DHCP Management Across a Diversified Network? 100
ET Admin writes "I work for a small Wireless ISP, where we are deploying new network hardware to allow for growth and contain broadcast traffic. All routing/switching equipment is Cisco. We use Linux stand-alone boxes and VMs (running on Win 2003 boxes). We have decided on a hybrid VLAN layout where we have certain VLANs limited by location, and other VLANs that are global across the network. And I want DHCP served across it all. Does anyone have experience with IPAM software that handles multiple DHCP servers? Our network is small so spending a couple grand is overkill at this point. Any recomendations to help me decide between serving DHCP from the Nix boxes, or from the Cisco gear? Knowing that a single DHCP server will handle from 100-500 hosts."
Nice answer Slashdotters. (Score:5, Insightful)
Re:I have the solution you need... (Score:3, Insightful)
It's interesting because lmgtfy is as much about knowing waht to google as to google it. Oftne if I ask a dumb quesiton, all I need are google keywords.
Re:You need Cisco gear (Score:3, Insightful)
That's not an absolute. You should use VLAN segmentation (and possibly private VLANs) to separate untrusted networks.
That way if there is a rogue DHCP server, its effects are isolated to the untrusted LAN it came from.
The L2 filtering features you are thinking of are actually inadequate to stop a sophisticated attacker, because those features can be defeated, or don't address all possible Layer 2 spoofing and traffic hijacking tricks.
Re:Nice answer Slashdotters. (Score:5, Insightful)
You sound like the idiot, for not realizing that people get stuck with jobs all the time for which they have not been fully trained. For myself, I'm an engineer who was asked to 'setup your own lab'. I'm not an IT type, I'm an electrical engineer specializing in circuit design. Yet, I've been handed the job of configuring 40 linux servers, DNS, DHCP, Cisco switches, multiple VLANs, and so forth simply because 'there's no one else to do it and no one is hiring anyone'. Sure, my company might be cheap for not providing IT services for my lab, but they're on a budget and extra employees are expensive. Only when the expense of having me configure my own DHCP services exceeds the expense of hiring someone to do it for me will they consider hiring someone external. And only then if they know the new hire will be used elsewhere.
So guess what? This guy's question is exactly the kind of information I can use to help me overcome my own problems. Ask Slashdot seems to be doing its job quite nicely in this respect.
Re:Go IPV6 and leave DHCP in the dust (Score:3, Insightful)
Yeah, because as a wireless ISP you can totally require your clients to support IPv6. Wait, no, that's not right.