Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
19561
Views
0
Helpful
9
Replies

Question about HSRP and DHCP?

Go to solution
luo_40201
Level 1
Level 1

‎07-31-2013 07:42 PM - edited ‎03-07-2019 02:42 PM

2 units of 4507 for HSRP router configuration, each router is configured with the same the DHCP pool and addresses range.

According to the principle of HSRP, a standby router is in inactive state, the active router would like to assign IP addresses, only when the active router down off, standby router take over and begin to assigns IP addresses, but now the question is  the active router is not down, a few assigns IP addresses, most of the IP address is assigned by the standby router in. No ip-help-address on active router.

What the matter?how to resolve it?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to luo_40201

‎08-01-2013 04:29 AM

There really are few other solutions. When both 4507 are configured with DHCP then both will be active. And when the client PC sends the DHCP request it is sent as a broadcast. So both 4507 will receive the request and both will respond. That is the nature of DHCP.

The only alternative solution that occurs to me is that perhaps you could create an aplet using EEM. It would run on the standby 4507. It would check for the status of the primary 4507. If the primary is up then the aplet removes the DHCP configuration on the standby. If the primary is not accessible then the aplet creates the DHCP configuration on the standby. The big problem with the solution, besides the fact that it would be complicated to create it, is that when the standby started to process DHCP it would have no knowledge of the bindings issued by the primary. It would probably result in issuing IP addresses to clients that duplicate addresses in use that had been issued by the primary.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful

Go to solution
Alexey Stytsenko
Level 1
Level 1
In response to Richard Burts

‎08-01-2013 05:33 AM 

The big problem with the solution, besides the fact that it would be  complicated to create it, is that when the standby started to process  DHCP it would have no knowledge of the bindings issued by the primary.  It would probably result in issuing IP addresses to clients that  duplicate addresses in use that had been issued by the primary.

That can be fixed by dividing DHCP pools between switches - for eg. we have 192.168.0.0/24 network so we can divide this range such way that 4507-1 (normally active) will distribute addresses from 192.168.0.2 to 192.168.0.127 and 4507-2 will distribute addresses from 192.168.0.128 to 192.168.0.254. 

BTW I suppose external DHCP + UDP Forwarding Support for IP Redundancy Virtual Router Groups is the most sufficient solution for this case.

Regards,

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Alexey Stytsenko
Level 1
Level 1

‎07-31-2013 08:35 PM

Good day.

According to the principle of HSRP, a standby router is in inactive  state, the active router would like to assign IP addresses, only when  the active router down off, standby router take over and begin to  assigns IP addresses

Incorrect. DHCP dont chained with any means to HSRP. If you have configure 2 DHCP servers in network them both will be active.  Host to request ip address use following steps:

The client, Host A, sends a DHCPDISCOVER broadcast  message to locate a Cisco IOS DHCP Server. A DHCP Server offers  configuration parameters (such as an IP address, a MAC address, a domain  name, and a lease for the IP address) to the client in a DHCPOFFER  unicast message.

http://www.cisco.com/en/US/i/000001-100000/30001-35000/32001-32500/32369.jpg

So if DHCPDISCOVER message from host first reach currently HSRP standby router, it still can offer DHCP configuration parameters to host despite on it HSRP state.

0 Helpful

Go to solution
luo_40201
Level 1
Level 1
In response to Alexey Stytsenko

‎07-31-2013 09:00 PM

2  router is enabled for the DHCP snooping, the client interface is set  by untrust,

Route1 in active and route2 is in standby, now most IP route2 allocation, but snooping binding table is in the route1,  According to what you say the table should be in route2.

What's matter?

0 Helpful

Go to solution
Alexey Stytsenko
Level 1
Level 1
In response to luo_40201

‎07-31-2013 10:28 PM 

 According to what you say the table should be in route2.
What's matter?

Indeed I quote Cisco offical doc.

but snooping binding table is in the route1

Snooping works based on intercepting DHCP messages, so i can suppose that DHCP messages from Route2 pass through Route1 so it can intercept them.

  DHCP Snooping Binding Database 

 The DHCP snooping feature dynamically builds and maintains the database  using information extracted from intercepted DHCP messages. The database  contains an entry for each untrusted host with a leased IP address if  the host is associated with a VLAN that has DHCP snooping enabled. The  database does not contain entries for hosts connected through trusted  interfaces. 


 The DHCP snooping feature updates the database when the switch receives  specific DHCP messages. For example, the feature adds an entry to the  database when the switch receives a DHCPACK message from the server. The  feature removes the entry in the database when the IP address lease  expires or the switch receives a DHCPRELEASE message from the host.
0 Helpful

Go to solution
luo_40201
Level 1
Level 1
In response to Alexey Stytsenko

‎07-31-2013 11:38 PM 

Snooping works based on intercepting DHCP messages, so i can suppose that DHCP messages from Route2 pass through Route1 so it can intercept them.
    


How to avoid pass through?

I need IP can be assigned in the router1 and also snooping binding table.

IP can be assigned only when the router1 will down off.

0 Helpful

Go to solution
Alexey Stytsenko
Level 1
Level 1
In response to luo_40201

‎08-01-2013 01:03 AM

Read this article, I think this is solution you looking for:

Regards,

0 Helpful

Go to solution
luo_40201
Level 1
Level 1
In response to Alexey Stytsenko

‎08-01-2013 01:57 AM

Clinets and dhcp servers are in the same vlan.so I think it's not necessory to configurate  help-address.

But still thank you.

Is there any  other solutions?

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to luo_40201

‎08-01-2013 04:29 AM

There really are few other solutions. When both 4507 are configured with DHCP then both will be active. And when the client PC sends the DHCP request it is sent as a broadcast. So both 4507 will receive the request and both will respond. That is the nature of DHCP.

The only alternative solution that occurs to me is that perhaps you could create an aplet using EEM. It would run on the standby 4507. It would check for the status of the primary 4507. If the primary is up then the aplet removes the DHCP configuration on the standby. If the primary is not accessible then the aplet creates the DHCP configuration on the standby. The big problem with the solution, besides the fact that it would be complicated to create it, is that when the standby started to process DHCP it would have no knowledge of the bindings issued by the primary. It would probably result in issuing IP addresses to clients that duplicate addresses in use that had been issued by the primary.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
Alexey Stytsenko
Level 1
Level 1
In response to Richard Burts

‎08-01-2013 05:33 AM 

The big problem with the solution, besides the fact that it would be  complicated to create it, is that when the standby started to process  DHCP it would have no knowledge of the bindings issued by the primary.  It would probably result in issuing IP addresses to clients that  duplicate addresses in use that had been issued by the primary.

That can be fixed by dividing DHCP pools between switches - for eg. we have 192.168.0.0/24 network so we can divide this range such way that 4507-1 (normally active) will distribute addresses from 192.168.0.2 to 192.168.0.127 and 4507-2 will distribute addresses from 192.168.0.128 to 192.168.0.254. 

BTW I suppose external DHCP + UDP Forwarding Support for IP Redundancy Virtual Router Groups is the most sufficient solution for this case.

Regards,

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Alexey Stytsenko

‎08-01-2013 07:04 PM

While I agree with you that separate pools for DHCP on each 4507 is the realistic and workable solution, the original poster has been pretty insistent that he is looking for solutions based on his original topology of same pool on both 4507. I gave answers in the context of his question. If he is willing to consider other topologies then I certainly endorse the solution that you suggest.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card