DHCP for subnets, sanity check.

[simm0]

Hi All,

I have an SBS 2008 network to which I need to add 2 subnets for iSCSI.
The subnets will be 192.168.10.0/28 and 192.168.11.0/28.

SBS 2008 can only have one NIC so I have installed DHCP on the iSCSI file server which will be connected to the iSCSI array. This DHCP server is bound to the 2 iSCSI NICs but not to the production LAN connected NIC.

Now as soon as I authorise the new DHCP server the SBS 2008 DHCP service stops. This is apparently by design as a protection against rogue DHCP servers. So I now plan to have a router between the subnets, apparently DHCP requests cannot be routed. I'd like to check the sanity of the design as I am no expert.

The iSCSI file server running the secondary DHCP, purely to serve IP addresses to the iSCSI subnets, has 3 NICs. 192.168.3.x/24 (production LAN), 192.168.10.x/28 (iSCSI LAN_01) 192.168.11.x/28 (iSCSI LAN_02).

The new router (pfsense) will need 3 NICs. 1 x 192.168.3.x/24 , 1 x 192.168.10.x/28, 1 x 192.168.11.x/28. That way the server will be able to connect to the production LAN and the iSCSI subnets but DHCP requests will not "escape' onto the production LAN.

All of these servers are virtualised under ESXi so the hardware costs are negligible, a little RAM and some CPU cycles.

All comments and criticisms are always welcome.
Cheers.

 

[ZXQ]

Why not just have the SBS box hand out the DHCP subnet address within a new scope (or 2)?

And as for your need of extra nics, why not just add more virtual NICs? (I don't know iSCSI that well from a hardware need perspective.)

 

[simm0]

Cheers ZXQ.

Why not just have the SBS box hand out the DHCP subnet address within a new scope (or 2)?

I hope I'm not missing something basic here but how will the SBS box give out IP addresses to a subnet it cannot "see"? SBS 2008 can only have 1 NIC, any more is not supported and will cause problems. So there is no way to connect SBS to the subnets.

And as for your need of extra nics, why not just add more virtual NICs?

I can and have, that's the beauty of virtual hardware.

 

[Shadowspawn]

I do not know SBS, being a Cisco certified tech, but DHCP requests can be forwarded to the server no matter where it is connected on the network. For Cisco this involves placing a helper address at the subnets gateway interface. "ip helper-address x.x.x.x". This forwards the DHCP requests to the IP address of the DHCP server. The server responds to the request based on the gateway address, to determine the subnet.

 

[simm0]

...this involves placing a helper address at the subnets gateway interface. "ip helper-address x.x.x.x". This forwards the DHCP requests to the IP address of the DHCP server. The server responds to the request based on the gateway address, to determine the subnet.

Thanks Shadowspawn. We don't run any Cisco gear but I'll do some research to see if this can be implemented under windows. A more elegant solution if it can.