Multiple VLANs, multiple subnets, single DHCP server

dhcpsubnetvlanwindows-server-2003

At my job we are prepping to transition from multiple LANs connected over slow VPN connections to a single MAN connected over fiber, and I've got a few questions.

First of all, we are planning on making each physical site its own VLAN, but we would like to have a single DHCP server at the data center hand out IPs to each VLAN. We've pretty much got the VLAN tagging structure all worked out, but we would like to have our single DHCP server assign different subnets of IPs to each VLAN. For instance:

  • VLAN 2 gets 10.0.2.x through 10.0.4.x
  • VLAN 3 gets 10.0.5.x through 10.0.7.x etc.

We are an Active Directory based shop and we have a Server 2003 box handling DHCP (though we aren't averse to upgrading it to server 2008.)

Is this feasible, or am I pipe-dreaming?

Best Answer

We're doing this with Server 2003 where I am. The key is our central layer 3 device (in our case an old 3Com 4900 SX). It has what 3Com calls a "virtual interface" for each vlan. When dhcp requests arrive at the device from the outside it forwards them using same vlan interface they arrived on. The dhcp server just has a scope setup for each vlan with no other special configuration details. It matches the dhcp request to the originating interface on the layer 3 device to know which scope to use. That's out of the box behavior for the windows dhcp server.

The downside to this approach is that segment with your server must now be a member of all vlans (on the same virtual segment). This means all your broadcast traffic will now go up the fiber link to your main office (though not down all the other links to other branches), and it's nice to keep those links as clean as possible. It'll also use time on what is likely already your busiest local segment to reach your server. But this is probably unavoidable anyway.

Update:
Looking again, we do use the 003 (Router) option under Scope Options to match the address of the virtual interface with the correct vlan. That may have something to do with it as well, but I think that really just sets the default gateway.