Overlapping DHCP Scopes

flares2flares2 Member Posts: 79 ■■□□□□□□□□
So I'm trying to create another DHCP Scope with a different default gateway than what everyone is currently going through. The idea is to give certain departments/privileged users access to a different WAN connection to meet their operational needs.
Currently DHCP has a lease pool of 10.20.20.1-21.254 / 16 with a default gateway of 10.20.30.1. The idea was to create a second scope 10.20.22.1-23.254 / 16 going through the other gateway of 10.20.30.101 and MAC filter the new scope so only those privileged users' PCs will pull an IP from the second scope.
Sadly I have found, as you MS gurus already know, that two scopes within the same mask can not be created. I don't want to destroy and recreate the original scope with a new mask, and due to the proximity of these users, I don't want to throw on my sneakers and spend all week making them static.
Any ideas? I see that DHCP allows for multiple routers but is there a way to give preference based off IP, or is there some other simple solution that I'm overlooking?
Techexams.net - Job security for one more day.

Comments

  • dynamikdynamik Banned Posts: 12,314 ■■■■■■■■□□
    When you create the reservations, you'll be able to specify options for the reservations, and you can override the gateway there.
  • wedge1988wedge1988 Member Posts: 434 ■■■□□□□□□□
    As far as i am aware, DHCP is pretty limited in which it will simply send an IP address out if a request is made. It doesnt matter where you are, if you can contact a DHCP server it will lease you an ip address. (upon request)

    again, DHCP is meant to make everybodys life better, so you shouldnt be running anywhere.

    Ideally you should be using security to lock down which users have access to the servers you want them to have access to use. IPSec is ideal for the situation you need, whereas so would be creating a second domain and assigning a trust relationship between the two, giving only those users you want to have access to the other domain (which is way more intensive that IPSec)

    Do some IPSec research and see if its what your looking for?
    ~ wedge1988 ~ IdioT Certified~
    MCSE:2003 ~ MCITP:EA ~ CCNP:R&S ~ CCNA:R&S ~ CCNA:Voice ~ Office 2000 MASTER ~ A+ ~ N+ ~ C&G:IT Diploma ~ Ofqual Entry Japanese
  • flares2flares2 Member Posts: 79 ■■□□□□□□□□
    Thanks Dynamik. You always seem to have the simple solution.
    Techexams.net - Job security for one more day.
  • flares2flares2 Member Posts: 79 ■■□□□□□□□□
    Thanks to you to Wedge. Sorry, we both posted our replies at the same time so I missed yours. I'll look into it.
    Techexams.net - Job security for one more day.
  • wedge1988wedge1988 Member Posts: 434 ■■■□□□□□□□
    no problem flares, you might find that ipsec is a little overkill, but it makes servers require security based on IP addresses, otherwise it wont respond.

    heres a little article, kept simple that you might find useful.

    http://www.enterprisenetworkingplanet.com/netsecur/article.php/3489911

    then again, it might not be what you were looking for?
    ~ wedge1988 ~ IdioT Certified~
    MCSE:2003 ~ MCITP:EA ~ CCNP:R&S ~ CCNA:R&S ~ CCNA:Voice ~ Office 2000 MASTER ~ A+ ~ N+ ~ C&G:IT Diploma ~ Ofqual Entry Japanese
Sign In or Register to comment.