Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1608
Views
10
Helpful
9
Replies

DHCP on a 3750

Go to solution
bennuss01
Level 1
Level 1

‎07-26-2020 05:30 PM

I have dhcp running now on an asa 5512 and i want to move it onto the switch.

Its for vlan 4 . I have an interface on the asa 10.77.4.1 . Do i have to give vlan 4  interface an ip on the switch or the command

ip dhcp pool vlan 4 would be enough? I wanted to give the ip dhcp pool a name CORP like it has now on the ASA

Does that work?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to bennuss01

‎07-27-2020 01:04 PM

If I am understanding your posts correctly you are wondering why it would not work to have the DHCP scope on the switch but not have a vlan interface on the switch. The issue with that is if the switch does not have a vlan interface for that vlan then it processes layer 2 information for the vlan but does not process layer 3 information for that vlan, and therefore would not recognize the DHCP request from clients in that vlan.

HTH

Rick

View solution in original post

9 Replies 9

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎07-26-2020 06:51 PM - edited ‎07-26-2020 06:54 PM

Yes, you can move the ip and build an SVI on the switch and assign it that IP.

config t

interface vlan 4

ip address 10.77.4.1 mask 255.255.255.0

no sh

also make the 10.77.4.1 the default gateway for the pool

example:

ip dhcp excluded-address 10.77.4.1
!
ip dhcp pool CORP
 network 10.77.4.0 255.255.255.0
 domain-name CORP.com 
 dns-server 8.8.8.8
 default-router 10.77.4.1
 lease 3

This is assuming you IP segment is a /24

HTH

0 Helpful

Go to solution
bennuss01
Level 1
Level 1
In response to Reza Sharifi

‎07-26-2020 07:23 PM

10.77.4.1 is assigned to the interface on the asa and tagged with vlan 4
and i want to leave it that way and that should be the default router for
the pool Shouldn't that be sufficient ? or do i have to create a vlan 4
interface ? can i just tag the pool to associate it with vlan 4?

Do i need to give the vlan an ip for it to work
If i leave the interface on the asa
ip dhcp pool CORP vlan 4 would that work
0 Helpful

Go to solution
bennuss01
Level 1
Level 1
In response to bennuss01

‎07-26-2020 07:24 PM

10.77.4.1 is assigned to the interface on the asa and tagged with vlan 4 and i want to leave it that way and that should be the default router for the pool Shouldn't that be sufficient ? or do i have to create a vlan 4 interface ? can i just tag the pool to associate it with vlan 4?

Do i need to give the vlan an ip for it to work
If i leave the interface on the asa
ip dhcp pool CORP vlan 4 would that work
0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to bennuss01

‎07-26-2020 07:46 PM

You need an IP on the switch and that needs to be the gateway for the DHCP scope. So, if a client say gets a DHCP IP of 10.77.4.50 that client needs to have a gateway and that need to be the switch (in this case). So, basically you can move vlan 4 with its corresponding IP segment from the firewall to the switch and than have a transit vlan with a /30 or 29 IP segment between the switch and the firewall.

HTH

0 Helpful

Go to solution
bennuss01
Level 1
Level 1
In response to Reza Sharifi

‎07-26-2020 08:24 PM

Thats what I am trying to understand. Why cant i leave the vlan 4 tagged interface on the asa and setup a scope with the asa interface as the default router. So if i set the default-router for the scope to be the asa interface The traffic should see the interface and also see the dhcp server since they are all in the same vlan.
second possibility.
If i give the vlan int on the switch 10.77.4.2 then i shouldnt need a transit vlan . Would i have to set that as the default router or can i leave the default router the int on the switch. I am not seeing why this wouldnt work.
0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to bennuss01

‎07-27-2020 06:59 AM - edited ‎07-27-2020 07:00 AM

I have never tried it before but it should work. So, 4.1 on the firewall and 4.2 on the switch. Switch has the DHCP scope with default router pointing to the firewall which 4.1.

default-router 10.77.4.1

HTH

0 Helpful

Go to solution
bennuss01
Level 1
Level 1
In response to Reza Sharifi

‎07-27-2020 07:22 AM

the second way i know works even though it isnt standard. I am trying to understand why the first way wont work.
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to bennuss01

‎07-27-2020 01:04 PM

If I am understanding your posts correctly you are wondering why it would not work to have the DHCP scope on the switch but not have a vlan interface on the switch. The issue with that is if the switch does not have a vlan interface for that vlan then it processes layer 2 information for the vlan but does not process layer 3 information for that vlan, and therefore would not recognize the DHCP request from clients in that vlan.

HTH

Rick

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Richard Burts

‎07-28-2020 08:19 AM

It has been an interesting discussion. It is quite possible to move the DHCP scope from the ASA to the switch. You configure the DHCP scope on the switch, and can give it a name similar to what is used on the ASA (or even the same as ASA). It should be possible to move the DHCP scope to the switch and still use the ASA as the default router for the scope. You would need to configure a vlan interface on the switch and to give it an IP address in that subnet (different from the IP used by the ASA). And once you establish DHCP on the switch and it is working as expected you should be sure to remove the DHCP from the ASA (otherwise both the switch and the ASA will respond to DHCP requests from clients in the subnet).

 

Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card