Windows server 2012R2, set new DHCP scope range

[Fredrikmikael]

Hello my windows server is a set up as a AD DS, DNS and DHCP server.

 

The network settings on it

IP Address: 10.142.0.10

Subnet mask: 255.255.255.0 (24)

Default gateway: 10.142.0.1

Preferred DNS server: 127.0.0.1

 

I have a client on my domain, and i want to give it an IP in the range of 10.170.0.60 - 10.170.0.70 (this scope is for test purposes)

 

I have configured a scope in that range (yes it's activated) but the client PC won't grab an IP adress from the DHCP server.

 

I tried to set a scope between 10.142.0.60 - 10.142.0.70 and the client PC grabbed an IP right away, exact same settings on both scopes (exept the IP range ofcourse)

 

Do i first have to configured 10.170.0.x as a network or some shit somehow?

 

 

 

[leadeater]

12 minutes ago, Fredrikmikael said:

Do i first have to configured 10.170.0.x as a network or some shit somehow?

Yes that is correct, by default a DHCP server will lease IP addresses in the same subnet/scope as it's own interface the DHCP request came in on. There is two possible ways to do what you need.

 

First if you have a second NIC in the server you can setup an IP address on the 10.170.0.0 network and either use a separate switch or a switch that supports VLANs to isolate the clients, without this it won't work as DHCP is a broadcast and will hit both server interfaces and only the primary NIC will lease IPs.

 

The second option is a layer 3 switch and configure a new VLAN with it's interface on the 10.170.0.0 network and configure DHCP Relay, this will embed in the DHCP request packet going to the DHCP server the relay agent IP address which the DHCP server will use to pick which scope to lease an address from.

 

Hope this makes sense, I can explain it better if you need and show you wireshark packet captures on DHCP requests with and without at relay agent so you can see exactly what they look like.

[Fredrikmikael]

3 minutes ago, leadeater said:

Yes that is correct, by default a DHCP server will lease IP addresses in the same subnet/scope as it's own interface the DHCP request came in on. There is two possible ways to do what you need.

 

First if you have a second NIC in the server you can setup an IP address on the 10.170.0.0 network and either use a separate switch or a switch that supports VLANs to isolate the clients, without this it won't work as DHCP is a broadcast and will hit both server interfaces and only the primary NIC will lease IPs.

 

The second option is a layer 3 switch and configure a new VLAN with it's interface on the 10.170.0.0 network and configure DHCP Relay, this will embed in the DHCP request packet going to the DHCP server the relay agent IP address which the DHCP server will use to pick which scope to lease an address from.

 

Hope this makes sense, I can explain it better if you need and show you wireshark packet captures on DHCP requests with and without at relay agent so you can see exactly what they look like.

 

I am currently performing a week long exam, and i have no access to the physical server or router + switch.

 

I have been set up with a Hyper-V Server running three viritual machines, two 2012r2 servers (one i will use as a file and print server, aka not relevant) and the second server is the domain controller which also is running the DHCP role. and ofcourse the client running win10pro.

 

The network they have set me up with is 10.142.0.1

 

So i presume i have to set it up without a switch.

 

 

There are 6 VM's hosted on the Hyper-V server, three for me and three for some other dude doing the same exam.

i assume 1.LAN -> 6.LAN is the VM's

 

 

So how would i go about configuring 10.170.0.0 ?

[Fredrikmikael]

Hold the phone!

I see something in the Hyper-V Management console called "Viritual Switch Manager"

Can i use that somehow?

[leadeater]

Is creating a DHCP scope and a network on the 10.170.0.0 a requirement of the exam? Seems rather odd going from the description of the VMs/Hyper-V host that this would be the case since what they have given wouldn't make multiple DHCP scopes work very easily. Without being there and taking the same course/exam I don't know the background information to make any real judgement.

 

I'll keep some of the advice pretty vague since I don't want to do the test for you.

 

You can setup a new virtual switch on the Hyper-V host which will act like my first option, remember however that clients on this network/virtual switch will not be able to talk to the file/print server as there is no router.

 

The other thing you can do is setup a virtual router, Windows has a role called Routing and Remote Access Service (RRAS) which you can use to route traffic from the 10.70.0.0 network to the 10.142.0.0 network and also configure DHCP Relay. You will still need to create a new virtual switch in Hyper-V

https://technet.microsoft.com/en-us/library/dd469685(v=ws.11).aspx

 

Edit: If you setup RRAS on the domain controller DHCP Relay wouldn't be required but that type of role on a DC isn't a good idea but it's an exam so the setup isn't really how a proper network is done anyway.

 

Second Edit: The Hyper-V host and networking may already be setup for the 10.170.0.0 network and all you have to do is configure the Hyper-V host and virtual switch to make it work, consult you exam guide as it may say on it.

Edited July 19, 2016 by leadeater

[leadeater]

4 minutes ago, Fredrikmikael said:

Hold the phone!

I see something in the Hyper-V Management console called "Viritual Switch Manager"

Can i use that somehow?

Yes

[Fredrikmikael]

,

[leadeater]

2 minutes ago, Fredrikmikael said:

Allright Leadeater, we are making progress!

 

Do you have any idea how to configure a Hyper-V switch for what i am going to use it for ?

Yes but it depends on the networking configured for the Hyper-V host if there is a VLAN/Subnet on the network already setup for the 10.170.0.0 or not, exam guide may say. This is an exam however and I have already helped way more than I should have , even if internet searching is allowed I don't think getting direct advice would fall under that.

 

Good luck, you can keep posting what you are trying and I'll say if it would work/you are on track or not.

[Fredrikmikael]

15 minutes ago, leadeater said:

You can setup a new virtual switch on the Hyper-V host which will act like my first option, remember however that clients on this network/virtual switch will not be able to talk to the file/print server as there is no router.

When first settings up the switch I get three options External, Internal and Private. I assume I'm going to use Internal, yes?

 

1 minute ago, leadeater said:

Yes but it depends on the networking configured for the Hyper-V host if there is a VLAN/Subnet on the network already setup for the 10.170.0.0 or not, exam guide may say. This is an exam however and I have already helped way more than I should have , even if internet searching is allowed I don't think getting direct advice would fall under that.

 

Good luck, you can keep posting what you are trying and I'll say if it would work/you are on track or not.

I really appreciate the help you have given me!

[leadeater]

5 minutes ago, Fredrikmikael said:

When first settings up the switch I get three options External, Internal and Private. I assume I'm going to use Internal, yes?

External if the network that the Hyper-V host is setup for has the 10.170.0.0 network and you know the correct VLAN ID for it or Internal if not, my guess would be Internal.

[Fredrikmikael]

15 hours ago, leadeater said:

External if the network that the Hyper-V host is setup for has the 10.170.0.0 network and you know the correct VLAN ID for it or Internal if not, my guess would be Internal.

So uhh.. I called the guy responsible for the exam and basicly said what the fuck. Turns out it was a typo on the exam papers, I am actually going to use 10.142.0.0 not 10.170.0.0 so it's all good..

But still, thank you a lot for the help, atleast I did learn something new!  

[leadeater]

51 minutes ago, Fredrikmikael said:

So uhh.. I called the guy responsible for the exam and basicly said what the fuck. Turns out it was a typo on the exam papers, I am actually going to use 10.142.0.0 not 10.170.0.0 so it's all good..

But still, thank you a lot for the help, atleast I did learn something new!  

Good to hear you got it sorted, I did think it was a little odd you had to do that.