Cisco DHCP Server Best Practices

david.hopkinsMHI · ‎03-31-2017

Hi All,

We have two sites connected over a 40meg MetroEthernet circuit and both sites have workstations and ephones. Site1 has a Windows DHCP Server running and Site2 has a DHCP Server running on the main router. There are no servers at Site2.

I know that it is best practice to have one DHCP Server (not on the router), but does this still apply over the WAN using "ip helper-address" or is it better to keep the DHCP services on the router at Site2?

Thank you.

Julio E. Moisa · ‎04-01-2017

Hi

I recommend have DHCP servers if it is possible one per site or assign a primary on a site and secondary on a site, you can determine if the primaries can be on the site and the remote server the backup, It depends of your network.

You can use ip helper if your network is able to reach that remote server through routing.

Under the interface you can use for example:

interface vlan 500
ip add 172.16.10.1 255.255.255.0
ip helper-address 1.1.1.1 primary DHCP
ip helper-address 2.2.2.2 (for backup)

As well a good practice is protect your network using ip dhcp snooping, for example:

Note: On access switches only.

ip dhcp snooping
ip dhcp snooping vlan X1,X2,X3,Xn <-- vlans to protect
no ip dhcp snooping information option

interface g1/0/15
description END-USER-PORT
ip dhcp snooping limit rate <value> the value could be less of 100, I usually use 20.

interface g1/1/1
description TRUNK
ip dhcp snooping trust

Please rate the comment if it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<