VLANs and DHCP, very important??

mmozanen · ‎01-04-2005

Dears,

Please, I want to understand this issue,

In the case that we have a Multi-Vlan networks, L2,L3 switches, and DHCP.

I know how to configure this and enable the ip connectivity for the user, but I'm asking about how would the DHCP assign the correct IP address(from a specific scope) to the its correspondent VLAN,'

for example,

if we have:

-VLAN2 with VLAN ID=2 and (10.10.2.0 scope)

-VLAN3 with VLAN ID-3 and (10.10.3.0 scope)

-VLAN4 with VLAN ID=4 and (10.10.4.0 scope)

-VLANs coming form different communications closet,

IP-helper address specified in the configuration (in the core switch)

- Three pre-defined DHCP scopes,

How the DHCP server with correctly assign the correct IP scope to the correct vlan user.

What I understand that, the request from vlan2-for example, will reach the L3 switch with the VLAN ID=2, as a broadcast traffic,

L3 switch will recognize this traffic type as DHCP discovery (UDP port # !!! ) and will sent a unicast to the DHCP asking for the corresponding IP scope, because the L3 know the mapping between the L2 and L3 ( I mean, it knows the user from vlan2 came from VLAN interface 10.10.2.x )

Is that right???

Please I need the deep details, because I want to make sure I understand the concept.

with regards

thisisshanky · ‎01-04-2005

What you need here is to understand the DHCP communication process in detail to understand how the server correctly assigns the IP address from a bunch of pools configured. Check this link for a sample frame format of a DHCP packet (DHCP payload)

http://www.tarunz.org/~vassilii/TAU/protocols/dhcp/frame.htm

Note the giaddr field - this stands for Gateway address

If a DHCP request (broadcast) is received on Vlan 10 interface (ip address x.x.x.x configured and also ip helper-address configured), the router sends this same packet as a unicast packet to the helper-address with the "giaddr" field filled with the address x.x.x.x

For Vlan 11 (ip address y.y.y.y), the DHCP request will be send as a unicast with "giaddr" field filled with address y.y.y.y

The DHCP server will look at this field and determine the appropriate subnet (pool) from which the IP address needs to be leased.

Hope that makes sense!! Let me know!

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

mmozanen · ‎01-05-2005

Dear Shanky,

1000 thanks, I feel the image completed now :) , I was looking for the "giaddr" field,

And it is okay now.

regards

thisisshanky · ‎01-06-2005

Additionally, you might want to read this link ....Explains various DHCP packets (discover, reply, etc)...Look out for the Relay agent IP address field...same as GIADDR

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080114aee.shtml

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

forsudhaji · ‎01-07-2005

I have one Query...We have no info on Subnet Mask on a DHCP packet. Say my VLAN 1 IP Subnet is 10.1.1.1/27 and my VLAN 2 is 10.1.1.33/27. In the DHCP Server I have 2 scopes defined for VLAN 1 users and VLAN 2 users. How will the DHCP Server differentiate between the requests coming from VLAN 1 and VLAN 2 and assign IP's accordingly?Pls let me know..

Kevin Dorrell · ‎01-07-2005

You have subnets 10.1.1.0/27 and 10.1.1.32/27. As the (DHCP relay) router passes the request to the DHCP server, it inserts its own address, i.e. 10.1.1.1 or 10.1.1.33, into the giaddr. The DHCP server sees this, and can work out whether this giaddr field is in the subnet of the VLAN1 or the VLAN2 range, and allocate an address that is consistent with it.

I suppose that begs the question what happens if you put 10.1.1.1/27 as the primary address and 10.1.1.33/27 as the secondary address on the same VLAN. My guess is that it will always issue for the primary subnet. Does anyone know for sure?

Kevin Dorrell

Luxembourg.

lathar · ‎01-09-2005

Hi all,

We have a seperate field "options"in DHCP packet which carries the subnet mask information in DHCP packet.

If we correctly enter the scope and define subnet mask accordingly using this field DHCP relay agent relays the exact information to specified VLAN's correctly for each subnet.

mayer · ‎02-14-2005

I have tried to put an ACL on the SVI for a Vlan in this situation and it always blocks the DHCP. even a permit any any... any help with how not to block all DHCP request to let them get to the L3 to be processed and handed out to the requestors?

thx

mayer · ‎02-14-2005

I have tried to put an ACL on the SVI for a Vlan in this situation and it always blocks the DHCP. even a permit any any... any help with how not to block all DHCP request to let them get to the L3 to be processed and handed out to the requestors?

thx