cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


438
Views
0
Helpful
2
Replies
RussMcIntire
Beginner

Move DHCP servers off default VLAN

I am working to move all devices on our network off of the default VLAN (VLAN 1). This address space is 192.168.0.0/xx

I am using a variety of Cisco SG300\350\500 switches in Layer 2 mode.

     All switches still have VLAN 1 as native

     All switches still have an IP interface on VLAN 1

     All switches still have the IP default-gateway set to VLAN 1

All VLAN routing is done on our Firewall.

I have created multiple VLAN's and moved the majority of our devices to their newly assigned VLAN's. This works fine.

All devices( PC's, printers, etc) are connected to the switches and the respective ports are set to access mode.

 

I have DHCP relays for all VLAN's, set up on my firewall since I can't get any VLAN's (except VLAN 1) to get a DHCP address because the DHCP servers are still on the default VLAN (VLAN 1).

Each Cisco switch also has DHCP relay enabled and also points to the servers on VLAN 1. (This may be unnecessary)

I have 1 VLAN I am using for testing. VLAN 7. Any device connected to any switch port on VLAN 7 pulls a DHCP address just fine.

At this point, all works just fine.

 

Here starts the issue

 

I have a DHCP server set up on VLAN 4 (10.0.4.0/x) for testing.

 

When I set the DHCP relay on my firewall for VLAN 7 to point to the DHCP server on VLAN 4, it does not receive an address 

 

Here are my questions:

 

Each Cisco switch has DHCP relay enabled and points to the servers on VLAN 1. Since I am doing DHCP relay on my firewall, can I leave the DHCP relay enabled on the switches and just remove the IP addresses of the servers? Do I even need DHCP relay enabled on the switches?

 

Assuming I do not need IP addresses of the DHCP servers on the switches or DHCP even enabled on the switches, WIll VLAN 1 still be able to get a DHCP address if needed?

 

My ultimate goal is to keep VLAN routing on the firewall and do DHCP relay on the switches. 

 

Any help here would be greatly appreciated.

 

 

 

2 REPLIES 2
mihail_ip
Beginner

Hello Russ,

In case you do not have it:

SG300 admin guide (deals with web menu and explains features):

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/Cisco_300Sx_v1_4_AG.pdf 

DHCP relay and snooping explained from page 321 forward

SG300 CLI guide (deals with command line config):

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/CLI_300.pdf

 

SG350/550 admin guide:

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/350xg/admin_guide/AG_Tesla_350_550.pdf 

DHCP relay and snooping explained from page 266 forward - the logic is the same, but there can be slight difference in menus and positions in the GUI

SG350 CLI guide:

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/350_/cli_guide/CLI_Tesla_Sx350_2_2_5.pdf 

 

SG500 admin guide:

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/Sx500/administration_guide/Cisco_500Sx_v1_4_AG.pdf 

newer version, but the link to dhcp snooping/relay is messed up

older version:

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/Sx500/administration_guide/500_Series_Admin_Guide.pdf 

dhcp snooping/relay from page 280 >

SG500 cli guide:

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/Sx500/cli_guide/CLI_500.pdf 

 

There are different scenarios, but what is important is to have the particular vlan all the way to dhcp server set. For example:

dhcp server---vlan30----switch1_gi24---trunk(vlan30caried)----gi24_switch2_gi48----trunk(vlan30caried)----gi1_switch3_gi30(vlan30untagged)----device

 

Hope it helps

Regards,

Mike

I am sorry but this does not help. I have read the guides and DHCP is working just fine on the default VLAN (VLAN 1). I need to get it to work with my DHCP server(s) on on VLAN 4. DHCP relay is enabled on all switches and all switches have my DHCP servers added, even the test DHCP server. The only layer 3 device with routing enabled is my firewall.

 

Just to expand a bit.

 

I have the following VLAN's created on all switches:

1,2,4,5,6,7,8

VLAN 1 is 192.168.1.0/24 and 2 production DHCP servers handing our addresses for all VLAN's (except VLAN 8) successfully.

VLAN 4 in 10.0.4.0/24 has 1 DHCP server handing our addresses for VLAN 8 only

 

When I point DHCP for VLAN 8 to the production servers on VLAN 1, DHCP works fine and the device pulls an address for VLAN 8.

When I delete the DHCP scope from the DHCP servers on VLAN 1, and I point DHCP for VLAN 8 to the server on VLAN 4, no address is pulled. 

 

Could this have anything to do with the default VLAN for all switches still being VLAN 1?