Logical Subnets and Superscopes

exit12exit12 Member Posts: 30 ■■□□□□□□□□
Hi all

I've been reading up on multiscopes etc.., and have a question and hope it can be explained a bit clearer.
From my understanding, supercopes would be created if we want to supply IP addresses to machines on a different phyiscal subnet or logical subnet from.

What If I had subnet A which has a single dhcp server and subnet A contained 2 multinets (B and C).
I create 2 seperate scopes for each multinet. When these machines are booted up, how do does the dhcp server know which scope to use for each of the pcs? since they are on same physical site (just different logical subnets)?

make sense? icon_confused.gif

Thank You
Do just once what others say you can't do, and you will never pay attention to their limitations again.

Comments

  • GeorgeMcFly22GeorgeMcFly22 Member Posts: 109
    I think superscopes are used if you ran out of ip addresses on your original scope.

    Your DHCP server would first use the ip addresses of your first scoped and then continue with the ip addresses on your second scope.

    If you need a machine to have a particular ip you would have to set an ip reservation on your dhcp server.

    If it is your purpose to have separate logical networks on the same physical network, you use VLAN's.
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    Superscopes are a little bit different than what you are thinking. Basically, if a DHCP server only has 1 NIC, it is assigned to 1 subnet. If you need that DHCP server to be authoritative for multiple subnets, you create multiple scopes and place them in a superscope. Now let's say you did not have a superscope and just had multiple scopes for different subnets. If a client from a different subnet requested an IP Address and the DHCP server saw this bootp request, the DHCP server would see it is in the same subnet and send a NAK back. On the other hand, if all these scopes were in a superscope, the DHCP server would not send a NAK back for requests that are not in its subnet and actually becomes authoritative for these requests coming from different subnets. The DHCP will send an offer to the requesting client, and the DHCP process continues.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • exit12exit12 Member Posts: 30 ■■□□□□□□□□
    ok, so if i have one dhcp server wth one nic supplying IP's within one phyiscal network... would I have to create a vlan, when I want to create 2 logical subnets within that 1 physical network?

    I'm starting to confuse myself I think! sorry! :D
    Do just once what others say you can't do, and you will never pay attention to their limitations again.
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    royal wrote:
    Superscopes are a little bit different than what you are thinking. Basically, if a DHCP server only has 1 NIC, it is assigned to 1 subnet. If you need that DHCP server to be authoritative for multiple subnets, you create multiple scopes and place them in a superscope. Now let's say you did not have a superscope and just had multiple scopes for different subnets. If a client from a different subnet requested an IP Address and the DHCP server saw this bootp request, the DHCP server would see it is in the same subnet and send a NAK back. On the other hand, if all these scopes were in a superscope, the DHCP server would not send a NAK back for requests that are not in its subnet and actually becomes authoritative for these requests coming from different subnets. The DHCP will send an offer to the requesting client, and the DHCP process continues.

    I have a single DHCP server with multiple (3) scopes and a single nic, but no supernet. As long as you properly configure the DHCP relay agent, you will not have any problems. Also, a DHCP server is not authoritative based on subnets, it's authorized on a domain wide basis. Once you setup a scope, it will beging passing out the IP's in that scope - there is no further authorization involved once the server is authorized on the domain.
    All things are possible, only believe.
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    I think you are misunderstanding my point in regards to authoritative. I didn't mean that you authorize it with a subnet. That would be impossible! I meant that it's authoritative in the sense that if a client is on the same Network ID, it won't send a NAK back due to the fact that the DHCP server will successfully answer back.

    Also, the reason why you can use scopes is cause your clients are on differnet segments. If the clients are on the same segment with different network ids, you need to place them in a superscope.

    http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cncb_dhc_opoj.mspx?mfr=true
    A superscope allows a DHCP server to provide leases from more than one scope to clients on a single physical network.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • exit12exit12 Member Posts: 30 ■■□□□□□□□□
    Think I'll need to do some more reading on multinets and dhcp. I'ma bot confused! icon_lol.gif
    Do just once what others say you can't do, and you will never pay attention to their limitations again.
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    exit12 wrote:
    Think I'll need to do some more reading on multinets and dhcp. I'ma bot confused! icon_lol.gif
    Sorry if we confused you a little, but I'm sure you'll get it straight with a little reading. We can still try to answer any specific questions you may have as you go along.
    Royal wrote:
    I think you are misunderstanding my point in regards to authoritative.
    No problem. I suspected as much, but thought better safe than sorry to avoid confusion, chaos, fear and destruction of the universe as we know it.... icon_lol.gif
    All things are possible, only believe.
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    sprkymrk wrote:
    Royal wrote:
    I think you are misunderstanding my point in regards to authoritative.
    No problem. I suspected as much, but thought better safe than sorry to avoid confusion, chaos, fear and destruction of the universe as we know it.... icon_lol.gif

    I do admit I should have chosen a better word than authoritative since DHCP there is an authorization that needs to take place in the DHCP Console.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    You might find this lengthy TechNet article informative.

    icon_arrow.gifEnterprise Design for DHCP
    Technet wrote:
    Superscopes
    Superscopes are an administrative grouping feature that supports a DHCP server's ability to use more than one scope for each physical interface and subnet. Superscopes are useful if:

    • More DHCP clients must be added to a network than were originally planned.

    • An IP network is renumbered.

    • Two or more DHCP servers are configured to provide scope redundancy and fault-tolerant DHCP service for a single subnet.

    Royal wrote:
    Now let's say you did not have a superscope and just had multiple scopes for different subnets. If a client from a different subnet requested an IP Address and the DHCP server saw this bootp request, the DHCP server would see it is in the same subnet and send a NAK back.
    Check out the link Royal, I think it explains that this (the DHCP negative acknowledgement message or DHCPNAK) only happens when you have 2 or more DHCP servers on the same subnet. In which case, you would create a superscope configured the same at all servers. It's possible that's what you were saying and I just didn't catch it right. icon_cool.gif
    All things are possible, only believe.
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    Cool, thanks for the link.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • PashPash Member Posts: 1,600 ■■■■■□□□□□
    Get ready royal, pashy has an incoming DHCP diagram with more colourful lines and messy text than the DNS one icon_twisted.gif

    But this one will be my own, so it wont be wrong :p
    DevOps Engineer and Security Champion. https://blog.pash.by - I am trying to find my writing style, so please bear with me.
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    There's 2 Superscope sections on that document Mark. One states exactly the reasons you did. The second section states my reasoning, "An IP Network is renumbered." Basically, both of our points are valid, but different scenarios. When you renumber an IP Network, it'll be a different IP subnet than the DHCP Adapter is configured for, hence why you have to use a superscope so it won't send a NAK back. The link below explains my reasoning behind my described situation.
    Superscopes

    Superscopes are an administrative grouping feature that supports a DHCP server's ability to use more than one scope for each physical interface and subnet. Superscopes are useful if:
    • More DHCP clients must be added to a network than were originally planned.
    • An IP network is renumbered.
    • Two or more DHCP servers are configured to provide scope redundancy and fault-tolerant DHCP service for a single subnet.

    Each superscope can contain one or more member scopes, also known as child scopes. Superscopes are available on Windows DHCP servers from Windows NT 4.0 Server Service Pack 2 onwards. If all Windows-based DHCP servers are on this version (or later), there will be no interoperability issues in the use of superscopes.

    This article fully explains my reasoning behind why you'd need a superscope if you are using multiple network ids when the DHCP server has only 1 interface on one of the subnets.
    http://www.cramsession.com/articles/files/dhcp-server-superscopes-9172003-0848.asp
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    That's a nice link royal. Makes sense. And switching to a new network id is probably the only time I would use a superscope over a multinet or layer 3 segmentation with relay agents anyway. Thanks. icon_cool.gif
    All things are possible, only believe.
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    You know Mark, I think that superscope article is incorrect. I had to set up a DHCP server yesterday for multiple segments and noticed what you said earlier in the article worked the same for me. I had 1 DHCP server with only 1 NIC with only 1 IP address and had a scope for that segment as well as other scopes for other segments. I noticed that if a client was on the same segment and was able to contact the DHCP server without having to go through a router, the DHCP server knew it was on the same segment. It would then give an ip to that client from the same scope that the dhcp's network id belongs to. So if there's a scope for 192.168.5.0/24 and the client on the same segment requested an ip and didn't have to go through a router, the DHCP server would see that it is on the 192.168.5.0/24 network and gave the client an ip from the 192.168.5.0/24 scope.

    The routers that connected the other segment were configured with a DHCP Helper IP which let the DHCP server know which network ID the client should obtain the address for. That client would then receive an IP from that scope.

    Not sure why that cramsession article stated that you'd need a superscope if your DHCP server has a single nic with single ip and it's going to have multiple segments. It's clearly not the case.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Yes, in the first 3-4 paragraphs under Multiple Scopes on a Single DHCP Server they are incorrect. Otherwise what would be the point of a DHCP/Bootp relay agent? You could simply allow UDP port 68 on a router and be done with it. The relay agent (or DHCP Helper) tells the DHCP server what scope to use based on the network id of the agent. So no superscope is needed in that case.
    All things are possible, only believe.
Sign In or Register to comment.