Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1801
Views
5
Helpful
5
Replies

DHCP Relay Issues

Mike Robertson
Level 1
Level 1

‎08-05-2021 08:43 AM

Ive got some seemingly inconsistent DHCP relay behavior with CISCO SG3XX Series switches and 881 Series routers that I would like to see if you can help me make sense of.  Here is the scenario:

 

Site A is our main office and has the majority of our servers.  It has a CISCO 881 as the site router and an SG350 switch as the primary switch at the site.  There are multiple VLANs at this site and they terminate on the SG350.  I have a Microsoft DHCP server connected to the SG350 and it provides DHCP services to all the various VLANs at Site A.  I have the IP address of the DHCP server set as a relay on the SG350 and DHCP relay is enabled on all the VLANs terminating on the SG350.  There are no issues with this configuration and all the DHCP clients get IP addresses no problem.

Site B is a remote location.  For simplicities sake, assume that it too has an 881 as the site router, an SG350 as the primary switch, and a similar array of VLANs as Site A.  There is a local Windows DHCP server, the VLANs terminate on the SG350, etc. same as above.  Site A & B use a DMVPN to connect the sites together as most of the servers users at site B need to connect to are located at Site A.  Again, Site B DHCP clients have no issues connecting to the Site B DHCP server and getting addresses.  

 

Now suppose I want to do something like DHCP loadbalancing\failover so that if the DHCP server at Site B is down for some reason, clients at Site B can connect to the Site A DHCP server and get an address.  So I add the IP address of the Site A DHCP server to the DHCP Relay list on the Site B SG350.  Also, assume that the loadbalancing\failover is correctly setup on the two DHCP servers.  In this configuration (with a key point being that the VLANs at Site B terminate on the SG350) DHCP requests from Site B clients are not completed by the Site A DHCP server.  This is the issue.

 

Now for the part I dont under stand.  Lets assume the exact same scenario EXCEPT that the VLANs at Site B now terminate on the CISCO 881 Router, and not the switch.  Everything else is exactly the same.  The router now has the IP addresses of the Site A & Site B DHCP servers listed as IP-Helper addresses.  DHCP clients can now get IP addresses from either DHCP server.  If you move the VLANs back to the SG350 to terminate there, only the local DHCP server will answer DHCP requests.

 

Ultimately, I would like to get my DHCP setup to be redundant so I would like to figure out how to get the relay working with an off site DHCP server while keeping the VLANs terminated on the SG350, not the 881.  The main reason for this is that I have more VLANs than 8, which is the limit to the number of VLANs an 881 can handle.  

Labels:
5 Replies 5

pieterh
VIP
VIP

‎08-10-2021 07:38 AM - edited ‎08-10-2021 07:42 AM

you can define both DHCP scopes,

but in my understanding  this cisco router does not responds to DHCP requests for a subnet where itself does not have an IP-address
so it will not work defining a scope in site-B for site-A as traffic is relayed by an intermediate network

other models do provide this option

like IP Addressing: DHCP Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) - Configuring the Cisco IOS DHCP Server [Cisco IOS XE 3SE] - Cisco

The Cisco DHCP server can accept broadcasts from locally attached LAN segments or from DHCP requests that have been forwarded by other DHCP relay agents within the network.

 

0 Helpful

Mike Robertson
Level 1
Level 1
In response to pieterh

‎08-10-2021 07:59 AM

Hi.  Thanks for the response but as I mentioned in my original post, I am not using either the switches or the routers as DHCP servers.  I have Microsoft DHCP servers running.  My question is around why the helper-ip\DHCP relay functions on the routers and switches have the behavior I outlined in the post and how to configure things they way I need them to work.

0 Helpful

pieterh
VIP
VIP
In response to Mike Robertson

‎08-10-2021 08:36 AM

sorry I overlooked/misread some of the information
if the response between 881 and SG33x is different,
then you need to look into the addresses that either uses as source-address for the DHCP relay
looks like one crosses the site link to the DHCP server and the other does not
start with ping/traceroute to the DHCP server specifying source-address or source-interface

also check the firewall on the DHCP server to accepts traffic from this address

0 Helpful

Mike Robertson
Level 1
Level 1
In response to pieterh

‎08-10-2021 09:02 AM

So I can say with certainty that routing isnt an issue.  Neither is firewalling.  And yes, having DHCP requests go across the WAN is what I am trying to accomplish.  This works when the VLANs terminate on the router.  This does not work when the VLANs terminate on the switch.  Getting this to work when the VLANs terminate on the switch is the goal.

0 Helpful

Georg Pauwen
VIP
VIP

‎08-11-2021 08:35 AM

Hello,

 

just for my understanding, this works when the Vlans terminate on the router...meaning it works when you have Vlan (sub)interfaces configured on the routers ?

 

Can you post the config of the router(s) in the setup that does NOT work ?

0 Helpful
Customers Also Viewed These Support Documents