Hey folks,
Could use some ideas here. I currently work for a state agency, at a school district. Every single agency in the state, has to work with our state IT department. I'm just going to call them XYZ. XYZ has certain policies and procedures we have to work around, and it creates a TON of logistical issues. As such, I'm a network admin, but my ability to access and modify things ends at our switch. The router and firewall are all handled by XYZ, and as such, I'm not allowed (or even able) to do anything with them.
We currently have 4 VLANs broadcast in the schools. Protected, Student, Guest and BYOD. They are all on separate subnets, and there's no relay between them, so none of them talk.
Currently right now the set up is that there are two servers in every school. One is a Linux CentOS DHCP server, which runs DHCPD for the Protected network, along with some other VMs for a handful of other things, and the other is a Windows machine that had some magic performed on it, which I believe is the multiplexor protocol from Microsoft. The previous network admin managed to virtualize the internal NIC card and allow it to have 4 VLANs - It's a shitty old Dell Optiplex 780 with a single ethernet port, which gets an address on the Protected network (as that's our native VLAN), but has 3 other "virtual network ports", each assigned to one of the other VLANs, and it runs a DHCP server for Student, Guest and BYOD. I have absolutely no idea how this was set up or how it manages to work. I've only ever dealt with Windows DHCP for a single scope, and when using VLANs, we used the router/appliance (WatchGuard, Aruba, etc etc) for DHCP and VLAN configs.
I want to acknowledge that it's a total hack job that was created out of necessity and lack of resources, and it wasn't created by me. I absolutely hate this set up and I'm looking for ways to simplify it.
Where my problem comes in, is that the district has acquired a new building, and we're going to be using it for a handful of people.These same VLANs will need to be broadcast there (minus Student), and we're trying to avoid having to set up two physical servers like in the other schools. My first instinct was to get a Meraki switch that had DHCP functionality built into it, but upon watching a set up video of it, I almost immediately saw a roadblock, in the form of the "MX IP" field.
For those that don't know, MX is the line of security appliances Cisco Meraki sells. We don't have an MX security appliance. We've got a router that's 100% controlled by the state, and they will not run DHCP on there "for security", which means I need DHCP to come from another source. Is it possible for any of the Meraki switches to run their own DHCP server, and have them point the gateway to the router that we currently have? I called in and spoke to a Meraki rep, and while I'm sure he's good at his job, I could barely understand a word he was saying due to the accent, and ended the call not having a clue what he said, but he seemed to imply that DHCP on the switches won't work without a Meraki gateway. Is there ANY Meraki device that fits this bill?
If there isn't a Meraki device, does anyone know of any other sort of device that does? I've looked at DNSBox and a few others, and they're all MASSIVE overkill for what we need, on top of being too expensive for a school district. Any help or other ideas would be appreciated.
No comments:
Post a Comment