Switched network with external DHCP Server (WinServer 2008) Part 1

I wanted to setup an external DHCP server to:

1. See if I could figure out how to do it
2. Practice the security part of the Switch exam and
3. See if I can introduce a rouge DHCP server… the plan is to have PC-2 go rouge.

Part 1 goes over the basic DHCP Server configurations (on WinServer 2008).

The job is to setup Windows Server 2008 virtual machine (vm) to run DHCP for two clients (vm’s) in two VLANs.

• PC-1 (virtual machine running WinXP) will be in VLAN 10
• PC-2 (virtual machine running WinXP) will be in VLAN 20
• WinServer 2008 (virtual machine) will act as DCHP Server in VLAN 150

PART I

• Configure DHCP on WinServer 2008
• Configure two pools (Scope’s): VLAN10 – network 172.10.10.0 /24; VLAN20 – network 172.10.20.0 /24
• VLAN 10: Start IP Address: 172.16.10.105
• VLAN 10: End IP Address172.16.10.115
• Disable Windows Firewall on the WinServer 2008
• VLAN 20: Start IP Address: 172.16.20.105
• VLAN 20: End IP Address172.16.20.115
• WinServer Static IP: 172.16.150.5
  Default Gateway: VLAN 150

PART II

• Configure Switches
• Set DLS1 as VTP Server (all other switches should be clients) in vtp domain Chill
• Configure VLANS on DLS1 according to diagram. Enable routing.
• Configure SVI’s on DLS1
• Configure trunking (dot1q) & EtherChannel’s between switches (Note: ALS1 to ALS2 & ALS2 to DLS2 in diagram shows only 1 connection (one line) but there are two connections between each switch)
• Set default gateway’s on ALS1 & ALS2; Assign VLAN1 ip addresses. Assign access port vlans
• Optional: enable debugging for dhcp on DLS1
• Bring PC-1 & PC-2 up, set them for dhcp, verify ip address & default gateway assignment for respective vlan.
• Verify PC-1 can ping PC-2

PART III

• Configure Security
• Enable Port-Security on ALS1 & 2: allow 1 MAC address to be learned dynamically on ports fa0/6 and make sure those addresses are saved in NVRAM.
• Enable DHCP Snooping

Part 1:

I’m using Windows Server 2008 to act as the DHCP sever. I’m not familiar with server 2008 so this my attempt at configuring just enough to get it to work. If you’re familiar with WinServer DHCP Scopes then you can skip this part.

For those who are not sure where to start within WinSever 2008, you will need to install the DHCP under Roles. There are lots of videos online on how to do this.

Configure the static IP on the server NIC

To open DHCP: Start > Administrative Tools > DHCP

Next, since we are only dealing with IPv4 at the moment, right click on IPv4 and select “New Scope…” which will start the New Scope Wizard.

I’ll start out with configuring the VLAN 10 pool so I’ll Name the Scope vlan10 and will leave the Description blank.

Next I’ll enter the IP Address Range according to my plan above:

Next I’ll add my exclusions. Per my plan, I only want to allow host addresses (last octet) 105 – 115 to be available for distribution; I’ll exclude the rest.

> Next, I’ll leave the lease duration at the default of 8 days.

> Next, I need to configure the default gateway this scope will hand hand out to clients in vlan 10 so I’ll keep the selection as “Yes, I want to configure these options now” and click Next.

Here I add the vlan 10 address and > Next.

I’m not configuring DNS Servers so > Next.

No WINS Servers > Next.

Now, to activate the scope select “Yes, I want to activate this scope now” > Next.

That’s it! Peat & Repeat for VLAN 20.

See the next post for part 2. Cheers!