DHCP Solution

dizzysn
Here to help

DHCP Solution

Hey folks,

 

Could use some ideas here. I currently work for a state agency, at a school district. Every single agency in the state, has to work with our state IT department. I'm just going to call them XYZ. XYZ has certain policies and procedures we have to work around, and it creates a TON of logistical issues. As such, I'm a network admin, but my ability to access and modify things ends at our switch. The router and firewall are all handled by XYZ, and as such, I'm not allowed (or even able) to do anything with them.

 

We currently have 4 VLANs broadcast in the schools. Protected, Student, Guest and BYOD. BYOD used Google OAuth, but Guest, Protected and Student are all separate, and there's no relay between them, so none of them talk.

 

Currently right now the set up is that every school has two servers. One is a Linux CentOS DHCP server, which runs DHCPD for the Protected network and some VMs for a handful of other things, and the other is a Windows machine that had some magic performed on it (I believe it's the multiplexor protocol from Microsoft) that managed to virtualize the internal NIC card and allow it to have 4 VLANs - It's a single ethernet port which gets an address on the Protected, but has 3 other "virtual network ports", each assigned on the other VLANs, and it runs a DHCP server for Student, Guest and BYOD. I have absolutely no idea how this was set up or how it manages to work. I've only ever dealt with Windows DHCP for a single scope, and when using VLANs, we used the router/appliance (WatchGuard, Aruba, etc etc) for DHCP and VLAN configs.

 

I want to acknowledge that it's a total hack job that was created out of necessity and lack of resources, and it wasn't created by me. I absolutely hate this set up and I'm looking for ways to simplify it.

 

Where my problem comes in, is that the district has acquired a new building, and we're going to be using it for a handful of people. These same VLANs will need to be broadcast there (minus Student), and we're trying to avoid having to set up two physical servers like in the other schools. My first instinct was to get a Meraki switch that had DHCP functionality built into it, but upon watching a set up of it, I almost immediately saw a roadblock, in the form of the MX IP field.

 

We don't have an MX security appliance. We've got a router that's 100% controlled by the state, and they will not run DHCP on there, which means I need DHCP to come from another source. Is it possible for any of the Meraki switches to run their own DHCP server, and have them point the gateway to the router that we currently have? I called in and spoke to a Meraki rep, and while I'm sure he's good at his job, I could barely understand a word he was saying due to the accent. Is there ANY Meraki device that fits this bill?

 

If there isn't a Meraki device, does anyone know of any other sort of device that does? I've looked at DNSBox and a few others, and they're all MASSIVE overkill for what we need, on top of being too expensive for a school district. Any help or other ideas would be appreciated.

 

 

7 REPLIES 7
DarrenOC
Kind of a big deal
Kind of a big deal

Hi @dizzysn , look at one of the Meraki switches that support DHCP and change the default gateway via custom Option 3.

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Setting_Custom_DHCP_O...

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

Hi @DarrenOC sorry if I sound stupid, but doesn't option 003 just set the gateway for the DHCP addresses that it hands out to be the default gateway of the DHCP server?

 

Not sure how this helps the MS switch run DHCP. From the video I saw, and in speaking with the Meraki support rep, I'd have to have the MX security appliance.

DarrenOC
Kind of a big deal
Kind of a big deal

Hi @dizzysn , sorry, I skim read your post whilst putting the kids to bed. I’ll give it another re-read.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
cmr
Kind of a big deal
Kind of a big deal

@dizzysn what @DarrenOC is correct, you don't need an MX, any switch from an MS250 upwards can run a DHCP server on each VLAN and if you use option 3 you can set the default gateway for each VLAN to the XYZ managed device's IP that you need to be the gateway.

@cmrthanks! I knew there had to be a solution to this and what you and @DarrenOC say sounds like exactly what I would expect to be able to do. I'm not sure why the Meraki rep insisted that it wasn't possible to do, but I'm glad that I can.

DarrenOC
Kind of a big deal
Kind of a big deal

Not wanting to sound too cynical but you spoke to a salesperson and not an engineer.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

Even the tech support line?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels