none
DHCP questions RRS feed

  • Question

  • Hello,

      I have a question that I have been unable to resolve.  In my virtual environment, there several networks.  Two of the networks have DHCP, mine and one other.  On frequent occasions my systems (domain joined) are getting issued IP addresses from the other DHCP server.  These two networks are in different subnets.  How is this even happening?  What are my options to prevent this from happening?  How can I force my vm's to only receive IP's from my DHCP server?  

    Friday, February 5, 2016 6:44 PM

Answers

  • Hi

    A little more detail would help.

    If on separate subnets this is normal, the first DHCP server to respond, will issue the address.

    To isolate them they must either be in completely different networks not connected or in separate VLANS.

    The DHCP DORA process

    of Discover, Offer, Request Acknowledge does not rely on layer 3 networking (IP addressing) it relies on a lower layer and is done by Broadcasting across the whole network.

    The client sends a broadcast packet and all DHCP servers that receive it sends a Broadcast offer back.

    The first offer is accepted and the client sends a Request broadcast packet to the DHCP server offering.

    When the chosen DHCP server acknowledges the request, that is when the client is given an IP Address, Subnet Mask and any other options such as gateway etc. Therefore the DHCP server you DONT want to issue addresses to your clients cannot be in the same BROADCAST domain as the client.

    I hope that helps.

    IF so please mark it as an answer. Happy to offer more info if required.

    Yours

    Ed

    link below

    http://www.scribd.com/doc/24445850/DORA-Process-in-DHCP-DHCP-D-Iscover-DHCP-O-Ffer#scribd

    Friday, February 5, 2016 7:28 PM

All replies

  • Hi

    A little more detail would help.

    If on separate subnets this is normal, the first DHCP server to respond, will issue the address.

    To isolate them they must either be in completely different networks not connected or in separate VLANS.

    The DHCP DORA process

    of Discover, Offer, Request Acknowledge does not rely on layer 3 networking (IP addressing) it relies on a lower layer and is done by Broadcasting across the whole network.

    The client sends a broadcast packet and all DHCP servers that receive it sends a Broadcast offer back.

    The first offer is accepted and the client sends a Request broadcast packet to the DHCP server offering.

    When the chosen DHCP server acknowledges the request, that is when the client is given an IP Address, Subnet Mask and any other options such as gateway etc. Therefore the DHCP server you DONT want to issue addresses to your clients cannot be in the same BROADCAST domain as the client.

    I hope that helps.

    IF so please mark it as an answer. Happy to offer more info if required.

    Yours

    Ed

    link below

    http://www.scribd.com/doc/24445850/DORA-Process-in-DHCP-DHCP-D-Iscover-DHCP-O-Ffer#scribd

    Friday, February 5, 2016 7:28 PM
  • Thank you Ed.  You confirmed what was possibly the problem.  I knew that DHCP server needed to be in its own broadcast domain.  But, I was missing some information on my end.  I found out that both DHCP servers were in the same VLAN.  Will be putting in a request to be moved to another VLAN.  Thanks for the information about the DORA process.  Really helpful.
    Friday, February 5, 2016 7:39 PM
  • Welcome to Information Technology, I recommend you read This Artical, then This Artical.

    Split your environments by VLAN or add a second virtual switch for each Network.

    These two networks are in different subnets.  How is this even happening?  UDP broadcasts range all hardware that allows UDP traffic though.

    What are my options to prevent this from happening?

    1.) VLAN both environments on separate vlan's (which would also require you to vlan all physical network equipment in your environment. 

    2.) MAC filter your DHCP servers to only allow broadcasts from Members of those networks.

    3.) If it was a physical environment I would say IP-Helper on your hardware, but with virtual switchs might be easier just to create separate virtual switch's for each environment.

    How can I force my vm's to only receive IP's from my DHCP server?  

    I would recommend VLAN's for your virtual and physical network.

    • Proposed as answer by Hello_2018 Sunday, February 7, 2016 1:57 PM
    Friday, February 5, 2016 7:39 PM
  • Hi DBS_1,

    Using VLANs for different subnets also is a good choice.

    There is a workaround below.

    Based on my understanding, you could configure a user class IDs on your DHCP server options and set the clients by giving them a specific ID.

    Create a new user or vendor class:

    https://technet.microsoft.com/en-us/library/cc776439(v=ws.10).aspx

    Set DHCP class ID information at a client computer:

    https://technet.microsoft.com/en-us/library/cc783756(v=ws.10).aspx

    The following link helps to better understanding DHCP procedure:

    https://support.microsoft.com/en-us/kb/169289#/en-us/kb/169289

    Best regards,


    Andy_Pan

    Sunday, February 7, 2016 2:11 PM