Tuesday, May 18, 2021

Question about management VLANs combined with DHCP servers

Hey everyone,

I'm currently a little bit confused about a particular issue.

I am looking to simulate a network with multiple switches, 3 VLANs (management,NVR,Office), and one router (router on a stick configuration).

Set up for question :

From my understanding, in an internetwork environment (multiples routers connected to each other through their WAN ports and with a dynamic or static routing scheme implemented), when you have a DHCP server that is separate (not on the routers or switches), it will use relay agents to gather the DHCP client requests. It will then use the IP address of the particular router's interface from which the request came from, to figure out the pool of addresses to use to give to the client which requested.

Ok, but when you have just one router that is connecting different VLANs together, the DHCP server will use the VLAN interfaces' IP addresses to figure out the same thing.

This would normally be no problem, unless you want a Management VLAN. This will be used to give the switches an ip address so that they can be accessed remotely, and as a bonus it will allow firewall rules to keep everyone but maybe IT department out. But if you need DHCP on say, the Office VLAN and maybe a couple more, then the switches that have these VLANs in their databases (which will likely be most if not all), will also be accessible from the Office VLAN interface IP address (which had to be set so DHCP would work).

In this scenario, would you just have to create extra firewall rules to make the switches inaccessible through these Office VLAN interfaces, or is this whole scheme simply wrong for when you want a Management VLAN coupled with DHCP on the same switches?

Sorry if I'm not making sense, this is the best way I could think of to explain this.

Thanks



No comments:

Post a Comment