07-26-2020 05:30 PM
I have dhcp running now on an asa 5512 and i want to move it onto the switch.
Its for vlan 4 . I have an interface on the asa 10.77.4.1 . Do i have to give vlan 4 interface an ip on the switch or the command
ip dhcp pool vlan 4 would be enough? I wanted to give the ip dhcp pool a name CORP like it has now on the ASA
Does that work?
Solved! Go to Solution.
07-27-2020 01:04 PM
If I am understanding your posts correctly you are wondering why it would not work to have the DHCP scope on the switch but not have a vlan interface on the switch. The issue with that is if the switch does not have a vlan interface for that vlan then it processes layer 2 information for the vlan but does not process layer 3 information for that vlan, and therefore would not recognize the DHCP request from clients in that vlan.
07-26-2020 06:51 PM - edited 07-26-2020 06:54 PM
Yes, you can move the ip and build an SVI on the switch and assign it that IP.
config t
interface vlan 4
ip address 10.77.4.1 mask 255.255.255.0
no sh
also make the 10.77.4.1 the default gateway for the pool
example:
ip dhcp excluded-address 10.77.4.1
!
ip dhcp pool CORP
network 10.77.4.0 255.255.255.0
domain-name CORP.com
dns-server 8.8.8.8
default-router 10.77.4.1
lease 3
This is assuming you IP segment is a /24
HTH
07-26-2020 07:23 PM
07-26-2020 07:24 PM
07-26-2020 07:46 PM
You need an IP on the switch and that needs to be the gateway for the DHCP scope. So, if a client say gets a DHCP IP of 10.77.4.50 that client needs to have a gateway and that need to be the switch (in this case). So, basically you can move vlan 4 with its corresponding IP segment from the firewall to the switch and than have a transit vlan with a /30 or 29 IP segment between the switch and the firewall.
HTH
07-26-2020 08:24 PM
07-27-2020 06:59 AM - edited 07-27-2020 07:00 AM
I have never tried it before but it should work. So, 4.1 on the firewall and 4.2 on the switch. Switch has the DHCP scope with default router pointing to the firewall which 4.1.
default-router 10.77.4.1
HTH
07-27-2020 07:22 AM
07-27-2020 01:04 PM
If I am understanding your posts correctly you are wondering why it would not work to have the DHCP scope on the switch but not have a vlan interface on the switch. The issue with that is if the switch does not have a vlan interface for that vlan then it processes layer 2 information for the vlan but does not process layer 3 information for that vlan, and therefore would not recognize the DHCP request from clients in that vlan.
07-28-2020 08:19 AM
It has been an interesting discussion. It is quite possible to move the DHCP scope from the ASA to the switch. You configure the DHCP scope on the switch, and can give it a name similar to what is used on the ASA (or even the same as ASA). It should be possible to move the DHCP scope to the switch and still use the ASA as the default router for the scope. You would need to configure a vlan interface on the switch and to give it an IP address in that subnet (different from the IP used by the ASA). And once you establish DHCP on the switch and it is working as expected you should be sure to remove the DHCP from the ASA (otherwise both the switch and the ASA will respond to DHCP requests from clients in the subnet).
Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide