Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12151
Views
0
Helpful
11
Replies

DHCP server redundancy

Go to solution
aminulnt
Level 1
Level 1

‎10-19-2010 01:01 PM - edited ‎03-06-2019 01:36 PM

Hi

We have HQ and five branch office. HQ office is getting IP from our HQ windows DHCP server and all other branch office is getting IP from branch windows DHCP server. We are using Cisco switch, Router and ASA for LAN and WAN connectivity and we several VLAN in several switches in many location. Now we make a plan to configure another DHCP server on our Cisco devices in all other branches which will be work as DHCP server redundancy. Can I have Switch/router/ASA acting as DHCP server (secondary) as well? Just in case primary windows DHCP is down Switch/router/ASA can act as DHCP server. I would request some one to put some light on this.

Thanks

Aminul

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to aminulnt

‎10-20-2010 12:22 PM 

aminulnt wrote:
Hi Jon
Thanks for your prompt reply and comments. So you saying client are getting IP from switch first. Actually I would like client are getting IP from windows first. I just configure one of our remote ASA as DHCP server. Remote office has Windows DHCP server also. I just turn off the windows DHCP server and user is getting IP from ASA but they are unable to ping HQ office and other office. Is there any routing issue or anything else? Please have a look attachment. I look forward to hearing from you.
Regards,
Aminul

Aminul

I'm saying there is a good chance the IP will come from the switch first because it is closer to the client.

If you use the ASA be aware you can only have pools that have an interface on the ASA and that the ASA will hand out it's own interface address as the default-gateway. I don't think this is what you want. You want the default-gateway to be the L3 vlan interface on the switch for that i would have thought ???

You are making this far more complicated than it needs to be. You cannot control which device ie. ASA/L3 switch or Windows DHCP server hands out the IP, it could be any of the 2 you decide to use. And it does't matter which one hands out the IP in a redundant configuration. I would recommend using the switch and the Windows DHCP server because there are too many limitations to DHCP on the ASA.

Personally i would look to use 2 servers rather than switch/ASA/router and server and then you have a nice GUI interface on the Windows servers for DHCP but if you don't then switch and DHCP server.

Jon

View solution in original post

0 Helpful
11 Replies 11

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎10-19-2010 01:27 PM

Your router or switch could fuction as DHCP server (ASA as well but it has limitations) but it's not as simple as a backup. If you have this under your L3 vlan interfaces -

int vlan 10

ip helper-address x.x.x.x

ip helper-address y.y.y.y

the switch will send a DHCP request to both addresses. You cannot make one backup and one primary. So you need to split your subnets between your DHCP servers ie. you cannot have 192.168.5.0/24 for example on both DHCP servers or else there will be address conflicts. You would need to split the subnet up eg.

192.168.5.1 - 127

192.168.5.128 - 254

you would still hand out the same default-gateway and the same subnet mask ie. 255.255.255.0

One other point, i don't think it is a good idea to use switches/routers to hand out IP addresses but if you cannot find another server then it may be the only way to go.

Jon

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Jon Marshall

‎10-19-2010 02:55 PM

Aminul

I understand your questions a bit differently from Jon, but I come to the same basic answer, you can configure your Cisco to act as a DHCP server in addition to the Windows DHCP server, but you can not make the Cisco to be a "backup" server to be used only when the Windows server is not working. Both servers (Windows and Cisco) will be active, both servers will hear DHCP requests, and both servers will send responses to the requests.

Jon's response is based on ip helper-addresses which presumes that the DHCP server is remote. My understanding of your question is that the DHCP server is local and so no ip helper-address is required. So what will happen if the DHCP server is local and you configure the Cisco to also provide DHCP? A client PC will send its DHCP request as a broadcast packet. The Windows server will receive the request and will send a response. The Cisco will also receive the broadcast and will also send a response. So both are active. There is not any way to configure the Cisco so that it only sends DHCP response when the Windows server is not working.

Jon's suggestion about splitting the DHCP address pool is very good advice for a situation such as you describe.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
aminulnt
Level 1
Level 1
In response to Richard Burts

‎10-20-2010 09:00 AM

Hi Jon/Rick

Thanks for your valuable explanation. I am trying to understand what you’re saying and also little bit confused. If I make a DHCP server in router/switch and windows with splitting IP as per Jon recommendation. Rick you said when client receives the broadcast and will also sends a response from bouth (Cisco/Windows) so what will be solution. How does Client get IP? Client get IP from where windows or Cisco?Can you tell me should I configure any DHCP Pool for windows DHCP server and also need ip helper-address command? If I configure like below it will work. Would be appreciated if you let me know your views.

Hostname Router
!

ip dhcp pool router( For Router)
network 10.10.70.0 255.255.255.0
default-gateway 10.10.70.254
dns-server 1.2.3.4 10.1.2.3
!

ip dhcp-excluded address 10.10.70.150 10.0.0.250
!

ip dhcp pool windows(For Windows, Should it need for windows)
network 10.10.70.0 255.255.255.0
default-gateway 10.10.70.254
dns-server 1.2.3.4 10.1.2.3

ip dhcp-excluded address 10.10.70.1 10.0.0.149

!
Interface FastEthernet0/0
ip address 10.10.70.254 255.255.255.0
ip helper-address 10.10.70.254(Router DHCP, Should I need)

ip helper-address 10.10.70.251(Windows DHCP)

Regards,

Aminul

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to aminulnt

‎10-20-2010 09:08 AM 

aminulnt wrote:
Hi Jon/Rick
Thanks for your valuable explanation. I am trying to understand what you’re saying and also little bit confused. If I make a DHCP server in router/switch and windows with splitting IP as per Jon recommendation. Rick you said when client receives the broadcast and will also sends a response from bouth (Cisco/Windows) so what will be solution. How does Client get IP? Client get IP from where windows or Cisco?Can you tell me should I configure any DHCP Pool for windows DHCP server and also need ip helper-address command? If I configure like below it will work. Would be appreciated if you let me know your views.
Hostname Router
!
ip dhcp pool router( For Router)
network 10.10.70.0 255.255.255.0
default-gateway 10.10.70.254
dns-server 1.2.3.4 10.1.2.3
!
ip dhcp-excluded address 10.10.70.150 10.0.0.250
!
ip dhcp pool windows(For Windows, Should it need for windows)
network 10.10.70.0 255.255.255.0
default-gateway 10.10.70.254
dns-server 1.2.3.4 10.1.2.3
ip dhcp-excluded address 10.10.70.1 10.0.0.149
!
Interface FastEthernet0/0
ip address 10.10.70.254 255.255.255.0
ip helper-address 10.10.70.254(Router DHCP, Should I need)
ip helper-address 10.10.70.251(Windows DHCP)
Regards,
Aminul

Aminul

Rick was assuming you only had one vlan per branch office. So if you only have one vlan and the local DHCP server is in that vlan you don't need an ip-helper-address. But if you have multiple vlans in the branch office then you may.

There is an additional complication. If the switch or router where you setup the backup DHCP server is respsonsible for inter-vlan routing then you will never use the Windows DHCP server and you don't need ip helper-addresses. This not what you want really.

Ideally what you want is for each branch is -

1) a windows DHCP server

2) a L3 device that you can use for DHCP pools that is not doing the inter-vlan routing. So if in each branch you have a L3 switch that does the inter-vlan routing and a router then use the router for the pools and add the router IP as an ip helper-address together with the Windows DHCP server.

If you don't have this setup and you only have a router or L3 switch then youc an create the DHCP pools on this device but they will always be used because you won't need ip helper-addresses and this device will always see the DHCP broadcasts on it's vlan interfaces.

So can you clarify what devices you have in your branch offices ie. do you have a L3 switch for inter-vlan routing and then a router for WAN connectivity or do you have just one device ?

Jon

0 Helpful

Go to solution
aminulnt
Level 1
Level 1
In response to Jon Marshall

‎10-20-2010 09:39 AM

Hi Jon

Thanks for your precious explanation. Yes sir we have Layer 3 switch and it’s connect with router for WAN connectivity. If I configure Layer 3 switch as DHCP sever should I configure DHCP Pool for windows DHCP server in Layer 3 switch. Which configuration I did post is it correct? Would be appreciated if you let me know your views. I look forward to hearing from you.

Regards,

Aminul

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to aminulnt

‎10-20-2010 09:43 AM 

aminulnt wrote:
Hi Jon
Thanks for your precious explanation. Yes sir we have Layer 3 switch and it’s connect with router for WAN connectivity. If I configure Layer 3 switch as DHCP sever should I configure DHCP Pool for windows DHCP server in Layer 3 switch. Which configuration I did post is it correct? Would be appreciated if you let me know your views. I look forward to hearing from you.
Regards,
Aminul

Aminul

If you have a L3 switch and router and the L3 switch routes the vlans then use the router to configure the DHCP pools and not the L3 switch. That way you will be able to use both the router and the Windows server for IP address allocation.

So you need to -

1) split each subnet in half as covered in my last e-mail.

2) allocate one half to the Windows DHCP server and one half to the router. Remember that even though you have split the subnet in half you still use the original default-gateway and subnet mask

3) on the L3 vlan interfaces on the L3 switch where you already have an ip helper-address for the windows DHCP server, add another ip helper-address for the router LAN interface IP.

Jon

0 Helpful

Go to solution
aminulnt
Level 1
Level 1
In response to Jon Marshall

‎10-20-2010 10:01 AM

Hi Jon

Thanks for your prompt reply. You know problem is that our Router is provided by service provider. We have no access in this router. So I want to do in our L3 switch. Should I configure DHCP Pool for windows DHCP server in Layer 3 switch? Could you please make your comments? Would be appreciated if you send me a sample L3 switch configuration which you mentioned. I look forward to hearing from you.

Regards,

Aminul

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to aminulnt

‎10-20-2010 10:25 AM 

aminulnt wrote:
Hi Jon
Thanks for your prompt reply. You know problem is that our Router is provided by service provider. We have no access in this router. So I want to do in our L3 switch. Should I configure DHCP Pool for windows DHCP server in Layer 3 switch? Could you please make your comments? Would be appreciated if you send me a sample L3 switch configuration which you mentioned. I look forward to hearing from you.
Regards,
Aminul

Aminul

Use this example to configure DHCP pool on your L3 switch -

http://articles.techrepublic.com.com/5100-10878_11-5690240.html

rememeber to split subnet in half and configure half the subnet on the DHCP pool on the switch and the other half on the windows DHCP server. Leave the windows DHCP server ip helper-addresses under the L3 vlan interfaces.

Note that because the first reply to a DHCP request is usually used your switch will exhaust it's supply before the windows server because it has a pool locally configured.

Jon

0 Helpful

Go to solution
aminulnt
Level 1
Level 1
In response to Jon Marshall

‎10-20-2010 12:08 PM

Hi Jon

Thanks for your prompt reply and comments. So you saying client are getting IP from switch first. Actually I would like client are getting IP from windows first. I just configure one of our remote ASA as DHCP server. Remote office has Windows DHCP server also. I just turn off the windows DHCP server and user is getting IP from ASA but they are unable to ping HQ office and other office. Is there any routing issue or anything else? Please have a look attachment. I look forward to hearing from you.

Regards,

Aminul

73812-ASA_DHCP.txt.zip
0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to aminulnt

‎10-20-2010 12:22 PM 

aminulnt wrote:
Hi Jon
Thanks for your prompt reply and comments. So you saying client are getting IP from switch first. Actually I would like client are getting IP from windows first. I just configure one of our remote ASA as DHCP server. Remote office has Windows DHCP server also. I just turn off the windows DHCP server and user is getting IP from ASA but they are unable to ping HQ office and other office. Is there any routing issue or anything else? Please have a look attachment. I look forward to hearing from you.
Regards,
Aminul

Aminul

I'm saying there is a good chance the IP will come from the switch first because it is closer to the client.

If you use the ASA be aware you can only have pools that have an interface on the ASA and that the ASA will hand out it's own interface address as the default-gateway. I don't think this is what you want. You want the default-gateway to be the L3 vlan interface on the switch for that i would have thought ???

You are making this far more complicated than it needs to be. You cannot control which device ie. ASA/L3 switch or Windows DHCP server hands out the IP, it could be any of the 2 you decide to use. And it does't matter which one hands out the IP in a redundant configuration. I would recommend using the switch and the Windows DHCP server because there are too many limitations to DHCP on the ASA.

Personally i would look to use 2 servers rather than switch/ASA/router and server and then you have a nice GUI interface on the Windows servers for DHCP but if you don't then switch and DHCP server.

Jon

0 Helpful

Go to solution
aminulnt
Level 1
Level 1

‎10-20-2010 12:51 PM

Hi Jon

I am appreciating your valuable explanation. Your article is so clear to understandable and useful. Thank you so muck again.

Regards

Aminul

0 Helpful
Customers Also Viewed These Support Documents