Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2144
Views
20
Helpful
11
Replies

ip-helper help!

andrewhancock91
Level 1
Level 1

‎04-23-2019 01:04 PM

Hi All,

Hopefully this is in the right place, I'm working on a network redesign which would replace our current Router/Gateway (non-cisco) as the DHCP server and put the Windows AD server in charge of DHCP instead.  I've configured ip-helper on the switches (2960X) which works fine IF I have an IP assigned to the SVI of each vlan, the problem is we have ~15 switches and I don't want to have each of them addressed in every vlan.  Rather than assigning an IP to the SVI of the vlan can I somehow insert the gateway address into the dhcp request with a dhcp option or something?  I've searched and experimented with this for a couple hours but can't find a good solution.

Thanks!

Labels:
0 Helpful
11 Replies 11

Jaderson Pessoa
VIP Alumni
VIP Alumni

‎04-23-2019 01:19 PM - edited ‎04-23-2019 01:19 PM

@andrewhancock91 hello,

 

Well, ip helper is necessary apply it on any interfaces that you need request DHCP.  What is the device that provide all networking routing in your design?  

 

Because 2960x is limited to do it.

 

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

andrewhancock91
Level 1
Level 1
In response to Jaderson Pessoa

‎04-23-2019 02:43 PM

I'm only using the 2960x as L2 devices, they are not performing any kind of routing. In this design we would be using pfSense as the primary routing device. The issue is that when I've used DHCP Relay in pfSense in the past it has presented some issues which is why I'm trying to do it on the switches instead.
0 Helpful

Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to andrewhancock91

‎04-23-2019 04:40 PM

you wont be able to do it on L2 device for every vlan, because L2 device doesn't create more than one routed vlan. You can use PFSENSE as DHCP RELAY for it; If you need help with PFSENSE I'm able to help you with it;
Jaderson Pessoa
*** Rate All Helpful Responses ***

andrewhancock91
Level 1
Level 1
In response to Jaderson Pessoa

‎04-24-2019 07:22 AM

Jaderson, What I'm gathering from the response below from Seb is that it will work as long as there is one SVI per vlan, so out of my 15 switches I should only need one of them to be configured with an SVI and IP-Helper per vlan. Hopefully I'm understanding that right, unfortunately I don't have a good test environment set up right now to try this so I'll have to test it on the live network one evening after hours.

I do know that I can use pfSense as a DHCP relay and have done that in the past, the issue I ran in to is that when pfSense starts the DHCP Relay service and it can't reach the DHCP server, such as after a power outage because pfSense boots faster than Windows Server, it essentially shuts down the service and you have to manually restart it after the DHCP Server is available. My other option at this point is to just have pfSense handle DHCP for certain networks but I'd really like to keep DHCP managed from one place instead of multiple.

Thanks!
Andrew
0 Helpful

Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to andrewhancock91

‎04-24-2019 08:10 AM - edited ‎04-24-2019 08:10 AM

@andrewhancock91 Seb said that you will need configure each vlan with SVI and set ip-helper under it. If your PFSENSE that is routing of all of your VLAN, you will need create DHCP relay on PFSENSE. 

 

" I ran in to is that when pfSense starts the DHCP Relay service and it can't reach the DHCP server, such as after a power outage because pfSense boots faster than Windows Server, it essentially shuts down the service and you have to manually restart it after the DHCP Server is available. "

 

you can solve it creating a crontab restarting service each 30 minutes as you need. I not  suggest for you to configure each switch with each of them with diffrent svi and ip-helper. If and just if you have a L3 device to make routing of your whole network. If no,  i suggest you to use PFSENSE as DHCP RELAY appoint to your DHCP SERVER and create a cron to restart this service a each random time.

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Jaderson Pessoa

‎04-24-2019 09:42 AM

It is an interesting situation that routing will be handled by pfSense but that you do not want pfSense to do the DHCP or DHCP relay. I believe that @Seb Rupik has given good advice. You need at least one SVI configured per vlan (but not an SVI on each switch) and with ip helper-address configured in the SVI. The client DHCP requests are sent as broadcasts so they should reach the switch with the SVI. And the switch would forward the request to the DHCP server using its configured IP address so the DHCP server would be able to identify the appropriate scope to use.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni

‎04-23-2019 01:25 PM

Hi there,

Each VLAN should have at least one gateway configured as an SVI (but not one on each switch). For the DHCP relay to work an IP address is required which is used in the Option 82, this relay agent information informs the DHCP server of the source subnet of the DHCP request and allows it to issue a lease from the correct pool. Without an IP address on the SVI, not only have the packet not be routed but the DHCP relay this system cannot function.

 

cheers,

Seb.

andrewhancock91
Level 1
Level 1
In response to Seb Rupik

‎04-23-2019 02:49 PM

Each vlan does have a gateway, which is a pfSense router, but for various reasons I can't use the DHCP Relay function on that device which is why I'm trying to do it on the switches. What i'm picturing and may or may not be possible is to attach the Option 82 data (use the network address or something) without needing an SVI IP that way the DHCP server can assign an address from the correct pool and I'm not taking up addresses in my network. Like I said, it may not be possible or practical but I needed to see if there was a better option. So what you're saying is I only need one of my switches to be configured with an SVI and ip-helper in each vlan?
Thanks!
0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to andrewhancock91

‎04-24-2019 12:03 AM

Your assertion is correct, you do need an SVI and 'ip helper-address' for each VLAN. Your IP allocation must be pretty tight if you cannot spare a single IP for an SVI ! :)

 

Could you not configure the pfSense box as the DHCP server if it already has an interface in each VLAN?

 

Cheers,

Seb.

andrewhancock91
Level 1
Level 1
In response to Seb Rupik

‎04-24-2019 07:11 AM

Well, there is really just one vlan at each site that is kept extremely tight which is where we keep POS devices. I could configure the pfSense as DHCP for some of the vlans but I want my PC network DHCP to be handled by Active Directory and it seems simpler to keep one DHCP server per site. However its looking like that may not be the best solution.

Thanks!
Andrew
0 Helpful

luis_cordova
VIP Alumni
VIP Alumni

‎04-23-2019 02:04 PM

Hi @andrewhancock91 ,

 

I'm sorry if I extend, but I'll try to be very specific.

 

If you configure an SVI on each L3 switch, you are creating a broadcast domain for each vlan for each switch.
That is, if you have vlan 10 and 20 distributed on each switch, you will have 30 broadcast domains.
Each broadcast domain requires a different DHCP pool.

 

Now, if you leave only the SVI of VLAN 10 and 20 in a single L3 switch and the other switches communicate with it through trunk links, you will only have 2 broadcast domains and, therefore, you will only need 2 DHCP pools.

 

As mentioned before, if the DHCP server is part of a vlan, then the DHCP requests will reach the server through broadcast.
VLANs that do not have a DHCP server inside them, must have configured in their SVI the ip helper-address command, pointing to the DHCP server.

 

Regards

Customers Also Viewed These Support Documents
Top