This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCP server - in case of emergency

Hi All,

 

I have a question as to how to go about this...

I'm running an SG125 with an AP55.  Its pretty much stand alone... meaning it is not AD integrated.

I do have a full Active Directory running and I'm using my Microsoft DC's for DHCP services.

The UTM only serves DHCP for the Guest wireless network and the wired Guest network (different subnets).  Fairly simple setup.

I've manually entered most of the hosts that I have on the wire in the service definitions section.  This way I can do firewall rules and web filtering.  Yes its manual but I didn't want to bind the UTM to AD.  DHCP Hosts that i don't care about... they get basic IP and hardened filtering by default.

I want to be able to continue to function of my Infrastructure goes down.  I'm configuring a new DHCP server in the UTM for my prod subnet and disabling it.  My thinking is, if I cant get my Domain controllers up do to a catastrophic failure, I can at lease be able to get an IP and connect to the internet (which is all my family cares about).

BUT... most of my DHCP leases are static reservations.  So my question is... How do I continue as is (with MS DHCP and its reservations) but be able to flip on the UTM DHCP setting and have the objects in UTM get the same reservation IP's?  I know i will have to manually do some work...  but what?  Where do I give the UTM the MAC addresses?  What do I need to do?

Suggestions?

Thanks in advance

Chris



This thread was automatically locked due to age.
Parents
  • You mention multiple DC's and using M$ DHCP.

    M$ DHCP 2012r2 and above has DHCP failover using load balancing or active/standby. We use it in our environment and it works well serving 50+ sites.

  • Yes... But but DC's are on the Same Virtual Server.  Single point of failure.  I'm already using the DHCP failover.

    And there are times where i need to take down the Hyper visor for service (patches and updates)

    I still want Wi-Fi and internet to still function. 

    I'm not a business.  Its a residential home.  The wife and Kids are my customers :)

  • Well, you then have to ask yourself is the downtime for that acceptable? In the majority of residential or SOHO's, I would say yes, it is acceptable but that's me and probably not your preference.

    How far do you want to go? You could get a 2nd hypervisor, have a SAN etc and go on and on and it can get flaming expensive providing resilience.

    Short of manual intervention ie having a standby DHCP setup on the UTM in which you disable your M$ DHCP servers and then manually turn the UTM DHCP server on, I don't think there is a way. You could always run your DHCP from the UTM and disable M$ DHCP but you would lose some functionality. Then again, turning off your hypervisor wouldn't affect anybody else and they would still be able to browse the internet whilst patching etc.

  • I don't want to run the DHCP servers at the same time.  I want to turn the scope on the UTM  it on when and If I need it   (AKA... DC's are down for whatever reason)

    The problem is that the reservations.  if the MS DHCP is down long enough the lease will expire... The UTM will take over at that point and the device may not get the Same IP.

    Which would be bad for the filtering set up on the kids devices. 

    So my question is... How do I set up manually added hosts in UTM for DHCP reservations?  I know how its done in MS DHCP... can't figure it out on the UTM.

    If the scope is disabled on the UTM, they don't get used... 

    To answer your question... no down time is acceptable.  

  • The equivalent on the UTM would be to:

    1. Create your scope on the appropriate interface and leave it switched off as you won't be able to run the UTM DHCP & M$ DHCP at the same time. The M$ DHCP will automatically switch off if it detects another DHCP server if you do this.

    2. In the UTM, define a network host. Give it a name and IP address. Staying in the network host setup for that host, expand DHCP settings, select the scope to use and then enter the hosts mac address.

    The above host will now have the same IP associated to the mac address.

    Obviously, you will have to match these up with your M$ settings and when the time comes, turn off the M$ DHCP and turn on the UTM DHCP. I think that is all you can do with regards to this.

  • Thank you.

    I configured a few objects and then shut down my MS DHCP servers to test and it worked perfectly.

    This is exactly what I wanted.  I know is additional management as I have to manage 2 systems.

    But in the case of a total failure... I'm back in business with the flip of a switch which enables me to work.

    After my simple testing... I modified all the objects with the MAC address and the DHCP server to use. 

    Chris

  • Did you know that you can virtualise the UTM and run that in active/standby for no extra cost (apart from the resources required on your hypervisor)

    Won't assist with what this post is about but seeing as you are referring to redundancy etc, it's one worth considering or knowing about.

Reply
  • Did you know that you can virtualise the UTM and run that in active/standby for no extra cost (apart from the resources required on your hypervisor)

    Won't assist with what this post is about but seeing as you are referring to redundancy etc, it's one worth considering or knowing about.

Children
  • I used the UTM virtualized appliance for a few years - The Free version.

    I am now using more than 50 IP's so I can't use the the free version anymore.  I like the flexibility of the physical device. But its now almost 5 years old.

    I only have one VMware server so I don't have the capacity for redundancy.

     

    Chris