Not sure if Dell has a similar function, but in Cisco land you specify an IP Helper address so the switch knows where to forward DHCP requests. That way you don't need a DHCP server physically on each VLAN.
From: David Lum [mailto:david....@nwea.org] Sent: Wednesday, August 03, 2011 10:27 AM To: NT System Admin Issues Subject: VLAN N00b So...I bought a wireless AP and it looks like I get to delve into learning a little VLANing. Environment: DNS,DHCP server (2003 SBS server, Domain controller) Second DC (2003 R2 Server) SonicWall Firewall Dell PowerConnect 3448 17 Domain PC's HP M110 Wireless AP with non-domain PC's using this to get to the Internet. Desired result for WLAN clients: * Able to get to the Internet, but not be able to see any domain systems. * DNS configured to non-domain server (SonicWall would be OK) I can VLAN with the PowerConnect and make it so that AP can only get to the firewall, but my issue then is how will any clients get assigned an IP address. I can configure the Sonicwall to hand out IP's but then I lose control of IP's (reservations, etc) from the SBS system. It looks like I should divorce DHCP from the SBS server and put it on the 2nd DC and allow the AP to see the one DC and the Sonicwall. Here's a document I found helpful: http://www.dell.com/downloads/global/products/pwcnt/en/howto_config_private_vlans.pdf >From that, the SBS server and all domain PC's would be in Community 10 The AP would be in Community 11 The firewall and 2nd DC (now doing DHCP) would be promiscuous. Is that too big of a risk? The HP110 can do RADIUS and I did install that capability on the 2nd DC but I don't really know what I'm doing here. This would get me close to my desired result. Can RADIUS be used to conditionally hand out IP addresses? What would be nice is the ability to have it so VLAN1 (Community 10 in the diagram) gets some IP settings, VLAN2 (Community 11) gets others - namely a different DNS server. All thoughts and comments welcome. David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin