Cisco 4507 as Access VLANs Gateway and DHCP server

siraj.muneer · ‎11-30-2021

Dear Experts,

We have Cisco 2960X as our Access Layer switches in Campus LAN Network, these Access switches are connected to Cisco 4507 which is acting both as Distribution and Core switch. Cisco 4507 is connected to Nexus 93108 which is acting as Server/DMZ switches. We have made Cisco 4507 as our VLANs gateway and enable DHCP server on it, this C4507 is giving IP addresses to all VLANs. Internet is controlled through Kerio Firewall which is doing QOS and Traffic policing.

Problem i am facing that IP addresses of clients(PC.Laptops,Printer) keeps changing which is making a mess, i even tried configuring Lease Time to INFINITE but still same issue. I cannot do traffic policing on Kerio firewall. Configuration of Cisco 4507 is mentioned below:

ip dhcp pool MARKETING
import all
network 10.4.113.0 255.255.255.0
domain-name COMPANY.COM
default-router 10.4.113.254----------------> default Route is VLAN interface on Cisco 4507
dns-server 10.4.50.12---------------->DNS is in DMZ subnet.
lease infinite

interface Vlan113
description [Marketing-Department]
ip dhcp server use subscriber-id client-id
ip address 10.4.113.254 255.255.255.0

paul driver · ‎11-30-2021

Hello

Looks like you using dhcp port address allocation is there a requirement for that and is this what you want to accomplish - fix the allocation the the specific port of the switch?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

siraj.muneer · ‎11-30-2021

C4507<---->C2960X-----> PC(Client)

Each Cisco 2960X is connected to multiple departments and each department have its own VLANs. IP addresses of clients keep changing.

i cannot use IP to make policies in Proxy/Firewall

balaji.bandi · ‎11-30-2021

Problem i am facing that IP addresses of clients(PC.Laptops,Printer) keeps changing which is making a mess

we need more information here, what kind of mess ? How many device you have in the network is /24 address space good enough ?

below command is the requirement?

ip dhcp server use subscriber-id client-id

refer below document for that command which you using to make sure that is correct requirement

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/15-sy/dhcp-15-sy-book/dhcp-prt-bsd-aa.html

is the device move a different location, they fixed all time?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

siraj.muneer · ‎11-30-2021

ip dhcp server use subscriber-id client-id--------> i just read in cisco configuration guide that "Configures the DHCP server to globally use the subscriber ID as the client ID on all incoming DHCP messages". That is why i configure it on interface vlan!

All users are fixed and doesnt move, Vlans are assigned according to departments exist in a building.

siraj.muneer · ‎11-30-2021

Problem i am facing that IP addresses of clients(PC.Laptops,Printer) keeps changing which is making a mess

Means that IP changes frequently, i cannot use IP to make policies in Proxy/Firewall

balaji.bandi · ‎12-01-2021

In normal conditions DHCP Offers dynamic IP, in this case, my suggestion is to make a reservation for the device to static IP, so does not matter where the user connected, the device with MAC get the same IP address all time in the VLAN (this is best approach all time)

Cisco DHCP is not a full-blown DHCP Server Like any other vendor in the market.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

paul driver · ‎12-01-2021

Hello

Please confirm-

Do you want port address allocation = meaning no matter what device connects to that specific port, itwill ALWAYS receive the same ip address allocation

or

You would like each host to obtain the same ip address allocation no matter where it moves to?

kind regards
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

siraj.muneer · ‎12-02-2021

Scenario is bit different "Each department have PCs and Printers connected to LAN ports in there rooms, They are all in same VLAN so that i can use there Subnet/IP address for Traffic shaping/policing in Proxy Server". I want each network device (PC or Printer) to retain there IP addresses no matter they are rebooted several time so that i can use there IPs in Policies implementation in Proxy. We dont have budget to acquire NAC solution or IAM solutions available in market.

paul driver · ‎12-06-2021

Hello
So then you need to make reservations for those hosts within the dhcp scope

Create a text file with the host IP address and there related Mac addresses then make the dhcp server lookup this text file and reserve this hosts ip addresses

EXAMPLE:
dhcpreservation.text
!IP address Type Hardware address Lease expiration
172.16.0.1/24 1 0011:1111:1111:11 Infinite
172.16.0.2/24. 1 0022:2222:2222:22 Infinite
172.16.0.3/24. 1 0033:3333:3333:33 Infinite
*end*

no service dhcp
Ip dhcp pool lan
origin file tftp://x.x.x.x/dhcpresevation.text
service dhcp

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul