Configure Windows DHCP default gateways

Posted by Dark Training on May 26, 2010 tags: | windows

Let's say you have a default gateway that you want your clients to go to, like a proxy server like squid or firewall. You may run into an issue if that server ever goes offline.

One way to get around this is to configure multiple gateways, but can you specify a default gateway with a DHCP client? Yes.

Pull up your LAN device properties, then under the general tab select advanced

Now under the IP settings tab select "Add" from the default gateways

In the corresponding window that comes up, enter the default gateway you want to use first.

Now if all you want is a dual homed gateway your done, but if you want a specific order you should notice that in my image above I unchecked "Automatic metric".

In short Automatic metric looks at the two gateways and take the faster of the two as the primary gateway. Again this is fine if you want a dual homed device but in our case we want to point to a proxy server first, then fail over to a different network.

The number in metric is the order that it will use a priority (technically its cost), the higher the number the lower the priority. So if you enter the first IP as Metric: 1, then the 2nd IP as Metric:2, it will use the first IP then if that's down, fail over to the 2nd.

One reason for doing this in the proxy example would be if your risk model allowed for your users to temporarily not be behind the proxy (IE access to the internet is more important than the security / function of the proxy) you would want them to fail over to a different default gateway.

Would this be a good idea in a highly secure facility or enterprise, no. But if your supporting a SMB (small to medium business) and the proxy is just for web acceleration or lite content filtering, then this would not be a bad thing. It allows the users to stay on the internet should your proxy server or device go offline.

NOTE:

It's worth pointing out that if you set the metric to manual and it DOES fail over, it wont fail back unless the fail-over fails.

In simple terms: If it fails over, you will likely need to reboot the client to get back to the primary gateway.

To accomplish the auto fail back you would want to look into RIP.

Links

*http://windows.microsoft.com/en-us/windows-vista/Configuring-multiple-gateways-on-a-network
*http://support.microsoft.com/kb/841804