Re: A DHCP server per switch and vlan

a2maridz · ‎09-12-2021

I have a network of three switches (Catalyst 2960) and 2 VLANs (vlan 2 and vlan 3). Switches 1 and 2 are connected to switch 3.

vlan 2 has the network address 192.168.2.0 and vlan 3 has the network address 192.168.3.0 and in each switch I have connected users for both VLANs (ports from 1 to 12 in VLAN 2 and ports from 13 to 24 for VLAN 3).

What I'm trying to do is that for each equipment of vlan "x" connected to switch 1 get an ip address in the pool 192.168.x.1-99 and for equipments in switch 2 an IP address in 192.168.x.101-199 and for switch 3 an IP address in 192.168.x.201-254.

I trier to create a DHCP server in each switch and exclude the pool of other addresses but an equipment of switch 1 can get a DHCP response from switch 2 or 3 and get an IP address like 192.168.x.201.

Thanks in advance.

balaji.bandi · ‎09-12-2021

I do not think that works as you expected. You need to make a Subnet for the respected switch and make them a different VLAN to work.

DHCP Server does not know how many switches where you coming from, it only allocated based on the IP Pool the VLAN belongs to.

If my understanding is different please clarify.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Georg Pauwen · ‎09-12-2021

Hello,

you could try and enable DHCP snooping on all switches, then leave all ports at their default (untrusted), so no client will ever get an IP address from anything other than the pool configured on the local switch...

a2maridz · ‎09-12-2021

Hi,

It didn't work. when I do

ip dhcp snooping

The Switch DHCP does not provide any IP address to connected equipments. I tried to disable the snooping in the interfaces connected to other switches

interface gigabitEthernet0/1
no ip dhcp snooping trust

but I get the first result like if I have no snooping so an equipment can get an IP address from any switch DHCP.

Giuseppe Larosa · ‎09-12-2021

Hello @a2maridz ,

>> I trier to create a DHCP server in each switch and exclude the pool of other addresses but an equipment of switch 1 can get a DHCP response from switch 2 or 3 and get an IP address like 192.168.x.201.

Yes, this happens because each VLAN is a broadcast domain and the client DHCP request has a broadcast destination address so all three DHCP servers can answer and the client will pick up the first one to answer.

The suggestion from @Georg Pauwen of using DHCP snooping with all ports untrusted should work in theory, but your tests are showing not good results.

I would consider running a DHCP server on a dedicated server instead of doing this.

You would need three servers each of them connected directly to one switch and that port should be trusted for DHCP snooping.

However, it would be a very unusual configuration with the need to mantain three different DHCP servers.

My personal suggestion is to run a dedicated DHCP server and to have it connected to a switch.

You could deploy a pair of dedicated DHCP servers and have them connected to different switches to provide redundancy.

Hope to help

Giuseppe

MHM Cisco World · ‎09-12-2021

friend,

enable dhcp snooping with 82 Op.
this 82 Op. give SW3 capability to give IP pool depend on from where dhcp is come, if it from SW1 then this pool form SW2 then other pool.

https://www.cisco.com/c/en/us/td/docs/ios/12_2sb/12_2sba/feature/guide/sbcpopt.html

a2maridz · ‎09-13-2021

Hi,

It seems to be exactly what I'm looking for. However, I think that the switch that I'm using (catalyst 2960) does not implement the presented commandes such as

ip dhcp class exp

it considers class as an invalid input.

MHM Cisco World · ‎09-13-2021

sorry for that, Yes some SW don't support this feature.