DHCP with 3560G switches - one static IP address served up per port?

joe-campbell · ‎06-23-2011

We have some newer high density 48 port 3560G switches and are migrating to a new internal private IP address scheme (e.g. 10.x.y.z /16 where x = VLAN# and y may represent location in building or functional group and z represents the invidivual client host machine.

Looking at have the switches take over the role of handing out IP addresses to clients that connect to them. Since we have a new IP address range that will far exceed our physical ports, I was considering assign one IP address per port. So if a PC is connected to that port, that is the address they get

e.g. VLAN 40

10.40.1.1 = VLAN 40 switch 1, port 1

10.40.1.2 = VLAN 40 switch 1 port 2

10.40.9.1 - VLAN 40 switch 9 port 1

This approach allows me to more easily troubleshoot network traffic by using an IP address scheme that ties directly back to a physical switch port which in turn can be tracked back to an office jack and computer. Any thoughs about this approach? Pros and Cons...

My question is how to implement this on the 3560 switches. I know to assign an IP address to the port, but I want to hand out a specific IP to the client connected to that port. is is possible?

Joe

lgijssel · ‎06-23-2011

Nice idea but I think it is quite unpractical.

IP addresses are assigned to mac addresses, not to switchports.

To attempt such an operation, you would need to make all allocations static which gives you too much administration.

Also, this scheme will only hold true as long as no one swaps his laptop from one port to the other.

Forget about it and assign your ip's automatically on a first come first served basis.

Tracing the ip-port relation is done by comparing info from arp and mac-address table.

There are also tools that can do this for you.

regards,

Leo

joe-campbell · ‎06-23-2011

I appreciate the feedback. In our environment, we are looking primarily at corporate desktop computers and all clients using DHCP to get their IP info. So my thought was that a one-time assignment of an IP's to be handed out one-per-switchport was not a big deal from an administrative point.. All clients using DHCP not static IP info, so a laptop connected to the network if moved, would simply be assigned a new IP address.

Anyway..., let me take another track. If I had two 3560G switches in the LAN each in the role of a DHCP server but using different IP Pools, would Client 1 connected to Switch 1 always get it's IP address from Pool1 on the DHCP server running on Switch 1 and not the DHCP server Pool2 running on Switch 2 and vice versa? This would be an alternative way to assign a range of IP's per switch so any troubleshooting of an IP address would allow me to narrow it down to a specific switch.

Joe

cadet alain · ‎06-23-2011

Hi,

when a computer configured for getting IP via DHCP boots and it has no IP then it sends a broadcast DHCP Discover that is heard by all DHCP servers on the subnet and then each server sends its own DHCP offer offering an IP address to the machine.The machine will choose the offer arrived first and will accept it and send a DHCP request.

So splitting your scope is a fault tolerance technique but it won't solve your problem because depending on the network conditions you can't predict which server response will arrive first.

Regards.

Alain.

Don't forget to rate helpful posts.

joe-campbell · ‎06-23-2011

Ok... so there no way to filter the DHCP discovery requests so they don't get past Switch1 to another DHCP server on Switch2? Sounds like I'll just setup our two core distribution switches as DHCP servers and assign them two different IP address scopes for redundancy.

Joe

cadet alain · ‎06-24-2011

Hi,

Maybe you could try this solution:

put your 2 DHCP servers with each a particular scope in a different subnet then use a router or dhcp relay agent to relay your DHCP discovers to a different switch.

You would get what you asked here:

joe-campbell a écrit:

Ok... so there no way to filter the DHCP discovery requests so they don't get past Switch1 to another DHCP server on Switch2? Sounds like I'll just setup our two core distribution switches as DHCP servers and assign them two different IP address scopes for redundancy.

Joe

I'm gonna try something on GNS3 and will let you know.

Regards.

Alain

Don't forget to rate helpful posts.

joe-campbell · ‎06-24-2011

I've got two 3750G core distribution switches running 12.2(55)IP Services and ip routing enabled.

We have several VLANs configured VLAN 40 is defined as subnet 10.40.0.0 / 16. I only want the DHCP server

assigning addresses to clients attached to switchports assigned to VLAN 40.

I want Switch1 to give out IP addresses 10.40.100.1 thru 10.40.100.254

I want Switch2 to give out IP addresses 10.40.101.1 thru 10.40.101.254

This provides redundancy all allocated IP address are still within the 10.40.x.x/16 subnet.

The default gateway for either range is 10.40.1.250 and the dns server is 192.168.1.6

Here are two snippets of 3750G switch configuration code I came up with. Can someone confirm if it looks ok.

I'm not sure the excluded-address range is correct. We can't have any overlap going on with two DHCP servers running.

;we only want SWITCH1 to hand out 10.40.100.1 thru 10.40.100.254 addresses:

Interface vlan40
description OFFICE
ip address 10.40.1.250 255.255.0.0

ip dhcp excluded-address 10.40.0.0 10.40.100.0
ip dhcp excluded-address 10.40.100.255 10.40.255.255

ip dhcp pool vlan40pool1
network 10.40.0.0 255.255.0.0
default-router 10.40.1.250
domain-name corp.hq
dns-server 192.168.1.6

;we only want SWITCH2 to hand out 10.40.101.1 thru 10.40.101.254 addresses:

Interface vlan40
description OFFICE
ip address 10.40.1.250 255.255.0.0

ip dhcp excluded-address 10.40.0.0 10.40.100.0
ip dhcp excluded-address 10.40.101.255 10.40.255.255

ip dhcp pool vlan40pool2
network 10.40.0.0 255.255.0.0
default-router 10.40.1.250
domain-name corp.hq
dns-server 192.168.1.6

Thanks,

Joe