cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

DHCP relay on layer 2 switches

4209
Views
45
Helpful
9
Comments
RussMcIntire
Beginner

This may be a simple question so I hope someone can help.

 

We have several Cisco SG300\500 switches in L2 mode. Each switch has 8 VLANS and VLAN 1 is still native (For now). We do all routing between VLAN's on our firewall.

 

After reading several other posts, they were saying you don't need to set up DHCP relay and helper addresses on L2 switches. The firewall will do it all. Is this correct? If so why, and in what circumstance would I need DHCP relay\helpers on L2 switches.

 

All of my switches have 1 SVI on my management VLAN and the IP default-gateway set.

 

Any help is appreciated.

9 Comments
luis_cordova
VIP Advisor

Hi @RussMcIntire 

 

DHCP request packets are broadcast packets, so they are broadcast throughout the broadcast domain (vlan).
This domain includes the interface that hosts the ip gateway of that domain (vlan).

If a DHCP server is found within the broadcast domain, then the DHCP server delivers addressing.
If the broadcast domain (vlan) does not have a DHCP server present in the domain, then the ip helper-address command is needed so that when the DHCP broadcast request packet reaches the interface, the device then changes the broadcast destination address to the unicast address indicated in the command.

In this way, the DHCP request packet can be routed out of the broadcast domain to the remote DHCP server.

 

Regards

RussMcIntire
Beginner

With that being said, I do not have a DHCP server on each VLAN so I would need the helper address for the VLAN without a DHCP server correct? 

luis_cordova
VIP Advisor

HI @RussMcIntire 

 

query
Do you have a DHCP server or do you have the service configured on a network device?

 

Regards

RussMcIntire
Beginner

I have a 4 DHCP servers. 2 DHCP servers on VLAN 1 in fail over config. I also have 2 DHCP servers on VLAN 4 in fail over config. I am migrating all the DHCP scopes off of VLAN 1 to VLAN 4. I currently have DHCP helpers on all switches pointing to all 4 servers. I also have DHCP helpers on my firewall where I do the routing and I am fairly certain I do not need the helpers in both places.

 

Once DHCP is moved off of VLAN 1, Should I remove the helper addresses off of the switches and just leave them on the router to simplify things?

 

I really only want the helpers in 1 spot.

balaji.bandi
VIP Guru

Once you migrated the Scopes to VLAN4 DHCP Servers, Hope you are not removing VLAN1 - by saying that if you not removing VLAN 1, then  you need to remove OLD DHCP Server and Add new DHCP Servers to VLAN 1 -same like VLAN4 Servers, so users in VLAN 1 get IP address from new DHCP Servers.

RussMcIntire
Beginner

My plan is to remove all devices off of VLAN 1, remove the DHCP servers from VLAN 1, and decommission VLAN 1 completely. IE VLAN's 2-9 with DHCP servers only on VLAN 4. SO with this said, can I just keep the helpers on the firewall and remove them from the switches? 

RussMcIntire
Beginner

I removed the DHCP helpers from all my switches because I discovered the SG series DHCP helpers were not always forwarding as they should. Once I removed the helpers from the switches and added them to the firewall, everything works just great.

 

I appreciate all the help.

balaji.bandi
VIP Guru

Glad all working as expected, we should mark this as solution, if no further assistance required here.

RussMcIntire
Beginner

Yes, this can be marked as a solution though my browser will not let me.

Create
Recognize Your Peers
Polls
How would you describe your level of technical expertise?