Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Discussions
Off Topic
Overlapping DHCP Scopes
flares2
So I'm trying to create another DHCP Scope with a different default gateway than what everyone is currently going through. The idea is to give certain departments/privileged users access to a different WAN connection to meet their operational needs.
Currently DHCP has a lease pool of 10.20.20.1-21.254 / 16 with a default gateway of 10.20.30.1. The idea was to create a second scope 10.20.22.1-23.254 / 16 going through the other gateway of 10.20.30.101 and MAC filter the new scope so only those privileged users' PCs will pull an IP from the second scope.
Sadly I have found, as you MS gurus already know, that two scopes within the same mask can not be created. I don't want to destroy and recreate the original scope with a new mask, and due to the proximity of these users, I don't want to throw on my sneakers and spend all week making them static.
Any ideas? I see that DHCP allows for multiple routers but is there a way to give preference based off IP, or is there some other simple solution that I'm overlooking?
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
dynamik
When you create the reservations, you'll be able to specify options for the reservations, and you can override the gateway there.
wedge1988
As far as i am aware, DHCP is pretty limited in which it will simply send an IP address out if a request is made. It doesnt matter where you are, if you can contact a DHCP server it will lease you an ip address. (upon request)
again, DHCP is meant to make everybodys life better, so you shouldnt be running anywhere.
Ideally you should be using security to lock down which users have access to the servers you want them to have access to use. IPSec is ideal for the situation you need, whereas so would be creating a second domain and assigning a trust relationship between the two, giving only those users you want to have access to the other domain (which is way more intensive that IPSec)
Do some IPSec research and see if its what your looking for?
flares2
Thanks Dynamik. You always seem to have the simple solution.
flares2
Thanks to you to Wedge. Sorry, we both posted our replies at the same time so I missed yours. I'll look into it.
wedge1988
no problem flares, you might find that ipsec is a little overkill, but it makes servers require security based on IP addresses, otherwise it wont respond.
heres a little article, kept simple that you might find useful.
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3489911
then again, it might not be what you were looking for?
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
