Segmenting Wireless Network - DHCP woes

  • Thread starter Thread starter aaron_mckee
  • Start date Start date
A

aaron_mckee

Network Diagram


{Internet}
|
[modem] (DSL)
|
[router/DMZ DHCP Server/4 port-switch .1]
|__________________________________________________
| (DMZ 192.168.1.x) | |
|
[RRAS 2000 Server DMZ.8/LAN.1][PC DMZ.2]-[PC DMZ.3]-[PC DMZ.4]
| (LAN 10.0.0.x)
|
[Linksys Wireless AP LAN .2]
|
{Wireless LAN} <-would like these to get 192.168.1.x IPs


I'm trying to get rid of the DHCP server in the LAN and allow the DHCP
server in the DMZ to assign IPs to the devices to the wireless clients.

I've tried every combination I can think of and the wireless LAN
devices will just not pickup IPs from the DMZ DHCP Server. My current
setup is RIP working on the DMZ int and and the DMZ DHCP server
specified for Relay with the Relay on the LAN interface. The DHCP Relay

agent is showing hundreds of Requests and replies received but still
the clients aren't getting DMZ IPs. Can anyone let me know if what I'm
trying to do is possible?
 
If I understand this configuration - and I may not - the answer is No. A
Relay Agent which receives a discover request on a 10.0.0.x interface will
duly forward this to whatever DHCP servers it is configured to forward to.
When it does this the Relay Agent adds the IP of the interface upon which
the discover packet was received (10.0.0.x) to the header. The target DHCP
server(s) will use an Anding process to determine whether they have an
available scope which matches the IP in the header. If not, no lease is
offered. If so, the DHCP client will get a 10.0.0.x address.

Doug Sherman
MCSE, MCSA, MCP+I, MVP
 
Wow, ok that makes sense. I know RRAS have the ability to create
virtual interfaces, could that possibly solve for this? I may be way
off on how I think virtual interfaces work ..
 
Don't think so - First, virtual interfaces/adapters are generally purpose
driven and behave in ways that are peculiar to that purpose - eg. OSPF,
PPOE, VPN, VNC, etc. Don't know that you can just create one, configure
Relay Agent to use it, and then have it intercept DHCP broadcasts. Second,
if a multihomed server has adapters with 192.168.1.x addresses on two
different networks, it has no way to determine which network to use if it
needs to send a packet to a DHCP server which also has a 192.168.1.x
address. Is your intent to simply prevent LAN machines from being able to
route to the DMZ subnet?

Doug Sherman
MCSE, MCSA, MCP+I, MVP
 
My intent is to have all wireless traffic pass through the Win2k RRAR
server for filtering, monitoring and access control. I was just hoping
to take some load off the RRAS server by disabling DHCP server. Seems
that is not a possibility.
 
Back
Top