Networking a basic question for the gods of subnets

ally_ukally_uk ■■■■□□□□□□ Posts: 1,146Member ■■■■□□□□□□
This one is for the masters of Networking.

Currently we have a network Setup with a router which is also handling DHCP: the network is operating on the 192.168.1 range of I.P

Now I wish to create a isolated lab environment in which I want to setup a Server running WDS and this server running one nic would be connected to a isolated switch.

The server itself would be running it's own DHCP server as machines would obviously have to be able to contact WDS services.

Now the first question for the guild of networkers:

1) Can I give the server any static ip address if it is separate from our main network and would it still function as a DHCP server if it is isolated?

2) If I decided not to keep the server isolated and added it to our main network and ran the DHCP server how can I avoid it conflicting with our current DHCP setup?
I am not to clued up on networking so break it down for me guys explain the magic of subnet masks.

I will take a wild guess and say if I say set the i.p to 192.168.2.1 as opposed to 192.168.1.1 it would work?

Thank you for the patience and guidance my friends as always.
Microsoft's strategy to conquer the I.T industry

" Embrace, evolve, extinguish "

Comments

  • hurricane1091hurricane1091 ■■■■□□□□□□ Posts: 918Member ■■■■□□□□□□
    ally_uk wrote: »
    This one is for the masters of Networking.

    Currently we have a network Setup with a router which is also handling DHCP: the network is operating on the 192.168.1 range of I.P

    Now I wish to create a isolated lab environment in which I want to setup a Server running WDS and this server running one nic would be connected to a isolated switch.

    The server itself would be running it's own DHCP server as machines would obviously have to be able to contact WDS services.

    Now the first question for the guild of networkers:

    1) Can I give the server any static ip address if it is separate from our main network and would it still function as a DHCP server if it is isolated?

    2) If I decided not to keep the server isolated and added it to our main network and ran the DHCP server how can I avoid it conflicting with our current DHCP setup?
    I am not to clued up on networking so break it down for me guys explain the magic of subnet masks.

    I will take a wild guess and say if I say set the i.p to 192.168.2.1 as opposed to 192.168.1.1 it would work?

    Thank you for the patience and guidance my friends as always.

    Somewhat confused at the question and somewhat outside of my expertise, but let's take a shot here. So, the closest DHCP server is usually used from my understanding. We use Windows for this, and is not something I am involved with. If you configure IP helpers (which I am involved with), it directs DHCP requests towards those configured IPs, which we are doing. If you were to do that and point everything to the correct DHCP server, you should be fine, but what hosts are you planning on having get DHCP from this new server? I have a lab environment that is on the network and does DHCP within my lab, and it does not ever hand out addresses outside of the lab. DHCP requests never reach the lab though, which is a result from my understanding of using IP helper configs.
  • PCTechLincPCTechLinc CISSP, CHFI, CEH, MCSA Server 2008, Project+, Security+ce, Server+, Network+, A+ King City, CAPosts: 621Member ■■■■■□□□□□
    The ip helper is going to help any DHCP client find a DHCP server in a different physical subnet. The problem is that the DHCPDiscover packet is going to be a broadcast. You aren't going to be able to have two different DHCP servers on the same subnet, unless they are being used for load balancing. Additionally, you have a more complicated setup that WDS REQUIRES Active Directory, which also REQUIRES your WDS/DHCP server to be trusted by Active Directory, otherwise your DHCP scope won't work. If you want your WDS server to provide PXE services and not interfere, you'll have to separate the links and make sure it sees the broadcast separately. I'm doing this in my head, so please forgive me for not providing further details.

    My opinion is to keep it isolated, and only join it to the production network if you know in advance what it will end up doing. Last thing you want is a rogue DHCP server handing out the wrong addresses to the wrong clients.
    Master of Business Administration in Information Technology Management - Western Governors University
    Master of Science in Information Security and Assurance - Western Governors University
    Bachelor of Science in Network Administration - Western Governors University
    Associate of Applied Science x4 - Heald College
  • hurricane1091hurricane1091 ■■■■□□□□□□ Posts: 918Member ■■■■□□□□□□
    PCTechLinc wrote: »
    The ip helper is going to help any DHCP client find a DHCP server in a different physical subnet. The problem is that the DHCPDiscover packet is going to be a broadcast. You aren't going to be able to have two different DHCP servers on the same subnet, unless they are being used for load balancing. Additionally, you have a more complicated setup that WDS REQUIRES Active Directory, which also REQUIRES your WDS/DHCP server to be trusted by Active Directory, otherwise your DHCP scope won't work. If you want your WDS server to provide PXE services and not interfere, you'll have to separate the links and make sure it sees the broadcast separately. I'm doing this in my head, so please forgive me for not providing further details.

    My opinion is to keep it isolated, and only join it to the production network if you know in advance what it will end up doing. Last thing you want is a rogue DHCP server handing out the wrong addresses to the wrong clients.

    The DHCP discover is a broadcast, but when using IP Helpers, is the broadcast still flooded out or is it intercepted by say the layer 3 switch, and then forwarded as a unicast? This is something I've wondered but never really did make an attempt to learn more about, but this is as good a time as any to learn something lol.

    I had a specific need for DHCP in my lab, which is really the only time I used DHCP personally aside from learning it a bit for a lab. We use Windows for all DHCP needs otherwise which is another team, so I simply have only known to just use IP Helper and really not much else. I know that DHCP did not cause any grief anywhere, and my phone registers successfully so it is most definitely on the network. The OP says isolated, but with potential to be on the network. I don't really know how to interpret this, because my lab is isolated yet on the network I would say. Naturally our actual DHCP servers are not on the same subnet as any user VLANs, and neither is my lab. I can't comment at all on Windows DHCP, but it must be possible for the OP to have it on the production network but only have specific host use it? I have heard of a rogue DHCP server though cause grief, definitely be careful!

    Edit: I guess you really wouldn't say my set up is "isolated". It's on a reserved lab subnet, and it's very controlled to make sure nothing interferes, but is totally accessible.
  • PCTechLincPCTechLinc CISSP, CHFI, CEH, MCSA Server 2008, Project+, Security+ce, Server+, Network+, A+ King City, CAPosts: 621Member ■■■■■□□□□□
    The DHCP discover is a broadcast, but when using IP Helpers, is the broadcast still flooded out or is it intercepted by say the layer 3 switch, and then forwarded as a unicast? This is something I've wondered but never really did make an attempt to learn more about, but this is as good a time as any to learn something lol.

    I know, it's really confusing! When you use an ip helper, the agent sends a unicast to the DHCP server, which is why you can have it travel multiple hops. Then, when the DHCP server responds, it sends a unicast reply back to the helper, and the helper sends it back to the MAC that requested.

    The reason why your phone works just fine is because of the VLAN tagging. A PC connected to the switch interface inline of an IP phone is still seen as on another network because of the VLAN tagging. I only have experience with Avaya IP phones, but in their configurations, you tell it to which VLAN it belongs, and the IP address of the DHCP server. That's how it knows which traffic to tag or not. I would assume Cisco IP phones would be configured in a similar manner.

    Best way for the whole situation though is to create a virtual lab that has all these elements. Could be done with GNS3 and Virtualbox, with a computer that has enough hardware resources. Added benefit is being able to use Wireshark from within GNS3 to see everything.
    Master of Business Administration in Information Technology Management - Western Governors University
    Master of Science in Information Security and Assurance - Western Governors University
    Bachelor of Science in Network Administration - Western Governors University
    Associate of Applied Science x4 - Heald College
  • hurricane1091hurricane1091 ■■■■□□□□□□ Posts: 918Member ■■■■□□□□□□
    PCTechLinc wrote: »
    I know, it's really confusing! When you use an ip helper, the agent sends a unicast to the DHCP server, which is why you can have it travel multiple hops. Then, when the DHCP server responds, it sends a unicast reply back to the helper, and the helper sends it back to the MAC that requested.

    The reason why your phone works just fine is because of the VLAN tagging. A PC connected to the switch interface inline of an IP phone is still seen as on another network because of the VLAN tagging. I only have experience with Avaya IP phones, but in their configurations, you tell it to which VLAN it belongs, and the IP address of the DHCP server. That's how it knows which traffic to tag or not. I would assume Cisco IP phones would be configured in a similar manner.

    Best way for the whole situation though is to create a virtual lab that has all these elements. Could be done with GNS3 and Virtualbox, with a computer that has enough hardware resources. Added benefit is being able to use Wireshark from within GNS3 to see everything.

    Great insight! When using Cisco phones and Cisco switches, you can define the user VLAN and also the voice VLAN, so a trunked port ends up not being configured but essentially I suppose you could say it works in a similar way. The voice VLAN only works if you use Cisco phones I do believe, and that is a result of CDP playing a part of the process in determining the voice VLAN. I believe the Cisco phone will tag phone traffic with the voice VLAN, and the traffic from the computer is un-tagged. The switch sees this and understands the traffic belongs to whatever VLAN the "switchport access vlan [VLAN #]" was configured for.

    Sorry we got a bit off topic here OP!
  • ally_ukally_uk ■■■■□□□□□□ Posts: 1,146Member ■■■■□□□□□□
    Its ok guys :) I have no idea what you are talking about :)

    Anyways maybe I need to explain a bit better

    If I setup a server with one network card and have it connected to a switch and configure it with with say a i.p address of 192.168.1.2 would it still function as a DHCP server? Bearing in mind it is isolated and wouldn't have internet or connections to a router.

    I guess the bit which is confusing myself is because obviously the server wouldnt be connected to s router. When assigning an i.p address what would I set the gateway address as? Or would it be the localhost?

    Basic layout is Server connected directly to switch. I then plug clients in and they are given a i.p address from the server for PXE boot related operations.

    ^ that is what I am trying to achieve but in isolation from main network.
    Microsoft's strategy to conquer the I.T industry

    " Embrace, evolve, extinguish "
  • hurricane1091hurricane1091 ■■■■□□□□□□ Posts: 918Member ■■■■□□□□□□
    ally_uk wrote: »
    Its ok guys :) I have no idea what you are talking about :)

    Anyways maybe I need to explain a bit better

    If I setup a server with one network card and have it connected to a switch and configure it with with say a i.p address of 192.168.1.2 would it still function as a DHCP server? Bearing in mind it is isolated and wouldn't have internet or connections to a router.

    I guess the bit which is confusing myself is because obviously the server wouldnt be connected to s router. When assigning an i.p address what would I set the gateway address as? Or would it be the localhost?

    Basic layout is Server connected directly to switch. I then plug clients in and they are given a i.p address from the server for PXE boot related operations.

    ^ that is what I am trying to achieve but in isolation from main network.

    Okay, is this a layer 3 switch? If this is, then you are going to create a VLAN, and then a Switched Virtual Interface for that VLAN that will serve as the default gateway (192.168.1.1, guessing you want a mask of 255.255.255.0). Assign the port you plug the server into as the respective VLAN you have now created, and your server is now in business. If you plug a host in, assign it to that new VLAN as well. I believe the DHCP discover from the host will be broadcasted out ports connected to the same VLAN, so this should mean that this new server sees the discover and the DORA process is underway. Assuming this last statement is true (I do believe it is), then you will be okay in this setup. As for the technicalities for WDS and Windows DHCP and all that, I cannot provide any insight.
  • ally_ukally_uk ■■■■□□□□□□ Posts: 1,146Member ■■■■□□□□□□
    Way above my head dude, it's a basic Netgear 5 port Ethernet switch.

    If I remember back a few years ago when I first started playing with WDS I created a server assigned it a static i,p and it handled the dhcp it was isolated and was purely connected to a switch no vlan or nothing. I will try and replicate it and see what happens.

    But as I mentioned before would the gateway adddress be the server i.p? or do I not set a gateway in the above scenario
    Microsoft's strategy to conquer the I.T industry

    " Embrace, evolve, extinguish "
  • PCTechLincPCTechLinc CISSP, CHFI, CEH, MCSA Server 2008, Project+, Security+ce, Server+, Network+, A+ King City, CAPosts: 621Member ■■■■■□□□□□
    It depends... the gateway is just going to be the device that forwards traffic to a different subnet. If you don't have a gateway, then all traffic will be localized. This is just fine in lab environments, unless your lab consists of more than one subnet.
    Master of Business Administration in Information Technology Management - Western Governors University
    Master of Science in Information Security and Assurance - Western Governors University
    Bachelor of Science in Network Administration - Western Governors University
    Associate of Applied Science x4 - Heald College
  • hurricane1091hurricane1091 ■■■■□□□□□□ Posts: 918Member ■■■■□□□□□□
    Not sure what else to add here. Feel like you just plug everything into this basic switch and go, I think this has become an unnecessarily technical conversation lol. If the host is going to be on the same subnet as the server, just plug in and go. I have no idea how you plan on translating this to be in your real network, but for now I don't think much outside of plug-n-play is even needed.
  • ally_ukally_uk ■■■■□□□□□□ Posts: 1,146Member ■■■■□□□□□□
    It's going to outside the main network for now for experimentation purposes mainly for tinkering with WDS and MDT.

    If I rephrase my original question

    do you need to have internet access / gateway access and DNS for a DHCP server?

    If not can I just set a I.P for the server plug it into a switch and let it hand out DHCP to clients that connect to the switch?

    If this is the case do I just setup a static I.P address, leave the gateway blank or would the gateway be the servers i.p? this is what is confusing me
    :)
    Microsoft's strategy to conquer the I.T industry

    " Embrace, evolve, extinguish "
  • p@r0tuXus[email protected] ■■■■□□□□□□ Posts: 532Member ■■■■□□□□□□
    That switch is not layer 3, doesn't perform routing. Therefore, it won't handle your vlan traffic. You'll have to use the router in front of that switch to handle your VLAN traffic so designate ports on that router for your VLAN trunks and pass your traffic back and forth through your switch. If you do this, you can use your DHCP server on the switch but it'll only work within the VLAN, which is what you want. This will keep your VLAN separate from the rest of your network on that router and keep the DHCP hand-outs separated from the DHCP hand-outs from the router or whatever it's passing them on from.
    Completed: ITIL-F, A+, S+, CCENT, CCNA R|S
    In Progress: Linux+/LPIC-1, Python, Bash
    Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
  • ally_ukally_uk ■■■■□□□□□□ Posts: 1,146Member ■■■■□□□□□□
    i'm not running vlan all I want to do is setup a switch connected directly to the server is this not possible?
    Microsoft's strategy to conquer the I.T industry

    " Embrace, evolve, extinguish "
  • p@r0tuXus[email protected] ■■■■□□□□□□ Posts: 532Member ■■■■□□□□□□
    Sure, if you don't want your switch network to communicate with your routed network. In which case, no internet. I get what you want to do, the fact is it's not as simple in application as it is in theory, unless I'm completely missing what you're trying to do.
    Completed: ITIL-F, A+, S+, CCENT, CCNA R|S
    In Progress: Linux+/LPIC-1, Python, Bash
    Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
  • ally_ukally_uk ■■■■□□□□□□ Posts: 1,146Member ■■■■□□□□□□
    Ok our main network is connected to a router that is handling DHCP. Ignore this network.

    I want to plug in a server separately assign it a static I.P and then connect it directly to a 6 port switch. The server doesn't need Web access it is a lab environment and is seperate. This server will be running server 2012 and will need to be setup as a DHCP server as I want anything that is plugged into the switch to get a I.p address from this server.

    The question is when setting up I.p credetials for this server what do I specify the gateway as? Am I right in leaving it blank as there isn't a gateway or is the server acting as a gateway? My head hurts :)
    Microsoft's strategy to conquer the I.T industry

    " Embrace, evolve, extinguish "
  • p@r0tuXus[email protected] ■■■■□□□□□□ Posts: 532Member ■■■■□□□□□□
    Completed: ITIL-F, A+, S+, CCENT, CCNA R|S
    In Progress: Linux+/LPIC-1, Python, Bash
    Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
  • Moldygr33nb3anMoldygr33nb3an Posts: 241Member
    ally_uk wrote: »
    Ok our main network is connected to a router that is handling DHCP. Ignore this network.

    I want to plug in a server separately assign it a static I.P and then connect it directly to a 6 port switch. The server doesn't need Web access it is a lab environment and is seperate. This server will be running server 2012 and will need to be setup as a DHCP server as I want anything that is plugged into the switch to get a I.p address from this server.

    The question is when setting up I.p credetials for this server what do I specify the gateway as? Am I right in leaving it blank as there isn't a gateway or is the server acting as a gateway? My head hurts :)


    If the server does not need web access, you do not need to give it a gateway address. A gateway separates broadcast domains or, in layman terms, it separates the big bad internet from your private network. So no, you do not need to assign a gateway address. You would need to create your DHCP scope on the server.

    So if I am following correctly

    a. Home Router - > 6 Port Switch <- ServerDHCP (DOES NOT NEED INTERNET ACCESS)

    Or is it

    b. 6PortSwitch <--- ServerDHCP

    And you will have multiple hosts connected to this switch?


    So first configuration, any PC you plug into that 6 port switch will pull an IP address from your home router.

    Second configuration, any PC you plug into that 6 port switch will pull an IP address from that server, HOWEVER, will not have internet access.

    If you want the PCs to have internet access, you will need to go with the first configuration and disable DHCP on your home router.
    Current: OSCP

    Next: CCNP (R&S and Sec)

    Follow my OSCP Thread!
  • ally_ukally_uk ■■■■□□□□□□ Posts: 1,146Member ■■■■□□□□□□
    My layout is

    Server > switch

    No gateway involved the server is connected directly to a switch. I want any client connecting to this switch to be able to make contact with the server. (PXE, WDS)

    So regarding your second configuration in the above example.

    When I specify the I.P Addy do I just leave the gateway and DNS blank and use a class C subnet mask if the Addy of server is 192.168.1.2 for example

    Thank you for your reply you have hit the nail on the head of what I'm trying to achieve.
    Microsoft's strategy to conquer the I.T industry

    " Embrace, evolve, extinguish "
  • Moldygr33nb3anMoldygr33nb3an Posts: 241Member
    Technically if all the devices are on the same - in this case - 192.168.1.0 subnet, you can leave the gateway blank or input 192.168.1.1 - it doesn't matter (DHCP server admin should chime in to fact check whether or not you HAVE to have a gateway address or if it can remain blank) Since you're not going outside of the 192.168.1.0 network.


    All the hosts when communicating to the server will discover the server is on the same subnet and will never need the gateway. The devices and DHCP server will "DORA" on the local subnet and never need to send traffic to the gateway.

    Your 6 port switch will take care of the broadcasting for the devices to identify one another.

    DNS is irrelevant. Unless you're going outside the network.

    The only time a gateway is called is when traffic is destined to another network, which the device sending info will know because it's source IP is not on same network as the destination IP. That's when the device will say "I don't know who the hell this is" and send traffic to the gateway to figure out, and it's up to the gateway to send it to its respected network whether that's out to the internet or to another nearby layer 3 device.
    Current: OSCP

    Next: CCNP (R&S and Sec)

    Follow my OSCP Thread!
  • Moldygr33nb3anMoldygr33nb3an Posts: 241Member
    If your devices start displaying 169 addresses (APIPA addresses) it's because it's not communicating with the DHCP server.
    Current: OSCP

    Next: CCNP (R&S and Sec)

    Follow my OSCP Thread!
  • ally_ukally_uk ■■■■□□□□□□ Posts: 1,146Member ■■■■□□□□□□
    Guys thank you :) you have taught me well old wise ones. Thank you
    Microsoft's strategy to conquer the I.T industry

    " Embrace, evolve, extinguish "
  • ally_ukally_uk ■■■■□□□□□□ Posts: 1,146Member ■■■■□□□□□□
    Guys I have more questions which I am intrigued about regarding networking.

    Firstly if I hooked up server to a switch which is connected to our network setup a static i.p and configured it to hand out a small scope of i.p addys would this conflict with the dhcp server running on the router?

    Secondly if I go down the isolation way and strictly connect server to a switch what do I do about DNS? according to technet this is a requirement for running services such as WDs. Can I run WDS without DNS?

    Cheers dudes
    Microsoft's strategy to conquer the I.T industry

    " Embrace, evolve, extinguish "
Sign In or Register to comment.