[Solved] Active directory, multiple VLANS : DHCP and DHCP relay
-
Hi,
I have started VLAN'ing our company network. The router is a Netgate sg-3100. We have a Windows based AD-domain. I've started by adding a Guest VLAN to our existing network. As I want to keep this VLAN as separated as possible from our main network, the Pfsense router is acting as DHCP server for this Guest VLAN. In our main VLAN, the Windows Server 2016 is acting as DCHP and DNS server.
Now I would like to add a new OT-VLAN (for computers in our production environment). As I understood, the advised way to work is using DHCP relay, so that the DHCP requests from the computers in the OT-VLAN, reach our Windows DHCP server, and then setup a separate DCHP scope for this VLAN.
Now I just found out that pfsense can't have the DHCP server service, and the DHCP relay service, running simultaneously. So one has to go.
I can see several options :- Install a separate DCHP server on our Guest VLAN, so that Pfsense doesn't have to run the DHCP service anymore. That way I can use the relay service. Downside is that I need an additional server (physical or VM).
- Use the pfsense DHCP service as well for the OT-VLAN. Is this a problem? I've read that it is best practice to let Windows server act as DHCP server for its entire domain.
What would be the best way to go?
-
@Tommyboy You can make the AD Server VLAN-aware and turn its switch port in to a trunk that has the OT and Main VLANS, disable PfSense DHCP server (and DNS) on OT VLAN, voila.
-
-
@NightlyShark
Great! thanks for you answer! That solves everything
.Thx!
-
@Tommyboy Please don't forget to mark the post as solved, happy networking!