Solved: Re: HSRP with DHCP server on Edge Routers

talal.tayar · ‎07-17-2021

Good day,

I have a topology (figure attached) where routers 1 and 2 (Cisco 1921 K9 SEC) connect to two different ISPs and are configured in an HSRP group so they provide WAN redundancy to the LAN side.

they also server ad VPN end points that provide 2 discrete VPN tunnels to the same remote location through the two different ISPs

A new requirement is to have these routers provide the same DHCP server function to serve the LAN side.

I mentioned the word 'same DHCP server' above to explain that I cannot use suggestions like separating the DHCP scope, etc.

I cannot also use a third router to function as a DHCP server.

Configuration is very basic on the routers with nothing fancy. Just routing all interesting traffic to the remote host over the VPN tunnel and nothing more along with default route, VPN configuration and tracking on the main HSRP router to identify when to decrement priority in order to switch traffic to the backup/passive router and then fail back when internet service is resumed and stable.

My question is: what type of configuration is required on both routers to setup DHCP server function to the LAN side so that only one router (current active HSRP router I assume) assumes the DHCP server function?

Also is there a method that the active/standby DHCP servers sync the DHCP binding tables (they both know which client is leased which IP address along with lease times, etc)?

Best regards,

Talal.

PS. The purpose of HSRP is not router redundancy bit rather ISP/WAN redundancy so is it possible to have one router act as a permanent DHCP server but use the VIP of the HSRP group as a default gateway?

Richard Burts · ‎07-18-2021

It appears that Paul was replying while I was also replying and that he has a different understanding of your question 2 than what I understand.

Paul makes the point that the third router (which has the DHCP scope) can not have one of the HSRP vip addresses. I do not think the third router needs a vip address. The third router has the DHCP configuration and would have its own IP address. Both of the HSRP routers would have ip helper commands to forward DHCP requests to that third router. So no need for the third router to have a vip address.

Paul also says "also having just the one dhcp server doesn't provide resilience" I do not agree. If the third router will respond to DHCP requests from either HSRP router then HSRP failover does provide resilience and no matter which HSRP is active DHCP requests will be forwarded and responded to.

HTH

Rick

View solution in original post

paul driver · ‎07-17-2021

Hello

A new requirement is to have these routers provide the same DHCP server function to serve the LAN side.

So why not just relay dhcp requests to the same external dhcp servers for the lan subnets by appending ip helpers on their L3 lan subnet interfaces

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

talal.tayar · ‎07-18-2021

Good day Paul,

The servers were located locally and have been destroyed in a fire.

we are rebuilding the site and the customer has requested a change in topology where the servers will be located remotely and that all local functions will stay local so in the absence of servers, I am forced to move this function to the routers.

so my 2 questions are still the same:

1. Does Cisco support DHCP server failover in addition to HSRP?

2. if I install a third router and have it act solely as a DHCP server, should I configure the default gateway to be the virtual IP address of the HSRP group?

Many thanks and best regards

Talal

Richard Burts · ‎07-18-2021

Talal

Thanks for the additional explanation about the customer request. Here are my responses to your question.

1. Does Cisco support DHCP server failover in addition to HSRP?

Cisco does not really support this. The closest I can think of for a way to accomplish this would be to use some EEM scripts that would look for HSRP change of standby to active router and make the config changes to implement DHCP on the newly active router. And perhaps an EEM script that looks for changes when a router transitions from active to some other state and removes the DHCP configuration. And if you were to use this I do not know of any way to share the bindings between routers. Perhaps this link about EEM might provide helpful information.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/eem/configuration/12-4t/eem-12-4t-book.html

2. should I configure the default gateway to be the virtual IP address of the HSRP group?

This is certainly possible. and I believe that it is your better option.

HTH

Rick

paul driver · ‎07-18-2021

Hello

@talal.tayar wrote:

1. Does Cisco support DHCP server failover in addition to HSRP?

No it does not, even though Cisco rtrs/ l3 switches can service dhcp it would be applicable to use dedicated servers to perform this function however if you need to use rtr/l3 switches for dhcp then you can and still provide resilient address allocation for your clients

The way to do this would be to create the same dhcp pools on either rtr/switch and activate the scope on either ( excluding half on each) device then point your network to both dhcp servers using ip helper's this way if a rtr/switch went down or wasn't reachable then the other dhcp server would respond to the dhcp requests

2. if I install a third router and have it act solely as a DHCP server, should I configure the default gateway to be the virtual IP address of the HSRP group?

Not with a third server you couldn't, as it wont be able to have the same ip address as one of you L3 hsrp vips, also having just the one dhcp server doesn't provide resilience

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Richard Burts · ‎07-18-2021

It appears that Paul was replying while I was also replying and that he has a different understanding of your question 2 than what I understand.

Paul makes the point that the third router (which has the DHCP scope) can not have one of the HSRP vip addresses. I do not think the third router needs a vip address. The third router has the DHCP configuration and would have its own IP address. Both of the HSRP routers would have ip helper commands to forward DHCP requests to that third router. So no need for the third router to have a vip address.

Paul also says "also having just the one dhcp server doesn't provide resilience" I do not agree. If the third router will respond to DHCP requests from either HSRP router then HSRP failover does provide resilience and no matter which HSRP is active DHCP requests will be forwarded and responded to.

HTH

Rick

paul driver · ‎07-18-2021

Hello

@Richard Burts
The lack of resilience will be the single rtr/switch servicing dhcp-losing that device will incurr address allocation loss to whole site.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Richard Burts · ‎07-18-2021

@paul driver I was perhaps approaching resilience in a somewhat different perspective. But I certainly agree that having a single device providing DHCP does present a single point of failure. So in that perspective not resilient.

HTH

Rick