Segmenting Wireless Network - DHCP woes

  • Thread starter Thread starter ./am
  • Start date Start date
A

./am

Network Diagram

{Internet}
|
[modem] (DSL)
|
[router/DMZ DHCP Server/4 port-switch .1]
|_________________________________________________________________
| (DMZ 192.168.1.x)
| | |
[Multihomed RRAS 2000 Server DMZ .8 / LAN .1][PC DMZ .2]-[PC DMZ
..3]-[PC DMZ .4]
| (LAN 10.0.0.x)
[Linksys Wireless AP LAN .2]
|
{Wireless LAN} <-would like these to get 192.168.1.x IPs


I'm trying to get rid of the DHCP server in the LAN and allow the DHCP
server in the DMZ to assign IPs to the devices to the wireless clients.
I've tried every combination I can think of and the wireless LAN
devices will just not pickup IPs from the DMZ DHCP Server. My current
setup is RIP working on the DMZ int and and the DMZ DHCP server
specified for Relay with the Relay on the LAN interface. The DHCP Relay
agent is showing hundreds of Requests and replies received but still
the clients aren't getting DMZ IPs. Can anyone let me know if what I'm
trying to do is possible?
 
Are they getting any IP address at all?

What happens if you assign your wireless client a 192.168 IP address
statically.

Is that machine able to route correctly. If not I would start there.

I'm unable to tell from your diagram if the lan side 10.0.0.0 would know
what to do with a packet from a 192.168.X.X device. That would be the first
thing I would look into. DHCP would come last.

I had to build something like that my diagram would look like:

Internet
|
Router
|
Switch 192.168.x.x
| |
Server <Firewalling> Wireless AP ---- DMZ Wireless workstations
|
|
Lan 10.0.0.X
So the sever is hardwired to the DMZ access point where it dishes out the
appropriate scope.

another thing to consider. Why not have the wireless AP handle the DHCP?
And let Filtering/firewalling happen between the server and the DMZ. Having
the DMZ on the lan sort of kills the point of having a DMZ?

Then again, I might not be understanding your diagram.


:
 
Yes the wireless pcs get 10.0.0.x Ips just fine from the RRAS server
(when I have dhcp running). I am also able to successfully route back
and forth between the two subnets just fine. The reason I have my setup
somewhat "backwards" is so the only clients that have to rely on the
win2k RRAS server being up are the wireless ones. This is also so I can
monitor all wireless traffic at the win2k server level. In the event
there is a RRAS problem or wireless hack, I can shutdown access quickly
at the rras level and not disrupt any normal activity on my network. My
AC point does not dull out DHCP, but the RRAS server could (and did).
I'm trying to lower the amount of services on the RRAS server and was
hoping to be able to pass DHCP through to the LAN without any problems.
 
Back
Top