There are a few ways to deploy applications. The simplest would be through group policy using MSI files. I'll try and put something together this week. You can also do it with batch scripts, powershell scripts, and SCCM aka System Center (my personal favorite). I am working on a SCCM series but its going to be a while before its done. I am still testing everything and making notes.
Very crystal. I like the fact that you can add as much subnet using the one DHCP server without physically having different servers on each subnet.... Cooolllll.....
For anyone still wondering, Windows DHCP servers will typically not assign addresses to a scope you created unless the server itself has an IP address on that network. So you either need to attach a separate NIC to the server so it's on the new network, or assign the server to the VLAN associated with that scope. This changes slightly with relays though depending on config
@@RoggyRoast Thanks i was wondering why it was only able to lease addresses within its own subnet. Can you elaborate more about the relays? I currently have one pointing to my domain controller but it does not send and offer packets back.
Great video, thanks a lot. Can you please show me, how to configure Unifi AP, that they distribute DHCP lease from Windows Server to WIFI clients.... that would be great... thanks in advance.
Good ole SCCM! That’s a fun one. I thought about doing a SCCM guide but I eventually decided against it. It’s kind of complicated to setup but it’s very rewarding once it’s done. There is a lot of good info on SCCM and I also felt others already had it dialed in. If your interested in SCCM you need to check out www.systemcenterdudes.com and www.prajwaldesai.com. They have some fantastic content.
@@ITLumberjack Yes those are the exact same guides I used. I decided I need to learn it after interviewing with several local companies and almost all of them use SCCM(Ohio). I've only worked one enterprise company and we didn't even use SCCM so I feel I am maybe getting passed up because of it.
SCCM isn’t going anywhere just yet but Azure InTune and Autopilot will eventually replace it. As more companies push there infrastructure to the cloud those are the two pieces of tech that will replace SCCM. At a previous job I setup and maintained a small SCCM deployment. We had around 2000 devices in total. Right before I left we collectively made the decision to drop SCCM completely and use PDQ Deploy and Inventory in conjunction with InTune. Every setup is different and there isn’t a wrong answer. As long as the solution solves the problem safely and securely then i call that a success.
I feel like alot of important parts were skipped. You configured VLan 20 from the router first? Where is the computer getting Vlan 20 DHCP connected to? Was this a port configuration on the router? YOu cant just add a scope and the computer will just receive VLan 20 DHCP because of scope configuration. You have to show the router configuration show people can understand.
The objective of the video was to show how to setup multiple DHCP scopes on a Windows Server box. Not how to configure the router. I did briefly touch on that in the video. Since their are an infinite number of brands out there I chose not to cover the router details because every brand is different. I am sorry to hear that this wasn't of value to you. I hope you find what you're looking for.
how do you force a given computer to join a selected subnet? I can create all the scopes i want in dhcp server, but how do i force a given computer to join the one i want?
Got my sub, thanks! So DHCP relay can be used on firewalls as well but does firewall vs switch supersede the other or would that cause some kind of misconfiguration?
Good day. That was an excellent video. I have a Unifi Dream Machine Pro and 17 Unifi switches. I have a VLAN setup on the DMP. I can ping our DHCP server from the VLAN devices but cannot pink from the main LAN to a device on the VLAN. Thoughts?
Awesome and clear vid but, as a beginner, I seem to be missing something. We set the VLANS on the USG. Got it. What now? Am I correct in understanding that the instruction to a client as to which DHCP scope to get IP from is done by setting a proper vlan on the port the client device is wired to?
@deezee1570 I think I understand your question. If this doesn't answer it, let me know and we will try again! VLANs and subnets are concepts in networking that often work together to organize and manage network traffic efficiently. A VLAN operates at Layer 2 of the OSI model and provides a logical separation of networks at the data link layer, allowing you to segment network traffic without requiring multiple physical networks. On the other hand, subnets operate at Layer 3 (the network layer) and are used to divide a larger network into smaller, manageable parts...subnets. Each subnet is associated with a specific IP address range. Typically, you would assign one subnet per VLAN to keep network organization straightforward and secure. For instance, if you have two subnets, say 10.10.0.0/24 and 10.20.0.0/24, you would ideally place them in separate VLANs to isolate their traffic at the data link layer. When it comes to assigning IP addresses dynamically, a DHCP server comes into play. The server allocates IP addresses to devices from a specific range, known as a DHCP scope. However, the DHCP server operates at Layer 3 and does not directly interact with VLANs. Instead, it assigns IP addresses based on the subnet from which a request was received. If a DHCP server is on a different subnet than the client requesting an IP address, a DHCP Relay Agent is used. This agent forwards the client's request from the client's subnet to the DHCP server. The server then determines the appropriate IP address for the client based on the subnet from which the request originated, ensuring the client receives an IP address that matches its subnet. This setup allows network administrators to efficiently manage network resources, ensuring devices can communicate effectively while maintaining organizational and security requirements.
Good question. In a multi subnet environments you have a VLAN that correlates with the subnet. For example if you have a subnet of 192.168.1.0/24 and a subnet of 192.168.2.0/24 these two subnets are divided by a VLAN. 192.168.1.0/24 may be in VLAN 10 while 192.168.2.0/24 would be in VLAN 20. The VLAN numbers are usually assigned by the switch or if 802.1x is in use it can dynamically be applied. Once a VLAN is assigned to a port the gateway of the subnet/VLAN will then answer any of the DHCP requests. The DHCP server knows to assign an IP based on the subnet the request came from. I hope that helps!
It knows based on the subnet the request is coming from. So if the gateway of the subnet is 192.168.0.1/24 then the server know to issue an address in the 192.168.0.0/24 subnet. Another way to think about it is to think of the gateway as your DHCP server for each subnet.
Have you run into issues, where DNS doesn't resolve between subnets/VLANs? Ping requests work fine between VLAN's using IP's, however DNS doesn't resolve...
Good question. The devices playing relay/helper will have an IP address (the gateway). The relay will then request an IP from the DHCP server for the subnet that the gateway resides in. Windows will only hand out IPs for that subnet since the request is for a specific subnet. I hope that makes since.
@@ITLumberjack Yes, this is the case if the request comes from the new added VLAN from a different network. But is this also the case for the client-computer in the same network as the DHCP-Server? Because this client now can request a IP from two different scopes on the same server in the same network...? Which scope will answer the request?
@@benjaminpfau5822 if the devices is on the same subnet/VLAN/layer 2 as the server, the typical DHCP offer, request, acknowledgement will occur. If device is on a different subnet, the traffic will be encapsulated into a DHCP relay message. Essentially the request will have additional information for a different subnet. If you where to look at it in Wireshark, it you would be able to see how the requests are processed differently.
Good video, but didn't work for me, I wonder if some of my other settings in my USG are different from your dream MCH? Would you mind showing some more settings in your dream MCH like the other networks and why they are different? in another vid! I have a 2012R2 server and a ubiquiti USG - This is a common setup I'm sure but I turned off the DHCP on my USG so the server could handle the DHCP and its working now without the working vlan20 so i'm not sure where I am on the relay function, geese I sound dumb! lol
Hi i am unable to connect any devices to this new vlan as i made same settings as your but into my USG there are more options into DHCP Relay section such as Hop Count, Maximum Packet Size, Listen and Transmit Port, Relay Agent Options Handling which i have not set. I have one doubt. How DNS Zones on Server2012r2. How will dns records be created with this new vlan ?
Unfortunately I can't say why the USG isn't doing DHCP relay. You may want to take a look at Ubiquiti documentation. As for DNS, as long as the DNS address being issued to the client is the internal DNS server, the records will be created.
Hi There, Can you please explain how to add my 24PoE in UniFi controller? as it is not discoverable. Is there any command like for access point i used set-inform command, something like that?
I do not have a Unifi PoE switch. I have am using a Ubiquiti ToughSwitch. The ToughSwitch is a managed switch but it can't be joined to the unifi centralized management. It has to be managed separately. If you would like to see a video on how to connect other brands PoE switches to a dream machine, I can make that happen. Since I don't have a Unifi poe switch I can't demo that as of right now.
Correct. The port on the server can be a regular ole access point. When the request comes in the server is looking at the subnet, not a vlan. This is all assuming dhcp relay is being used on the layer 3/router.
I have never put a DHCP server in truck and tagged each VLAN. I suppose you could do that but I think it adds an unnecessary level of complexity. I have always set my server port on the switch as an access port. The only vlan associated with the port is the vlan number that my server resides in. For Cisco here is an example of a config. We will assume the dhcp server is in vlan 2 and we have endpoint in vlan 3 that need to get its address from the dhcp server. Our dhcp server will have an ip of 10.0.0.1 !Sever Port Config Switchport mode access Switchport access vlan 2 !VLAN 3 Interface Config ip address 10.10.0.1 255.255.255.0 Ip helper-address 10.0.0.1 I hope that makes more sense. I would highly recommend labbing this to test it and play around with how it works. Disclaimer…that config info is only what would be required for a switch. That by no means is best practice for a solid Cisco config. That is just enough to make it work.
Here is another reason why I never trunked my DHCP server. If I have 20 locations and each location is using inter-vlan routing on each L3 switch/router at each site, I can’t assign the server a vlan on a completely different subnetwork if it’s traversing a WAN or something similar. That is where the ip helper address comes into play. With it you can server as many networks as you want no matter the location on the network. If you can ping it, it should be able to assign an IP to endpoints in the subnet.
Hi is there anyway that the same can be done for host names across different vlan's on ubiquiti with a windows server serving DNS requests across different vlan? I have a windows server that I would like to use for resolving host names of different machines across different vlan's so that machines from one vlan to another can browse to shared folders on different machines using the host name rather than IP addresses.
Hi IT Lumberjack, Did you do a port profile for that Vlan? I did not. I am asking because this is not working for me. My computer can not get an IP address. I have the UDM-Pro and the US-24-G1. I created the Vlan, selected a port on the switch to and added the profile, but not getting an IP address. I made a Vlan for IoT.
Same here. Just setup my domain controller with unifi for wireless. I haven't looked into this much since I just got it working, but if you found a solution that would save googling that would be awesome. Thanks!
Would this also work for single networks? No vlans? I am looking to establish win server as my DHCP server and have my UDM get the IPs from the win DHCP server.
Exactly what I was looking for, so, thanks for sharing your knowledge in this video.
You're welcome!
@@ITLumberjack I would like to see more Windows domains content
@@ahirnimesh09 anything specific? Failover DHCP? Managing DHCP with Powershell? Let me know and I will see if I can make it happen!
@@ITLumberjack how to deploy apps on domain joined client pc
There are a few ways to deploy applications. The simplest would be through group policy using MSI files. I'll try and put something together this week.
You can also do it with batch scripts, powershell scripts, and SCCM aka System Center (my personal favorite).
I am working on a SCCM series but its going to be a while before its done. I am still testing everything and making notes.
Very crystal. I like the fact that you can add as much subnet using the one DHCP server without physically having different servers on each subnet.... Cooolllll.....
You video shows you had two DHCP scopes. How did the DHCP server determine which scope to issue an IP address from?
For anyone still wondering, Windows DHCP servers will typically not assign addresses to a scope you created unless the server itself has an IP address on that network. So you either need to attach a separate NIC to the server so it's on the new network, or assign the server to the VLAN associated with that scope. This changes slightly with relays though depending on config
@@RoggyRoast Thanks i was wondering why it was only able to lease addresses within its own subnet. Can you elaborate more about the relays? I currently have one pointing to my domain controller but it does not send and offer packets back.
I can't express how helpful this was, thank you!
I am glad I could help! If you have anything else you would like to see let me know.
Thanks, this has been very helpful. Now I know I have to set up a DHCP on my Fortinet 😁
Thanks a lot.
May god guide you to the best here and hereafter.
Excellent video, Thank you!
Nice. Now I understand how to do this on my Network. Thanks
thank you
Great video, thanks a lot. Can you please show me, how to configure Unifi AP, that they distribute DHCP lease from Windows Server to WIFI clients.... that would be great... thanks in advance.
Hey man thanks for this video. I'm trying to train myself as much as possible on networking in my homelab and this did the trick.
That is awesome! I’m glad it was helpful. What tools/equipment are you using in your home lab?
@@ITLumberjack I was using the router as DHCP, but i want to use windows so I can integrate into SCCM and learn how to use that.
Good ole SCCM! That’s a fun one. I thought about doing a SCCM guide but I eventually decided against it. It’s kind of complicated to setup but it’s very rewarding once it’s done. There is a lot of good info on SCCM and I also felt others already had it dialed in. If your interested in SCCM you need to check out www.systemcenterdudes.com and www.prajwaldesai.com. They have some fantastic content.
@@ITLumberjack Yes those are the exact same guides I used. I decided I need to learn it after interviewing with several local companies and almost all of them use SCCM(Ohio). I've only worked one enterprise company and we didn't even use SCCM so I feel I am maybe getting passed up because of it.
SCCM isn’t going anywhere just yet but Azure InTune and Autopilot will eventually replace it. As more companies push there infrastructure to the cloud those are the two pieces of tech that will replace SCCM.
At a previous job I setup and maintained a small SCCM deployment. We had around 2000 devices in total. Right before I left we collectively made the decision to drop SCCM completely and use PDQ Deploy and Inventory in conjunction with InTune.
Every setup is different and there isn’t a wrong answer. As long as the solution solves the problem safely and securely then i call that a success.
I feel like alot of important parts were skipped. You configured VLan 20 from the router first? Where is the computer getting Vlan 20 DHCP connected to? Was this a port configuration on the router? YOu cant just add a scope and the computer will just receive VLan 20 DHCP because of scope configuration. You have to show the router configuration show people can understand.
The objective of the video was to show how to setup multiple DHCP scopes on a Windows Server box. Not how to configure the router. I did briefly touch on that in the video. Since their are an infinite number of brands out there I chose not to cover the router details because every brand is different.
I am sorry to hear that this wasn't of value to you. I hope you find what you're looking for.
New Subscriber 🎉 Thanks for the video ☺️
Excellent! 😍
Thanks for the video!
Thanks
Thx for the video!
how do you force a given computer to join a selected subnet? I can create all the scopes i want in dhcp server, but how do i force a given computer to join the one i want?
Your endpoints need to be divided up into VLANs. That has to be done at on the connecting switch.
Got my sub, thanks! So DHCP relay can be used on firewalls as well but does firewall vs switch supersede the other or would that cause some kind of misconfiguration?
Good day. That was an excellent video. I have a Unifi Dream Machine Pro and 17 Unifi switches. I have a VLAN setup on the DMP. I can ping our DHCP server from the VLAN devices but cannot pink from the main LAN to a device on the VLAN. Thoughts?
Awesome and clear vid but, as a beginner, I seem to be missing something. We set the VLANS on the USG. Got it. What now? Am I correct in understanding that the instruction to a client as to which DHCP scope to get IP from is done by setting a proper vlan on the port the client device is wired to?
@deezee1570 I think I understand your question. If this doesn't answer it, let me know and we will try again!
VLANs and subnets are concepts in networking that often work together to organize and manage network traffic efficiently. A VLAN operates at Layer 2 of the OSI model and provides a logical separation of networks at the data link layer, allowing you to segment network traffic without requiring multiple physical networks.
On the other hand, subnets operate at Layer 3 (the network layer) and are used to divide a larger network into smaller, manageable parts...subnets. Each subnet is associated with a specific IP address range.
Typically, you would assign one subnet per VLAN to keep network organization straightforward and secure. For instance, if you have two subnets, say 10.10.0.0/24 and 10.20.0.0/24, you would ideally place them in separate VLANs to isolate their traffic at the data link layer.
When it comes to assigning IP addresses dynamically, a DHCP server comes into play. The server allocates IP addresses to devices from a specific range, known as a DHCP scope. However, the DHCP server operates at Layer 3 and does not directly interact with VLANs. Instead, it assigns IP addresses based on the subnet from which a request was received.
If a DHCP server is on a different subnet than the client requesting an IP address, a DHCP Relay Agent is used. This agent forwards the client's request from the client's subnet to the DHCP server. The server then determines the appropriate IP address for the client based on the subnet from which the request originated, ensuring the client receives an IP address that matches its subnet.
This setup allows network administrators to efficiently manage network resources, ensuring devices can communicate effectively while maintaining organizational and security requirements.
So question, how would the new machine would know what subnet it will be part of?
Good question. In a multi subnet environments you have a VLAN that correlates with the subnet. For example if you have a subnet of 192.168.1.0/24 and a subnet of 192.168.2.0/24 these two subnets are divided by a VLAN. 192.168.1.0/24 may be in VLAN 10 while 192.168.2.0/24 would be in VLAN 20. The VLAN numbers are usually assigned by the switch or if 802.1x is in use it can dynamically be applied.
Once a VLAN is assigned to a port the gateway of the subnet/VLAN will then answer any of the DHCP requests. The DHCP server knows to assign an IP based on the subnet the request came from.
I hope that helps!
but how does the server know who is asking address and witch VLAN he cam from
It knows based on the subnet the request is coming from. So if the gateway of the subnet is 192.168.0.1/24 then the server know to issue an address in the 192.168.0.0/24 subnet.
Another way to think about it is to think of the gateway as your DHCP server for each subnet.
Have you run into issues, where DNS doesn't resolve between subnets/VLANs? Ping requests work fine between VLAN's using IP's, however DNS doesn't resolve...
Me personally no.
Will it always give the IP out of the correct scope? How does the DHCP server know which scope to give out of ?
Good question. The devices playing relay/helper will have an IP address (the gateway). The relay will then request an IP from the DHCP server for the subnet that the gateway resides in. Windows will only hand out IPs for that subnet since the request is for a specific subnet.
I hope that makes since.
@@ITLumberjack Had same question, thanks for answering this.
@@ITLumberjack Yes, this is the case if the request comes from the new added VLAN from a different network. But is this also the case for the client-computer in the same network as the DHCP-Server? Because this client now can request a IP from two different scopes on the same server in the same network...? Which scope will answer the request?
@@benjaminpfau5822 if the devices is on the same subnet/VLAN/layer 2 as the server, the typical DHCP offer, request, acknowledgement will occur. If device is on a different subnet, the traffic will be encapsulated into a DHCP relay message. Essentially the request will have additional information for a different subnet. If you where to look at it in Wireshark, it you would be able to see how the requests are processed differently.
Good video, but didn't work for me, I wonder if some of my other settings in my USG are different from your dream MCH?
Would you mind showing some more settings in your dream MCH like the other networks and why they are different? in another vid!
I have a 2012R2 server and a ubiquiti USG - This is a common setup I'm sure but I turned off the DHCP on my USG so the server could handle the DHCP and its working now without the working vlan20 so i'm not sure where I am on the relay function, geese I sound dumb! lol
Hi i am unable to connect any devices to this new vlan as i made same settings as your but into my USG there are more options into DHCP Relay section such as Hop Count, Maximum Packet Size, Listen and Transmit Port, Relay Agent Options Handling which i have not set. I have one doubt. How DNS Zones on Server2012r2. How will dns records be created with this new vlan ?
Unfortunately I can't say why the USG isn't doing DHCP relay. You may want to take a look at Ubiquiti documentation.
As for DNS, as long as the DNS address being issued to the client is the internal DNS server, the records will be created.
Hi There, Can you please explain how to add my 24PoE in UniFi controller? as it is not discoverable. Is there any command like for access point i used set-inform command, something like that?
I do not have a Unifi PoE switch. I have am using a Ubiquiti ToughSwitch. The ToughSwitch is a managed switch but it can't be joined to the unifi centralized management. It has to be managed separately.
If you would like to see a video on how to connect other brands PoE switches to a dream machine, I can make that happen. Since I don't have a Unifi poe switch I can't demo that as of right now.
So you don't have to setup the VLAN tag on the Windows server port on the switch?
Correct. The port on the server can be a regular ole access point. When the request comes in the server is looking at the subnet, not a vlan.
This is all assuming dhcp relay is being used on the layer 3/router.
@@ITLumberjack Right but I have to tag the VLAN's on the server port of the switch correct?
I have never put a DHCP server in truck and tagged each VLAN. I suppose you could do that but I think it adds an unnecessary level of complexity.
I have always set my server port on the switch as an access port. The only vlan associated with the port is the vlan number that my server resides in.
For Cisco here is an example of a config.
We will assume the dhcp server is in vlan 2 and we have endpoint in vlan 3 that need to get its address from the dhcp server. Our dhcp server will have an ip of 10.0.0.1
!Sever Port Config
Switchport mode access
Switchport access vlan 2
!VLAN 3 Interface Config
ip address 10.10.0.1 255.255.255.0
Ip helper-address 10.0.0.1
I hope that makes more sense. I would highly recommend labbing this to test it and play around with how it works.
Disclaimer…that config info is only what would be required for a switch. That by no means is best practice for a solid Cisco config. That is just enough to make it work.
Here is another reason why I never trunked my DHCP server. If I have 20 locations and each location is using inter-vlan routing on each L3 switch/router at each site, I can’t assign the server a vlan on a completely different subnetwork if it’s traversing a WAN or something similar. That is where the ip helper address comes into play. With it you can server as many networks as you want no matter the location on the network. If you can ping it, it should be able to assign an IP to endpoints in the subnet.
Hi is there anyway that the same can be done for host names across different vlan's on ubiquiti with a windows server serving DNS requests across different vlan? I have a windows server that I would like to use for resolving host names of different machines across different vlan's so that machines from one vlan to another can browse to shared folders on different machines using the host name rather than IP addresses.
Yes. Its easy. All of different hosts/endpoint need to point to the WIN server serving as the DNS server. That's it!
Hi IT Lumberjack,
Did you do a port profile for that Vlan? I did not. I am asking because this is not working for me. My computer can not get an IP address.
I have the UDM-Pro and the US-24-G1. I created the Vlan, selected a port on the switch to and added the profile, but not getting an IP address.
I made a Vlan for IoT.
Same here. Just setup my domain controller with unifi for wireless. I haven't looked into this much since I just got it working, but if you found a solution that would save googling that would be awesome. Thanks!
how many network card is installed on this dhcp server ?
One
Would this also work for single networks? No vlans? I am looking to establish win server as my DHCP server and have my UDM get the IPs from the win DHCP server.
Yes, it will work for a single network. The helper addresses would not be needed if that was the case.
Those are not VLAN tho