Ok, so here's my question to that. The DHCP server is also the AD and DNS for the network, in addition to having a scope option that points their VoIP phones to a DHCP on their phone system (separate subnet as well). If I change the DG will that affect any of this as well?
Jay Dale Senior Systems Administrator P:281-574-2414 From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Sunday, January 29, 2012 8:29 AM To: NT System Admin Issues Subject: RE: Setup separate lab VLAN The DHCP servers needs to know where to send the packets back to, since the ultimate recipient isn't on the local collision domain. So, either you need a static route with a specific gateway, or you need to configure the default gateway, to point to whatever device is going to route the DHCP responses back to the client. For each particular DHCP scope, the DG needs to be set to wherever the client needs to use as its default gateway. The default gateway being the place where clients will send anything that's not on the local subnet (and doesn't have a specific route defined) - hence "default" gateway. Cheers Ken From: Jay Dale [mailto:jd...@unetek.com]<mailto:[mailto:jd...@unetek.com]> Sent: Sunday, 29 January 2012 9:26 AM To: NT System Admin Issues Subject: RE: Setup separate lab VLAN Making the DG of the DHCP server .30 won't mess up the rest of the network will it? It currently holds 2 scopes, one for each subnet. What should it issue as the DG for the workstations - the firewall or the VLAN IP? And if the VLAN IP, which one? Jay From: Glen Johnson [mailto:gjohn...@vhcc.edu]<mailto:[mailto:gjohn...@vhcc.edu]> Sent: Saturday, January 28, 2012 5:28 PM To: NT System Admin Issues Subject: RE: Setup separate lab VLAN What is the default gateway on the DHCP server? I'm pretty sure it should be 192.168.1.30 I don't think you want to have to add routes to all your devices on your data vlan. From: Jay Dale [mailto:jd...@unetek.com]<mailto:[mailto:jd...@unetek.com]> Sent: Saturday, January 28, 2012 9:23 AM To: NT System Admin Issues Subject: RE: Setup separate lab VLAN Ok, I added a route on the DHCP server itself with the "route add" command and I can now ping the DHCP server from a static .2 subnet address and I can ping the .2.10 IP on the lab VLAN from the DHCP server. But it still doesn't seem to be handing out .2 IP's from DHCP. I'm still missing something it seems. Jay Dale Senior Systems Administrator P:281-574-2414 From: Jay Dale [mailto:jd...@unetek.com]<mailto:[mailto:jd...@unetek.com]> Sent: Saturday, January 28, 2012 8:14 AM To: NT System Admin Issues Subject: RE: Setup separate lab VLAN The switch is a Layer 3 switch, it's set up as a stack of 4 with the top 1 totally dedicated to lab machines. The others are data for the rest of the network. So essentially the lab machines are segmented from the other switches but still need to access the rest of the network for apps, mail, etc. Currently the routes on the switch are as follows: Default route - IP of firewall 192.168.1.1 192.168.1.0/24 - 192.168.1.30 (IP of data VLAN) 192.168.2.0/24 - 192.168.2.10 (IP of lab VLAN) I can ping both VLAN addresses from the firewall and both from a static IP on the .2 network, but I still can't ping the DHCP server at 192.168.1.2. One person suggested I make the DHCP server DG the IP of the data VLAN, but wouldn't that mess up the rest of the network? Jay Jay Dale Senior Systems Administrator P:281-574-2414 From: Crawford, Scott [mailto:crawfo...@evangel.edu]<mailto:[mailto:crawfo...@evangel.edu]> Sent: Friday, January 27, 2012 7:54 PM To: NT System Admin Issues Subject: RE: Setup separate lab VLAN What is this switch connected to? You'll need a route on the switch it's connected to that points to this switch. If the DHCP server is on the other switch, you'll need the VLAN defined there as well. Are the 460's a layer 3 switch? From: Jay Dale [mailto:jd...@unetek.com]<mailto:[mailto:jd...@unetek.com]> Sent: Friday, January 27, 2012 3:13 PM To: NT System Admin Issues Subject: RE: Setup separate lab VLAN When I put a static address of 192.168.2.100 on one of the lab PC's, I can ping the IP address of the lab VLAN which is set to 192.168.2.10 and I can ping the IP of the default data vlan which is 192.168.1.30. However I can't ping the DHCP server address which is 192.168.1.2. Am I missing a route somewhere? Jay Dale Senior Systems Administrator P:281-574-2414 From: Glen Johnson [mailto:gjohn...@vhcc.edu]<mailto:[mailto:gjohn...@vhcc.edu]> Sent: Friday, January 27, 2012 2:27 PM To: NT System Admin Issues Subject: RE: Setup separate lab VLAN What isn't working. Do the machines on the lab vlan not get an IP address? What device is routing from lab vlan to the vlan where dhcp server is? From: Jay Dale [mailto:jd...@unetek.com]<mailto:[mailto:jd...@unetek.com]> Sent: Friday, January 27, 2012 2:36 PM To: NT System Admin Issues Subject: Setup separate lab VLAN Hey all, I'm truly stuck, hopefully I can find some assistance here. I have a client which is a school that is running out of IP addresses. Their subnet is 192.168.1.x/24 I would like to segment off their lab, which is around 50 PC's right there (in addition to all the youtube/facebook users) on it's own VLAN using subnet 192.168.2.x/24 I'm currently using 4 Extreme x460's - 1 of which is dedicated only to lab machines. I've set up another DHCP scope for the 192.168.2.x network. I created a VLAN on the switch and did the following commands: Create vlan Lab Configure vlan lab ipaddress 192.168.2.10/24 Configure vlan lab add ports 1:1-1:48 Enable bootprelay vlan lab Configure bootprelay add <ip of DHCP server> Configure bootprelay dhcp-agent information option Configure bootprelay dhcp-agent information check Enable ipforwarding vlan Lab I activated the scope, but it doesn't work. Is there a manual scope option that needs to be entered? Thanks, Jay Jay Dale Senior Systems Administrator Unetek, Inc. Phone: 281.574.2414 Email:jd...@unetek.com<mailto:jd...@unetek.com> Confidentiality Notice: This e-mail, including any attached files, may contain confidential and/or privileged information for the sole use of the intended recipient. If you are not the intended recipient, you are hereby notified that any review, dissemination or copying of this e-mail and attachments, if any, or the information contained herein, is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin