I am configuring a cisco 800 series router and would like to achieve the following:
For vlan 1 i want clients to receive an address from the local dhcp pool configured on the router.
For vlan 2 i want them to go to an offsite dhcp server.
This is part of my config:
ip dhcp pool dpool1
network 192.168.20.0 255.255.255.0
ip address 192.168.20.1 255.255.255.0
ip virtual-reassembly in
ip address 192.168.120.1 255.255.255.0
ip helper-address 192.168.0.3
For some reason clients in vlan 2 are getting an ip adress from the local pool (192.168.20.0).
It doesnt make sense to me that the router would hand out an ip address for vlan 1 to a client located on vlan 2...
My layer 2 setup seems correct because the client's mac address is associated with an fastethernet interface that is an accessport in vlan 2.
Is the ip dhcp pool dpool1 cmd overiden the ip helper cmd?
My router has connectivity to the ip helper address.
Is it possible what i would like to achieve?
Thanks in advance.
Hi @akketuut ,
The only detail I find is the import all command.
Try to disable it and do a test.
Could you share your switch settings too?
Thanks for you input.
It seems that the config worked after all. The local DHCP scope was used by the clients as an backup solution.
There was an firewall on the other end of the tunnel blocking the traffic.
I should have done an debug first to see what happened to the DORA packets...
Again, Thank you all for your input.
- You are better off with a separate dhcp server solutions for all vlans : 1) You over-complicate things were this is not needed 2) For good intranet-design separating L2 and L3 services from DHCP services is better.
Thanks for the update. Glad to know that it is working and that the issue was really a remote firewall.
Thank you for the explanation of why you use a remote DHCP scope and a local DHCP scope. This is exactly the kind of situation I had in mind when I said that sometimes a remote scope and a local scope if very justifiable. You need the remote scope for the phones but do not want your local PCs to be dependent on a remote server in case of network problems. I hope that @marce1000 would accept that logic.
I wonder what happens when you block anything bootpc/bootps on Vlan 1 coming from Vlan 2, vice versa ?
access-list 101 deny udp 192.168.120.0 0.0.0.255 eq bootpc
access-list 101 deny udp 192.168.120.0 0.0.0.255 eq bootps
access-list 101 permit ip any any
access-list 102 deny udp 192.168.20.0 0.0.0.255 eq bootpc
access-list 102 deny udp 192.168.20.0 0.0.0.255 eq bootps
access-list 102 permit ip any any
ip access-group 101 in
ip access-group 102 in
I find the requirements identified in the original post to be fairly straightforward, vlan 1 PCs should get IP assignment from a local dhcp pool and vlan 2 PCs should get IP assignment from a remote DHCP server. The very limited config information supplied would seem appropriate for this. If it is not working I wonder if there is something in the config that we have not seen that would impact IP assignment. Would the original poster give us the complete config of the router?
We also need some information about the switch. What kind of switch is this? Which switch port connects to the router and which switch port connects to the PC? Would the original poster give us the output of show interface status from the switch?
There is perhaps some basis for a discussion of Best Practices and whether it is better for all IP assignment to be done by a remote dhcp server. (and I can think of some situations in which I would argue for the benefit of some local assignment) But the current question is about something that should work and is not working. I want to solve that before we get into a discussion about whether there is a better design.
>I find the requirements identified in the original post to be fairly straightforward, vlan 1 PCs should get IP assignment from a local dhcp pool and vlan 2 PCs should get IP assignment from a remote DHCP server...
- I beg to differ strongly ; I still think it's far better to have single DHCP server , separated from L2 and L3 services.