[c-nsp] Cisco noob -- design guidance request

Simon Lockhart simon at slimey.org
Sun Sep 2 05:06:25 EDT 2007 

On Sat Sep 01, 2007 at 10:12:07PM -0600, David L. West wrote:
> I'm setting up a new LAN in an office building with multiple tenants who 
> will be sharing internet access, DNS/DHCP but have individual VLANS to keep 
> them seperate from the other tenants.  I think that the key here is having 
> each VLAN have a "helper address" that serves as a DHCP Relay Agent , which 
> in turn is how the DHCP server "knows" which range to hand the client.

Yup - this is a standard design for multi-subnet DHCP.
 
> After a lot of googling, I came up with a configuration that I think will 
> allow all the VLANs to share a DNS/DHCP server, and am detailing it here in 
> the hopes of getting some indication of whether I'm on the right track.

You're almost there...

> The server has a NIC configured with multiple IPs, like so:
> 
>  172.16.0.1 / 255.255.255.254 ; Subnet 0 -- Reserved for switches & routers
>  172.16.2.0 / 255.255.255.254 ; Subnet 1 -- Reserved for network servers
>  172.16.4.0 / 255.255.255.254 ; Subnet 2 -- First tenant subnet (VLAN 102)
>  172.16.6.0 / 255.255.255.254 ; Subnet 3 -- First tenant subnet (VLAN 103)
>  ...
>  172.16.0.255 / 255.255.255.254 Subnet 127 (VLAN 227)

You don't need to do this. Assuming you're only doing this for DHCP, then the
server does not need to be in every subnet. By configuring "ip helper address"
the switch will do DHCP relay, and turns the DHCP request into a unicast 
request to the server, and adds something to the request to tell the DHCP 
server which subnet it should allocate the address from.
 
> This NIC is connected to a switch port configured like so:
> 
>  interface GigabitEthernet0/12
>  switchport trunk allowed vlan 30,102-227
>  switchport mode trunk
>  spanning-tree portfast

No need - just configure the server as a access port on the switch in the
vlan for 172.16.2.0/23 and give it an IP in that subnet (e.g. 172.16.2.1)

> The Vlans 102-227 are derived by adding 100 to the subnets above, so VLAN102 
> is:
> 
>  interface Vlan102
>  ip address 172.16.5.254 255.255.254.0
>  ip helper-address 172.16.4.1
>  no ip route-cache

Configure "ip helper-address 172.16.2.1" rather than what you have.
 
> DHCP is running on the server with a dhcpd.conf like so:

Sorry, I can't remember the exact syntax for the dhcpd.conf for this, but
you just need to add a subnet {} section for each of the subnets, and it'll
work out what you mean...

Hope that helps,

Simon
-- 
Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration *
   Director    |    * Domain & Web Hosting * Internet Consultancy * 
  Bogons Ltd   | * http://www.bogons.net/  *  Email: info at bogons.net  *

More information about the cisco-nsp mailing list