Setting Up VLANS within a bare-bones Microsoft Windows Server 2016

90Ninety

New Member
Joined
Nov 5, 2019
I have been 'playing' with VLANS within a physical lab environment for some time ( several cisco switches , routers and computers) . I am able to set up trunks between switches and routers and access ports for computers and devices , this I understand .

However I want some clarification on how to configure Microsoft server with multiple DHCP scopes for different VLANS . My understanding is:
  • When deploying Microsoft server with multiple DHCP scopes over different networks ,the server will need multiple VLAN Interfaces , these can be physical or logical . When there is several physical NIC interfaces , each of the LAN ports connected should be connected to the switch , one for each subnet/Vlan .
  • Logical virtual NICs Can also be used , If using one only one Physical NIC ,VLAN interfaces have to be created within a vendor specific software application ( e.g; Intel/Realtek/Dell/White-label ) and not part of the stock operating system
  • NIC teaming is not needed for VLANS , and is only required for fail-over and load balancing .
I have been trying for a few weeks to get computers over several VLANS authenticated by the server . My current desktop server ( re-purposed Dell Desktop ) with Realtek RTL8168E Ethernet Controller has its own Software application called 'Realtek Ethernet Diagnostic' where VLANS are created , this works with the DHCP server , though its intermittent and not officially supported by Windows Server . I am planning on finding a more suitable PCIE Ethernet Controller , if my understanding is correct ?
 
What type of switch? Many have a feature like Cisco's helper IP which can ID DHCP requests and forward them to your DHCP so you don't need multiple vlans on the DHCP server
 
What type of switch? Many have a feature like Cisco's helper IP which can ID DHCP requests and forward them to your DHCP so you don't need multiple vlans on the DHCP server
Hi

Thanks for your input , I have SG300's , I have heard also that I only need one VLAN on the server but I have also heard the contrary here on another external forum ( Linksys). I have enabled the DHCP relays and did test the server on the one VLAN , but I couldnt get IP addresses to the other VLANS .
 
Ok but on the switch I need to create a trunk to the server right? tagging all VLANS required ?

I have already enabled the DHCP relay . I will try to reconfigure again
 
Shown is a diagram showing the whole concept , on the right 'Proposed' network that I have been working on within a 'lab' ( network seperated logically using VLANS and Subnets ) . Please bear in mind that the current router serves IP addresses to the workgroup network ( used for business is on VLAN 1 ) on the left . Basically I want to start moving computers from the workgroup network , over a managed domain network .
network 1.6ii.PNG



I have been trying for some time to get this working but , I am clearly doing something wrong.. As the DHCP services both stopped, I belive both the DHCP servers could detect each other and caused them both to misbehave - despite being on different subnets and separate VLANS .

Below shows the VLANS on the Cisco SG300 Managed switch . This all looks OK to me .


vlan members.PNG

And The DHCP relays are enabled for the VLANS , and pointing at the Windows DHCP server .
dhcp relay config1.PNG



dhcp relay 2.PNG


Can anyone give me further guidance , really wracking my brains here
 

Attachments

  • network 1.6ii.PNG
    network 1.6ii.PNG
    65.3 KB · Views: 286
  • vlan members.PNG
    vlan members.PNG
    47.3 KB · Views: 265
The only port that may need to be trunk is the one to the router if it supports multiple vlans otherwise they should be access vlan ports. Also if you have dhcp snooping enabled you need to set the dhcp server as trusted for dhcp
 
The only port that may need to be trunk is the one to the router if it supports multiple vlans otherwise they should be access vlan ports. Also if you have dhcp snooping enabled you need to set the dhcp server as trusted for dhcp

Thanks for the confirmation on the trunk , this is how it has been configured at the time of writing and in the network diagram above .

Also if you have dhcp snooping enabled you need to set the dhcp server as trusted for dhcp

So Today I enable just the trusted snooping interface on port #23 ( as below ) , though the relay is still not yet working .
Trusted snooping.PNG


Just to recap ; As you have noticed above I have enabled the DHCP relay , and specified to relay packets to the VLANS outside of the server's native VLAN ( VLAN 3) . So in theory I am asking the switch to relay between VLAN 3 and VLAN 4 broadcast domains , for the Computers attached to access Ports on VLAN 4 and the server on VLAN 3 . My attempt at this is as shown , in the capture of the VLAN configuration screen above . I have put both VLAN #3 and VLAN #4 , though I am thinking that only VLAN #4 is needed here ?

As a test (Shown below ) , I have tried adding Interface ports ( as well as the previously added VLANS ) to the DHCP relay table , port GE23 ( VLAN 3 server) and port GE4 ( VLAN4 Client -Access ) .Though this made no difference
DHCP relay interface settings.PNG



On a side note I am however getting IP addresses on the servers native VLAN access ports ( VLAN #3 ) . ANy other suggestions of things I can do/check? Much appreciated
 
Last edited:
FWIW I can set a static IP for VLAN 4 and get internet and contact the server . I have opened another thread on the Cisco forum also but , It seems it is a problem between the DHCP server and the Switch ,
 
I'd say on one of the devices on vlan 3 or 4 install wireshark. Flush dns and then capture the DHCP process and PM it to me.
 
Update ; (With some guidance from the thread created at Spiceworks - read it here) I have now got the inter VLAN and relay working ( with one caveat *) . The main issue was that I was mixing and matching the VLAN interfaces on the routing hardware . The VLANS are now exist on just the switch - This is important because , the VLAN Relay will only work when on the device where the VLANS are created .

The SG300 switch does not care about additional IP addresses of the Router, so having one IP for the tomato is sufficient . It just needs to know its upstream gateway route . I removed the additional IP interfaces from the tomato , added interfaces to the switch , and removed the Trunk between the router and the Cisco SG300 switch.

So now the Router has one IP address ( 10.10.0.1) and routes packets to the sg300 switch IP ( 10.10.0.5)

Add route 10.10.4.0 (VLAN 4) next hop 10.10.0.5 ( switch )
Add route 10.10.3.0 (VLAN 3) next hop 10.10.0.5 (switch )


tomato routes.png



I understand now , I should let the Switch do the InterVlan routing , which does work automatically . I am now able to IP addresses from the Win2016 server on both VLAN Scopes ( VLAN 3 and VLAN 4 ) - Just one issue now :

* I am now unable to get internet on the VLANS
 
Last edited:
As I cannot edit the original Post , an updated topology drawing should be shown , so hopefully the original does not mislead anyone




Network diagram 2.1.PNG


The VLAN interfaces now only reside on the SG300 ( now removed from the upstream router device ) , each of the DHCP scope's gateway address now points to the VLAN interfaces on the SG300 ( 10.10.3.5 , 10.10.4.5 respectively )
 
Last edited:
I am now contemplating adding another SG300 switch ( technically a router) but I am unsure how to connect it , either to the router or the existing SG300 . Also how should the second SG300 be configured , concept is shown below
network 2.2.PNG
 
Back
Top Bottom