DHCP servers on separate VLANs

Discussion in 'Cisco' started by blu_aqua, May 24, 2005.

  1. blu_aqua

    blu_aqua Guest

    Hi there,
    I'm planning to build up a LAN made by:
    5 Catalyst 2950G-EI
    1 Catalyst 3508G
    1 PIX 506e
    1 router 1721 with ADSL module

    If the following description of my plans is wrong in any part, please
    correct me.

    The center of the network is the 3508 to which all 2950G are connected
    using fibre cables.
    The router (that accesses the internet) is connected by a crossed cable to
    the PIX.
    The PIX is connected to one of the 2950.
    All ports of each 2950 are assigned to separate VLANs (so I have 5 VLANs).
    Every VLAN accesses the internet using a subinterface on the PIX (so I have
    5 sub-if on the pix [question: does the PIX support these 5 subif?]).
    All PC connected to my network are Windows based and their IP addresses are
    assigned manually to the NIC.
    Each VLAN has a separate addressing space:
    VLAN 1: 10.155.251.0/24
    VLAN 2: 10.155.252.0/24
    VLAN 3: 10.155.253.0/24
    VLAN 4: 10.155.254.0/24
    VLAN 5: 10.155.255.0/24

    There is no intraVLAN routing.

    I would like to know if it is possible to have a DHCP server for each VLAN,
    using only the components I listed above.
    Maybe there's a way to activate this service on each sub-if of the pix....
    Or maybe on each 2950G (Enhanced Image)...
    Any hints is highly appreciated by a newby :)
    Thanks

    Raffaele
    blu_aqua, May 24, 2005
    #1
    1. Advertising

  2. blu_aqua

    Guest Guest

    Hello,


    You do not need to do anything, DHCP will only grant the ip
    addresses accordingly to the scope it has configured and the giaddr of the
    relaying interface. Let's say that a dhcp discover (from one of your pc's)
    goes into the 2950 which is configured to do DHCP relay to the PIX or any
    other DHCP server or is serving as a DHCP server itself. The DHCP will look
    in its available scopes and will only grant an ip address compatible with
    the relaying or receiver interface. I hope this helps, let us know.

    --
    2nd Law of Thermodynamics: Chaos will Reign.

    ///////////////////
    --Anthrax--
    //////////////////
    "blu_aqua" <> wrote in message
    news:SqLke.14411$...
    > Hi there,
    > I'm planning to build up a LAN made by:
    > 5 Catalyst 2950G-EI
    > 1 Catalyst 3508G
    > 1 PIX 506e
    > 1 router 1721 with ADSL module
    >
    > If the following description of my plans is wrong in any part, please
    > correct me.
    >
    > The center of the network is the 3508 to which all 2950G are connected
    > using fibre cables.
    > The router (that accesses the internet) is connected by a crossed cable to
    > the PIX.
    > The PIX is connected to one of the 2950.
    > All ports of each 2950 are assigned to separate VLANs (so I have 5 VLANs).
    > Every VLAN accesses the internet using a subinterface on the PIX (so I
    > have
    > 5 sub-if on the pix [question: does the PIX support these 5 subif?]).
    > All PC connected to my network are Windows based and their IP addresses
    > are
    > assigned manually to the NIC.
    > Each VLAN has a separate addressing space:
    > VLAN 1: 10.155.251.0/24
    > VLAN 2: 10.155.252.0/24
    > VLAN 3: 10.155.253.0/24
    > VLAN 4: 10.155.254.0/24
    > VLAN 5: 10.155.255.0/24
    >
    > There is no intraVLAN routing.
    >
    > I would like to know if it is possible to have a DHCP server for each
    > VLAN,
    > using only the components I listed above.
    > Maybe there's a way to activate this service on each sub-if of the pix....
    > Or maybe on each 2950G (Enhanced Image)...
    > Any hints is highly appreciated by a newby :)
    > Thanks
    >
    > Raffaele
    >




    Posted Via Usenet.com Premium Usenet Newsgroup Services
    ----------------------------------------------------------
    ** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
    ----------------------------------------------------------
    http://www.usenet.com
    Guest, May 25, 2005
    #2
    1. Advertising

  3. blu_aqua

    CiscoTech Guest

    Notice he said that no intranet routing was being done.
    Without the vlan routing to each other, then the DHCP requests will not
    make it to the DHCP server for it to offer the address across the vlans.
    Thus multiple DHCP servers would be needed.


    Anthrax wrote:
    > Hello,
    >
    >
    > You do not need to do anything, DHCP will only grant the ip
    > addresses accordingly to the scope it has configured and the giaddr of the
    > relaying interface. Let's say that a dhcp discover (from one of your pc's)
    > goes into the 2950 which is configured to do DHCP relay to the PIX or any
    > other DHCP server or is serving as a DHCP server itself. The DHCP will look
    > in its available scopes and will only grant an ip address compatible with
    > the relaying or receiver interface. I hope this helps, let us know.
    >
    CiscoTech, May 25, 2005
    #3
  4. blu_aqua

    blu_aqua Guest

    Ok thanks, I will activate DHCP server on each 2950.
    I found a complete documentation about this here:
    http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt1/1cddhcp.htm

    The big problem is that I just realized (please correct me if I'm wrong)
    that I can't let all the PC access the internet if I don't do interVLAN
    routing (and I can't with the hardware I have).
    Infact the PIX 506E (software version 6.3) has only 2 physical interfaces
    and the possibility to create 2 logical interfaces. So I can't let all the 5
    VLANs access the internet throught a sub-if on the PIX.
    Considered that I need one physical interface of the PIX for the "outside",
    I have only 3 interfaces to deal with (1 physical + 2 logical)...so I can
    create only 3 VLANs if I want all the VLANs to access the internet...am I
    correct?
    Thanks

    Raffaele


    "CiscoTech" <> ha scritto nel messaggio
    news:meUke.15459$...
    > Notice he said that no intranet routing was being done.
    > Without the vlan routing to each other, then the DHCP requests will not
    > make it to the DHCP server for it to offer the address across the vlans.
    > Thus multiple DHCP servers would be needed.
    >
    >
    > Anthrax wrote:
    >> Hello,
    >>
    >>
    >> You do not need to do anything, DHCP will only grant the ip
    >> addresses accordingly to the scope it has configured and the giaddr of
    >> the relaying interface. Let's say that a dhcp discover (from one of your
    >> pc's) goes into the 2950 which is configured to do DHCP relay to the PIX
    >> or any other DHCP server or is serving as a DHCP server itself. The DHCP
    >> will look in its available scopes and will only grant an ip address
    >> compatible with the relaying or receiver interface. I hope this helps,
    >> let us know.
    >>
    blu_aqua, May 25, 2005
    #4
  5. blu_aqua

    Guest Guest

    Certanly didn't notice that, you are right. However one dhcp server with
    different scopes configured for all vlans should be enough if the 2950 is
    the DHCP server(or different
    dhcp servers located in each different vlan because there's no intervlan
    routing if is a different server). Sorry, next time will be more carefull
    reading the post :). Will try to reedem my errors..


    :Every VLAN accesses the internet using a subinterface on the PIX (so I have
    :5 sub-if on the pix [question: does the PIX support these 5 subif?]).

    As far as i know your HW does not provide support for vlans...

    http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_release_note09186a00801a6d21.html#wp45389

    " Note The PIX 501 and PIX 506/506E do not provide support for VLANs. "

    and subinterfaces were not introduced prior to version 7

    http://www.cisco.com/en/US/products...upgrade_guides09186a0080369ee2.html#wp1031280

    " In PIX Version 7.0, the interface CLI and related commands are enhanced to
    be hierarchical. The concepts of `main interface,' such as Ethernet0, and
    `subinterface,' such as Ethernet0.10, are introduced. "

    plus only version 7 can route a packet back to same interface it was
    received.


    :The big problem is that I just realized (please correct me if I'm wrong)
    :that I can't let all the PC access the internet if I don't do interVLAN
    :routing (and I can't with the hardware I have).


    Well, seems to me you need to do intervlan routing, the pix will not do it
    for you (at least not in the current version you have and not sure about
    the HW, sorry not security expert :( ). My suggestion will be put 1721
    between the switches and the pix to do intervlan routing and configure the
    pix for dsl.

    Any body has other thoughts?? :)




    --
    2nd Law of Thermodynamics: Chaos will Reign.

    ///////////////////
    --Anthrax--
    //////////////////
    "CiscoTech" <> wrote in message
    news:meUke.15459$...
    > Notice he said that no intranet routing was being done.
    > Without the vlan routing to each other, then the DHCP requests will not
    > make it to the DHCP server for it to offer the address across the vlans.
    > Thus multiple DHCP servers would be needed.
    >
    >
    > Anthrax wrote:
    >> Hello,
    >>
    >>
    >> You do not need to do anything, DHCP will only grant the ip
    >> addresses accordingly to the scope it has configured and the giaddr of
    >> the relaying interface. Let's say that a dhcp discover (from one of your
    >> pc's) goes into the 2950 which is configured to do DHCP relay to the PIX
    >> or any other DHCP server or is serving as a DHCP server itself. The DHCP
    >> will look in its available scopes and will only grant an ip address
    >> compatible with the relaying or receiver interface. I hope this helps,
    >> let us know.
    >>







    Posted Via Usenet.com Premium Usenet Newsgroup Services
    ----------------------------------------------------------
    ** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
    ----------------------------------------------------------
    http://www.usenet.com
    Guest, May 25, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. punisher
    Replies:
    2
    Views:
    2,061
    Charles Deling
    Nov 17, 2005
  2. Replies:
    3
    Views:
    1,453
    Scott Lowe
    Apr 27, 2006
  3. =?Utf-8?B?ZG91Z2hib3kzMQ==?=

    Implementing dhcp servers and dns servers

    =?Utf-8?B?ZG91Z2hib3kzMQ==?=, Jun 16, 2006, in forum: MCSE
    Replies:
    20
    Views:
    3,083
    Guest
    Jun 24, 2006
  4. BigAndy

    Separate Tabs, Separate Sessions

    BigAndy, May 9, 2007, in forum: Firefox
    Replies:
    0
    Views:
    588
    BigAndy
    May 9, 2007
  5. BigAndy

    Separate Tabs, Separate Sessions

    BigAndy, May 9, 2007, in forum: Firefox
    Replies:
    0
    Views:
    547
    BigAndy
    May 9, 2007
Loading...

Share This Page