Friday, August 13, 2021

Can a DHCP server be on a different VLAN?

I have 4 Vlans setup currently

VLAN 1 - Native

VLAN 10 - Data (192.168.0.0/24)

VLAN 3 - Wireless (192.168.3.0/24)

VLAN 30 - Untrusted devices. (192.168.30.0/24)

Currently all the VLANS can interact with each other ex. 192.168.10.100 can ping a device with an address of 192.168.3.124.

I am looking to setup rules to deny this type of traffic. I have a DHCP windows server on my data VLAN that has scope for each VLAN. If I add in these rules (Meraki L3 Switch) will this stop DHCP from working on my Data, Wireless, and Untruested VLAN's?

From what I know it will stop working on those three VLANS. I thought about allowing just the address of the DHCP server to each network but doesn't that kind of defeat the purpose of the added security from doing this?

Should I just look into setting up DHCP through my Meraki switches?

Thanks.



No comments:

Post a Comment