Re: Multiple vlans, one DHCP server

Toscana · ‎11-02-2021

Hi,

how can I achieve it to have our access switch to route different vlans to our DHCP server? Up to now there was one vlan, with an IP helper. Worked fine like this:

int Vlan100

ip address 192.168.100.100 255.255.255.0

ip helper-address 10.0.0.1

!

ip route 0.0.0.0 0.0.0.0 172.16.0.1

ip route 10.0.0.1 192.168.100.1

So all DHCP requests from vlan 100 gets routed to 192.168.100.1 (default route is for management of the switch and must remain).

Now there is another subnet: vlan 200, which DHCP requests are supposed to get to same server. I tried:

int Vlan200

ip address 192.168.200.100 255.255.255.0

ip helper-address 10.0.0.1

But DHCP traffic obviously is getting routed also via 192.168.100.1. Is there a simple way to achieve it, that vlan 200 is routed to DHCP server via its own gateway address (192.168.200.1)?

Thanks and regards,

Stefano

balaji.bandi · ‎11-02-2021

we need to know how many path this device have to reach DHCP Server.

You have default router 172.16.0.1 ( does the 172.16.,0.1 not aware 10.0.0.1 network ?)

that is the best way to use it rather going via different VLAN as Transit.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Squozen_EU · ‎11-02-2021

There is no need. The traffic just needs to get from the switch to the DHCP server. As long as that happens you're good. The DHCP server can tell which subnet it needs to assign an IP for from the contents of the DHCP request packet.

Toscana · ‎11-02-2021

Hi,

you're totally right. But I had to correct the settings on my firewall, which claimed spoofing. I would think it would be cleaner if this was separated, i.e. that every subnet sends its DHCP traffic via it's own gateway address.

Thanks and regards,

Stefano

Squozen_EU · ‎11-02-2021

That's what already happens. Look at the traffic on your firewall. It is sourced from the gateway IP on the VLAN.

See: https://networkengineering.stackexchange.com/questions/32130/how-does-a-router-relay-dhcp-packets-when-it-is-configured-as-a-relay-agent

balaji.bandi · ‎11-02-2021

As soon you add your helper address, it use its own Gateway to send DHCP requet

Only question to me why you have static route ?

ip route 10.0.0.1 192.168.100.1

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Toscana · ‎11-07-2021

Hi BB,

without this static route DHCP server is not reachable:

conf t
do ping 10.0.0.1 source 192.168.100.100
!!!!!
no ip route 10.0.0.1 192.168.100.1
do ping 10.0.0.1 source 192.168.100.100
.....

Without static routes / proper gateway addresses this should not work.

Thanks and regards,

Stefano

balaji.bandi · ‎11-07-2021

we are not sure about your network topology, which means you have a different path or all network devices do not know where your DHCP Server is. in that case, if the VLAN 1 is down, the switch can not reach DHCP ?

So my question is, why not your other gateway aware of the DHCP ? make a small network diagram to help you and us.

You have default router 172.16.0.1 ( does the 172.16.,0.1 not aware 10.0.0.1 network ?)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Toscana · ‎11-07-2021

Hi BB,

thanks a lot for your efforts. Here is a small diagram...

Regards,
Stefano

balaji.bandi · ‎11-07-2021

The diagram does not show where this IP ? 172.16.0.1

ISP Branch Router knows how to reach HQ, then you need only helper-address you do not need any static route.

As per the diagram you have Data and Voice VLAN.

On Branch switch, you need just Layer 2 config and Management VLAN to configure to reach to manage the switch, rest all should take care automatically with helper address.

If not confidential post branch switch/ router other router and switch config.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

paul driver · ‎11-07-2021

Hello
Disable ip routing from the branch switch and make it just a host switch give it a ip default-gateway from mgt vlan for remote access
Append the ip helper address on the L3 subinterfaces of the branch rtr

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Toscana · ‎11-07-2021

Hello Paul,

yes, that probably would be the usual way to achieve this. But to change all of our ISP managed CPEs is not really an option. On the other hand, I am interested especially in the switch configuration. I thought this would be a simple standard situation and was surprised that it was not done right away. Hence my query here.

Thanks,
Stefano

paul driver · ‎11-07-2021

Hello

@Toscana wrote:

But to change all of our ISP managed CPEs is not really an option. On the other hand, I am interested especially in the switch configuration.

As the dhcp server is located remotely you will require the helpers and if you have multiple sites where each branch rtr is performing the intervlan routing for their respective LANS why then are you enabling routing on the distribution/access layers at each site?, I would say it be much easier to append the helper where thay are required than adding routing where its not required because the way you are describing will increase your administrative burden each time a new vlan is needed

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul