10-23-2015 10:09 AM - edited 03-08-2019 02:21 AM
before i ask my question let me give a little bit of background information. I am setting up multiple vlans on my network, vlan 301-304 and they are all going over a single switch port to another device.
vlan 301 has a SVI IP of 192.168.1.1,
vlan 302 has a SVI IP of 192.168.2.1,
vlan 303 has a SVI IP of 192.168.3.1,
vlan 304 has a SVI IP of 192.168.4.1
all have a mask of 255.255.255.192 and all have the ip helper-address ip of 192.168.2.150.
the IP of the router layer 3 port is 192.168.2.253 255.255.255.248
the IP of the router is 192.168.2.254 and all the routes back to the SVI are in the router
the ip of the dhcp server is 192.168.2.150 and it resides in vlan 1 that has an ip of 192.168.2.140 255.255.255.224
I have no problems routing traffic to and from the router. my problem is the pc on and of the vlans can not get dhcp from the dhcp server. on the dhcp server i can see the requests for an ip and where it is offering the ip but the pc never receives it. I am using a catalyst 3850 switch and a cisco 3700 series router.
10-30-2015 07:42 AM
I tried it and had no luck but, wouldn't I want the gateway to be the ip of the layer 3 interface that connects the switch to router?
10-30-2015 07:51 AM
Matt
Unless I am misuderstanding the router shouldn't come into it.
You have a DHCP server in vlan 1.
Looking at routing table you posted vlan 1 uses this subnet -
192.168.2.128 255.255.255.224
and the SVI for that vlan has an IP of 192.168.2.140.
So those are the settings you should use, see my previous post.
The DHCP reply is unicast so you need the server to have the right settings.
It will send it back to it's default gateway which is 192.168.1.140 and then it gets routed to the SVI for vlan 303.
Jon
10-30-2015 08:01 AM
you said that the router would rout the unicast packets from the dhcp server to the ip of the svi right? so I made my dhcp gateway the ip of the interface on the router that connects to the switch and it works. i changed my mask to 255.255.255.0 to close it up a bit and i know i can close it even more with the mask. does this seem right to you guys?
10-30-2015 08:05 AM
No it's not right.
The L3 switch routes the packet not the router ie..
broadcast DHCP discover sent fron client in vlan 303 gets to SVI for vlan 303 and then it sends unicast to DHCP server in vlan 1.
DHCP sends offer back and that should go to the DHCPs default gateway which is 192.168.1.140 on the same L3 switch.
Packet is routed to vlan 303 and then broadcast back to client.
The router should not come into it.
It should all happen on the L3 switch.
Jon
10-30-2015 08:19 AM
192.168.1.140 is the ip of the vlan 1 svi if I need to route something to other svi then I need to go to the router to get to them because the router knows the route to get there. the masks on the svi keep them from seeing one another so using the ip of the svi of vlan 1 would not get the unicast packets to the destination. I tried it, it did not work.192.168.2.253 is the ip of the l3 interface connected to router and 192.168.2.254 is the ip of the interface on router that connects to switch. so the unicast packets go to router and it knows how to get the packets to there proper destination.
10-30-2015 08:26 AM
I'm not sure I follow.
Your L3 switch will route between the SVIs.
You should not need to go via the router.
The subnet masks do not mean they cannot see each other or rather they can't at L2 but your switch is L3 which means it routes the packet.
If vlan 1 needs to route to another vlan the L3 switch simply looks in the routing table and uses that.
Look at the "sh ip route" on your L3 switch.
You should only be going to the router to get to destinations outside your network not to get to destinations that are routed on your L3 switch.
This is how DHCP works in every company I have worked in ie. your L3 switch can do it all.
Jon
10-30-2015 12:17 PM
so if they route between eachother then in theory I could use any svi as the gateway of the DHCP server right?
10-30-2015 12:25 PM
No you can't because you have to use the SVI for the vlan that the DHCP server is in.
The DHCP server has an IP address, a subnet mask and gateway.
If it works out the destination IP is not In the same subnet as it is then it must send the packets to it's default gateway which is the L3 SVI for the vlan it is in.
The L3 switch then receives that packet does a lookup on the destination IP and as long as it has a route to the destination subnet it forwards the packet on.
Basically every device in a vlan should have their default gateway set to the L3 SVI for that vlan if you are using a L3 switch to route the traffic.
I'm not sure where the confusion is coming.
It could be the way I am explaining it or it could be something you are assuming that is not correct.
Can you perhaps clarify exactly what it is you are not following ?
Jon
10-30-2015 01:07 PM
I apreciate you guys helping me to understand this problem, I think I have a better grasp on it. one of my main problems was I had a route that I had to remove from my DHCP server that was causing some issues.
I did change the gateway of the DHCP server to the IP of the VLAN 1 SVI since that is where the DHCP server resides.
the end users are receiving IP addresses from the DHCP scope that belongs to there respective SVI that they connect through ie: SVI 192.168.3.1 255.255.255.192 i get addresses 192.168.3.2-62 so all is well there.
I am going to be routing public IP addresses with this and I think I am going to have a problem when it comes to the IP addresses that I will need to use for each SVI. I will be using 2 to 3 class c ranges and some are not exactly together. I have some 208.74 some 66.211 some 207.140 and I may have to issue 2 different on the same SVI any thoughts on how to make that work?
10-30-2015 02:08 PM
Do you need to assign public IPs within your network or can you just NAT them on the router as they go out ?
If you do need to assign them can you explain in more detail what the problem is because it's not clear from your description.
Jon
10-30-2015 02:59 PM
I am setting this up for the ISP i work for and our customers receive public IP addresses from us. we have 3 IP pools 2 from providers and 1 from ARIN
have 8 class c from arin
4 class c from one provider
5 class c from another provider
is that what you needed to know
10-30-2015 03:53 PM
It was your last paragraph in your previous post that wasn't clear.
Can you explain what is the problem is ?
Jon
11-02-2015 12:24 PM
I am going to be moving from one ip pool to several and to keep my current configuration with my dhcp server and move it to several scopes i will need to be able to route all my ip addresses to begin with and slowly move them to the VLANs
so to begine with all the different ip addresses I have will need to go over vlan 1 and after that I can slowly remove them and add the SVI for them to route through if that makes sense
I think all I need to do is add secondary IP to the SVI but I think I will still use the IP of the SVI as the default gateway right
11-02-2015 01:50 PM
I am not clear how it is set up now and how it works now with multiple networks/subnets in vlan 1. And it is not important for me to understand that. What is important is to understand how it will work as you begin to use multiple vlans.
It is simple and it works when a vlan has a single IP subnet associated with the vlan and a single scope for it configured on the DHCP server. Let us assume, for example, that IP addresses 66.211.1.1 through 66.211.1.63 have been used in the original scope for vlan 1. Now you are going to remove those addresses from the original scope and configure a new scope on the DHCP server for those addresses. Then let us assume that you change the configuration of vlan 301 and its SVI. On interface vlan 301 you configure IP address 66.211.1.1/26. And on interface vlan 301 you configure a helper address pointing to the DHCP server. Now when a user in vlan 301 sends a request for an IP address, interface vlan 301 will forward the request to the DHCP server and the server will assign an address in the range 66.211.1.2 through 66.211.1.63. In the scope the default route would be 66.211.1.1.
You could follow that process vlan by vlan as you move users from the original large vlan 1 to the new smaller vlans. You withdraw a block of IP addresses from the original combined scope and use that block of addresses in a new scope associated with a new vlan.
You mention the possibility of using a secondary address in the SVI. I am not clear what you had in mind for that. While it may be possible to have two subnets configured within a single vlan it gets quite complicated to try to use two subnets within a single vlan when you are using DHCP.
HTH
Rick
11-02-2015 02:36 PM
well i guess it will get tricky because i am going to have to use 2 and 3 subnets per vlan. I have 4 chassis and I plan on configuring a vlan per chassis some chassis are more heavily loaded than others.
I will also have to have VLAN 1 configured for all IP addresses to begine with so I can slowly move the IP addresses to the VLANs they are designed for.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide