Authorising RIS using Cisco 6509

A

atoandy

n00b
Joined
Jun 8, 2005
Messages
4
I wonder if anybody can help me with an RIS problem.

Some background: I am working at a University in Ethiopia (it's a long story ...) and we have just had a University network installed, using Cisco switches. The DHCP is handled by Cisco 6509s, and I would like to get an RIS server running for the network. I have experience of setting up RIS on a Windows network, where our W2003 server was running DHCP. I know from this that we have to authorise the RIS server from the DHCP server. In Windows 2003 DHCP this is easy, but on our main network now the Cisco 6509 is handling DHCP. So my question is: how can we get the Cisco 6509 to authorise the RIS server? We have looked through the list of switch interface commands and can't find anything obvious.

Thanks,

Andy King.
 
I don't think you are going to be able to. Can you use the RIS server as the DHCP server?
 
Thanks for the reply.

The thing is, we have a number of VLANs on the network, and the Cisco 6509 currently handles giving out the correct IP addresses to each VLAN. We could, for example, use a Windows DHCP on one VLAN and have that DHCP server also be an RIS server. That would let us have an RIS server for that VLAN, but I don't think it would respond to requests from other VLANS. Or have I missed something?

The other alternative is to replace the Cisco 6509 DHCP with a single Windows DHCP, but this is a big change and I wanted to avoid this if possible. Things are working well so far apart from the RIS thing ...

I'm puzzled - I'm sure there must be an answer to this but I'm kind of new to Cisco switches ... any ideas?
 
That is what IP Helpers are for (helper-addresses)

you will enter in your DHCP servers ip address as a helper-address on your 6509 for each network that you wish to forward dhcp requests on to.

Then, when a client requests / broadcasts for a DHCP address, the router (6509) will see this, and forward it to your DHCP server (from the helper address you specify), and the DHCP server will send back (unicast) a dhcp response.

You must configure a helper address for each VLAN / network you wish to do this on.
 
I see that RIS is remote installation server. I am not familiar at all with this or how it works, but I am pretty familiar with Cisco gear. So why does it work when a windows server is handling DHCP but not when a 6509 is controlling it (if you know/have an idea)? Are the remote installs on the request of the clients (unicasts perhaps) or pushed from the server (probably multicast)?
 
RIS sends out special DHCP packets in response to a bootp/PXE boot request. The packets contain the address of the RIS server.

Microsoft has documentation on how to set up RIS to use an alternate DHCP server, or at least hints on what you need to do.
 
I just wanted to say thanks for all the suggestions/help. We have our RIS server working now. In case other people experience the same problem, I will summarise what (I think) I've learnt here.

1) It is not possible to authorise another DHCP using a Cisco 6509 switch.
2) RIS has to be authorised by a DHCP server to work.
3) Therefore you have to have at least one Windows DHCP on your network.

We did it by switching off the Cisco DHCP for a single VLAN (50), and then setting up a Windows 2003 Server RIS/DHCP machine. This machine is responsible for giving out dynamic IP addresses on VLAN 50. Then to enable it to respond to remote installation requests from other VLANs we configured the Cisco switch so that the IP address of the RIS server was specified as a 'helper IP address'. This tells the Cisco switch that this machine can received broadcasts from other VLANs (normally broadcasts do not cross VLAN boundaries).

So basically it works now, but it does seem very slow. In the test we did the remote install took about 4 hours, compared to the normal time of 45 minutes or so. Has anybody else experienced this? I guess we can always run the remote installs overnight, so this problem won't stop us using the RIS, but it seems strange.

Thanks again,

Andy.
 
atoandy said:
I just wanted to say thanks for all the suggestions/help. We have our RIS server working now. In case other people experience the same problem, I will summarise what (I think) I've learnt here.

1) It is not possible to authorise another DHCP using a Cisco 6509 switch.
2) RIS has to be authorised by a DHCP server to work.
3) Therefore you have to have at least one Windows DHCP on your network.

We did it by switching off the Cisco DHCP for a single VLAN (50), and then setting up a Windows 2003 Server RIS/DHCP machine. This machine is responsible for giving out dynamic IP addresses on VLAN 50. Then to enable it to respond to remote installation requests from other VLANs we configured the Cisco switch so that the IP address of the RIS server was specified as a 'helper IP address'. This tells the Cisco switch that this machine can received broadcasts from other VLANs (normally broadcasts do not cross VLAN boundaries).

So basically it works now, but it does seem very slow. In the test we did the remote install took about 4 hours, compared to the normal time of 45 minutes or so. Has anybody else experienced this? I guess we can always run the remote installs overnight, so this problem won't stop us using the RIS, but it seems strange.

Thanks again,

Andy.
Click to expand...

Why not migrate all of your DHCP services to this W2K3 server?

Doesn't make much sense to use 2 DHCP servers (the switch AND a server)
 
Yes we did consider that. I was really just trying to minimise changes to the current set-up. But maybe this is a better solution. The Cisco DHCP automatically gives appropriate IP addresses based on the VLAN the request comes from (i.e. the 3rd digit of the IP address is different for each VLAN). Is this easy to configure in Windows DHCP?
 
You must log in or register to reply here.
Back
Top