Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Switch and DNS Server Question

I teach at a small college and they have limited equipment. There is 1 switch and now they want to share it between 2 classes. Each class has a server. Both servers have beed given the role of a DNS server and each class has created a domain. Thus both DNS servers are attached to the same switch.

The switch (a 24 port switch) is configured as:

Gateway: 192.168.100.1

Vlan 600: IP Address 192.168.100.2 (all 24 ports on the switch are in this VLAN).

First DNS Server (Domain tiffinuniv):

IP Address: 192.168.100.3

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.100.1 (the switch)

Preferred DNS Server: 127.0.0.1

DHCP Role with a scope of: 192.168.100.30 to 192.168.100.49

Second DNS Server (Domain TU):

IP Address: 192.168.100.6

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.100.1 (the switch)

Preferred DNS Server: 127.0.0.1

DHCP Role with a scope of: 192.168.100.50 to 192.168.100.69

I have a client hooked to the second DNS server (TU domain) and it has joined the domain successfully with a static IP address of:

IP Address: 192.168.100.75

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.100.1 (the switch)

Preferred DNS Server: 192.168.100.6 (the DNS Server for the TU domain)

If I switch this client computer to a DHCP client (from static) it picks up an IP address from the other DNS(with DHCP role) server. This happens even if I keep the Preferred DNS server on the client as static pointing to the correct DNS (TU domain) DHCP server.

I tried setting up another vlan on the switch and thus and moving 12 ports to another vlan and separating the two DNS servers onto different VLANs. However, I keep getting the same results.

Any help would be appreciated.

George

Everyone's tags (2)
9 REPLIES

Re: Switch and DNS Server Question

Hi.
If you have a single dhcp server and you want to serve two different group of clients and giving them two separated DNS server you can create two different Vlan with two SVI and two different subnets.
Than on each SVI you configure ip helper-address pointing to DHCP server.
On DHCP Server you need to configure two different scopes one for each subnet and define a different DNS Server on each scope.
HTH
Regards


Carlo

Sent from Cisco Technical Support iPhone App

Please rate all helpful posts "The more you help the more you learn"
Community Member

Re: Switch and DNS Server Question

Carlo

I do not have a single DHCP server there are 2 hooked to the same switch on different ports. There are 2 classes using the same switch and each class has their own dhcp server. As mentioned the one server is pulling IP addresses from the other. I have already separated them into VLANs. It is a 2950 switch. Thus not sure if it would have the capabilities you mention of 2 SVIs.

Purple

Switch and DNS Server Question

Hi,

No the 2950 doesn't support multiple SVIs so you'll have to use  either a L3 switch or a router to do the intervlan routing.

Remember that 1 VLAN= 1 subnet so you'll have to readdress the  network.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Community Member

Switch and DNS Server Question

Cadet

I rally do not believe I need multiple SVIs. I already have 2 physical servers (each server is a DNS with DHCP) thus there are 2 physical NICs. Each server is hooked into the switch on 2 different VLANs. But it still allows a client to pull an IP address from either DNS (DHCP) server. I thoguht if I had them on separate VLANs this would not happen. Especially since the client is statically directed to go to the correct DNS Server on its VLAN.

This is what I am not understanding.

Switch and DNS Server Question

You have two DHCP servers on the same Vlan so both servers will recieve the DHCP request packet from the client so they could get an address from either. The best way is to seperate the two 'classes' into Vlans, have a DHCP/DNS server on each and they each have a different deault gateway etc.

Having 'two networks' on the Vlan will cause problems.

Community Member

Switch and DNS Server Question

Devils Advocate

They are already separted into 2 VLANs. However, it is 1 gateway (we only have 1 switch). I did not believe it was possible to have a single switch and have two separate gateways (or a different gateway for each VLAN)???

Re: Switch and DNS Server Question

You need to post your configs as its a little confusing.

Are you saying you have two Vlans (e.g. Vlan10 and Vlan20) that share the same address space (192.168.100.0 /24) and hosts in both Vlan's share the same default gateway? If so, that's not a good way of doing things.

I think you are confusing DNS with DHCP, they are different things. By default, a client will send out a DHCPDISCOVER packet which is sent as a Layer 2 broadcast. This packet is recieved by all hosts on that Vlan, including the default Gateway. If the DHCP server is in the same Vlan, the host will obtain a DHCP address from this. If the DHCP server is in another Vlan, you would configure a Helper address on the clients default gateway to point to the Unicast IP address of the DHCP server.

There is obviously some confusion here.

First off, we need to see your configs for the switch and whatever device is configured as your default gateway for your clients.

If you want two Vlans and those Vlans do not need to talk to each other (or even need internet access) then you simply create them as Layer 2 Vlans on the switch and make sure they have different subnet addresss. You could then place both a DNS server and a DHCP server on each subnet and you are onto a winner.

If the Vlans need to talk to each other or need internet access then they BOTH need a default gateway on a device (switch or router) that is capable of routing.

Hopefully that makes sense

Community Member

Re: Switch and DNS Server Question

Devils Advocate:

This is what I had in my post (I modified it to show the second VLAN and to clarify a little):

The switch (a 24 port switch) is configured as:

Vlan 1: no ip address      Ports: 1-12

Vlan 600: IP Address 192.168.100.2      Ports: 13-24

Gateway: 192.168.100.1

First DNS Server (Domain tiffinuniv) (this is hooked to Port 2 in VLAN1 of switch):

IP Address: 192.168.100.3

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.100.1 (the switch)

Preferred DNS Server: 127.0.0.1

DHCP Role added with a scope of: 192.168.100.30 to 192.168.100.49

Second DNS Server (Domain TU) (this is hooked to port 22 in  VLAN600 of the switch):

IP Address: 192.168.100.6

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.100.1 (the switch)

Preferred DNS Server: 127.0.0.1

DHCP Role with a scope of: 192.168.100.50 to 192.168.100.69

I have a client (which joined the TU domain successfully) hooked to the switch in port 16 (VLAN600 in which the second DNS server (TU domain) is part of as mentioned above (Port 22))

IP Address: DHCP (but it is pulling an IP address from the first DNS server's DHCP scope (Port 2 from VLAN1)

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.100.1 (the switch)

Preferred DNS Server: 192.168.100.6 (I do not have the DNS server as DHCP but am pointing it statically to the DNS server that it is part of the domain of)

I realize this is not a good setup but I have no other options since the college is not going to buy more equipment and we have 2 classes using the same switch. It is not hurting anything because the network is not really in use but just in class.

Thanks

George

Switch and DNS Server Question

I see, so presumably the hosts inside either Vlan do not need to access each other or the internet?

The issue is that you are using the same address space for both Vlans. A vlan should be unique to a subnet:

Vlan 1 - 192.168.100.0 /24

Vlan600 - 192.168.200.0 /24

You shouldn't be using the same 192.168.100.* network for both Vlan1 and Vlan600.

The hosts don't need a default gateway, the 192.168.100.1 address you have setup will simply be acting as a management address for the switch as the 2950 is a Layer 2 switch only, i.e it has no ability to route packets between your Vlans.

The solution is to give Vlan600 a different address space, such as the 192.168.200.0 /24 that I suggested above. You would then need to change the IP addresses of your two DNS/DHCP servers to have one on each subnet like:

Vlan1 DNS/DHCP Server - 192.168.100.10

Vlan600 DNS/DHCP Server - 192.168.200.10

You would then setup a scope on each which is valid for that particular subnet.

795
Views
0
Helpful
9
Replies
CreatePlease to create content