Hey folks, Could use some ideas here. I currently work for a state agency, at a school district. Every single agency in the state, has to work with our state IT department. I'm just going to call them XYZ. XYZ has certain policies and procedures we have to work around, and it creates a TON of logistical issues. As such, I'm a network admin, but my ability to access and modify things ends at our switch. The router and firewall are all handled by XYZ, and as such, I'm not allowed (or even able) to do anything with them. We currently have 4 VLANs broadcast in the schools. Protected, Student, Guest and BYOD. BYOD used Google OAuth, but Guest, Protected and Student are all separate, and there's no relay between them, so none of them talk. Currently right now the set up is that every school has two servers. One is a Linux CentOS DHCP server, which runs DHCPD for the Protected network and some VMs for a handful of other things, and the other is a Windows machine that had some magic performed on it (I believe it's the multiplexor protocol from Microsoft) that managed to virtualize the internal NIC card and allow it to have 4 VLANs - It's a single ethernet port which gets an address on the Protected, but has 3 other "virtual network ports", each assigned on the other VLANs, and it runs a DHCP server for Student, Guest and BYOD. I have absolutely no idea how this was set up or how it manages to work. I've only ever dealt with Windows DHCP for a single scope, and when using VLANs, we used the router/appliance (WatchGuard, Aruba, etc etc) for DHCP and VLAN configs. I want to acknowledge that it's a total hack job that was created out of necessity and lack of resources, and it wasn't created by me. I absolutely hate this set up and I'm looking for ways to simplify it. Where my problem comes in, is that the district has acquired a new building, and we're going to be using it for a handful of people. These same VLANs will need to be broadcast there (minus Student), and we're trying to avoid having to set up two physical servers like in the other schools. My first instinct was to get a Meraki switch that had DHCP functionality built into it, but upon watching a set up of it, I almost immediately saw a roadblock, in the form of the MX IP field. We don't have an MX security appliance. We've got a router that's 100% controlled by the state, and they will not run DHCP on there, which means I need DHCP to come from another source. Is it possible for any of the Meraki switches to run their own DHCP server, and have them point the gateway to the router that we currently have? I called in and spoke to a Meraki rep, and while I'm sure he's good at his job, I could barely understand a word he was saying due to the accent. Is there ANY Meraki device that fits this bill? If there isn't a Meraki device, does anyone know of any other sort of device that does? I've looked at DNSBox and a few others, and they're all MASSIVE overkill for what we need, on top of being too expensive for a school district. Any help or other ideas would be appreciated.
... View more