MS's sites
by just using DHCP and Superscope in a search.

With ours, I went from one subnet to about 8, but I had less machines. I
just used our existing address set as the first VLAN and then just added in
the others. I then moved machines into the new subnets a little at a time. I
didn't try to do it all at once. Maybe you could create a large temporary
VLAN with enough addresses for most of your machines and use it as a holding
area,..configure the other permanent VLANs and then move the machines over
into them. When finished you can eliminate the temporary one and delete the
Scope.

 

[Phillip Windell]

I have a question about those multi-nets. In Example #2 at the link you
gave,..how do you determine which hosts gets an address from which of the
three logical subnets? Or does it matter? If it "happens" to get a address
from the same subnet as what it may be talking to, then it goes
direct,...but if it "happens" to get one from another subnet then it just
bounces it off the router?