When consolidating multiple LANs connected via slow VPN links into a single MAN with fiber connectivity, VLAN segmentation becomes crucial for maintaining logical separation between sites. The challenge lies in centralizing DHCP services while maintaining proper IP address allocation across different VLANs.
Windows Server DHCP (2003/2008) fully supports this scenario through DHCP scopes and relay agents. Here's how to configure it:
# Sample DHCP scope configuration for VLAN 2 (10.0.2.0/22)
netsh dhcp server \\dhcpserver add scope 10.0.2.0 255.255.252.0 "VLAN2-Scope" "Scope for VLAN 2"
netsh dhcp server \\dhcpserver scope 10.0.2.0 add iprange 10.0.2.1 10.0.4.254
netsh dhcp server \\dhcpserver scope 10.0.2.0 set optionvalue 3 IPADDRESS 10.0.2.1
Each VLAN requires its own scope with appropriate options:
- Router (option 3): VLAN-specific default gateway
- DNS servers (option 6): Can be centralized or per-site
- Domain name (option 15): Active Directory domain
For VLANs that don't have local DHCP servers, configure IP Helper addresses on layer 3 switches:
# Cisco IOS example
interface Vlan2
ip helper-address 10.0.1.10 # DHCP server IP
When using Windows DHCP in an AD environment:
- Authorize the DHCP server in Active Directory
- Configure DNS dynamic updates appropriately
- Consider DHCP failover for redundancy
Here's a PowerShell script to automate scope creation:
# PowerShell DHCP scope creation
Import-Module DhcpServer
$VLANs = @{
"VLAN2" = @{
Network = "10.0.2.0"
Mask = "255.255.252.0"
RangeStart = "10.0.2.1"
RangeEnd = "10.0.4.254"
Router = "10.0.2.1"
}
"VLAN3" = @{
Network = "10.0.5.0"
Mask = "255.255.252.0"
RangeStart = "10.0.5.1"
RangeEnd = "10.0.7.254"
Router = "10.0.5.1"
}
}
foreach ($vlan in $VLANs.Keys) {
Add-DhcpServerv4Scope -Name $vlan
-StartRange $VLANs[$vlan].RangeStart
-EndRange $VLANs[$vlan].RangeEnd
-SubnetMask $VLANs[$vlan].Mask
-State Active
Set-DhcpServerv4OptionValue -ScopeId $VLANs[$vlan].Network
-Router $VLANs[$vlan].Router
-DnsServer "10.0.1.10","10.0.1.11"
-DnsDomain "yourdomain.local"
}
Key commands for maintaining the setup:
netsh dhcp server show all- View all scopes and statisticsGet-DhcpServerv4ScopeStatistics- PowerShell equivalent- Event Viewer: DHCP server logs under Applications and Services Logs
When consolidating multiple geographically dispersed networks into a single MAN infrastructure, the DHCP configuration becomes particularly interesting. Your approach using VLAN segregation per physical site is sound network design - but the centralized DHCP requirement adds complexity we need to address properly.
The solution lies in DHCP scopes combined with proper relay configuration. Here's how to implement it on Windows Server 2003/2008:
# Sample PowerShell for creating DHCP scopes (Server 2008+)
Add-DhcpServerv4Scope -Name "VLAN2-Scope" -StartRange 10.0.2.1 -EndRange 10.0.4.254
-SubnetMask 255.255.252.0 -State Active
Add-DhcpServerv4Scope -Name "VLAN3-Scope" -StartRange 10.0.5.1 -EndRange 10.0.7.254
-SubnetMask 255.255.252.0 -State Active
Your layer 3 devices (likely Cisco or Juniper) need proper DHCP relay configuration. For Cisco IOS:
interface Vlan2
ip helper-address 10.0.0.10 # Your DHCP server IP
!
interface Vlan3
ip helper-address 10.0.0.10
Notice the non-standard subnet masks (255.255.252.0 = /22). This accommodates your requested IP ranges while maintaining proper network boundaries. For VLAN2:
- Network: 10.0.0.0/22
- Usable range: 10.0.2.1 - 10.0.3.254 (10.0.0.1-10.0.1.254 reserved)
Since you're an AD shop, ensure proper authorization:
netsh dhcp add server YourDHCPServer.domain.com 10.0.0.10When transitioning from current VPN setup:
- Configure new scopes with 50% lease duration initially
- Test with small pilot groups first
- Use DHCP superscopes for overlapping transition periods
Key verification commands:
# Check lease assignments
Get-DhcpServerv4Lease -ScopeId 10.0.0.0
# Verify relay functionality
debug ip packet detail
debug dhcp detail