DHCP over VLAN on Cisco Switches

In this article I want to talk about a very convenient, in my opinion, IP addressing scheme in a network with and using VLAN.
In the configuration example, we will use the following scheme:
image

A bit of theory for the little ones


A VLAN or Virtual Local Area Network (VLAN) is a group of hosts with a common set of requirements that interact as if they were connected to a broadcast domain, regardless of their physical location.
In other words, VLAN is a technology for segmenting a local network into smaller virtual local area networks with its own broadcast domain.

Advantages of VLANs:
  • Facilitates moving, adding devices and changing their connections to each other;
  • Since routing between VLANs is carried out at the third level, the degree of administrative control in the network increases;
  • In connection with the splitting of the broadcast domain, the broadcast traffic in the network is reduced, which saves the bandwidth of the channels;
  • Non-productive use of the CPU is reduced by reducing the forwarding of broadcast messages;
  • Broadcast storm prevention and loop prevention.

Introduction


I don’t need to talk about what DHCP is, but for those who are “not sure” there is a good article, you can read here . It also describes the basic DHCP settings on Cisco routers. They are no different for switches. I will only add that before configuring the necessary DHCP to enable ip routing on the switch in order to raise it to level 3 and perform inter-scheduled routing, for which, in turn, you must enter the corresponding command in global configuration mode:

core(config)#ip routing


Everyone knows that using the DHCP protocol is very convenient - since the network administrator no longer needs to configure the TCP / IP protocol stack for each client machine. On the other hand, in the general case, addresses are assigned randomly, and it is not known in advance which host will receive which address. And if you need to maintain some sort of address assignment, what to do in that case !?

1st solution: Having kept the convenience of using DHCP, bind each computer to a specific IP address, the so-called MAC address binding: the address table is stored on the DHCP server, where IPs are assigned to the MACs, according to which issuance occurs. The table is populated as computers are added to the network.
The disadvantages of this solution are that the administrator needs to track the MAC address and maintain the correspondence tables on the server.

Solution # 2: Match IP addresses not with MAC addresses, but with access switch ports to which client computers are connected.

Solution No. 3 IP addresses are issued depending on which DHCP relay the request came from. In this case, the addresses are issued from the same subnet, but with the binding of specific ranges of addresses to specific switches that operate as DHCP relays (dhcpsnooper). This can quite significantly help the network administrator, since the IP address of the client computer immediately shows which switch it is connected to. For this solution, DHCP option 82 is used.

Solution No. 4 (And the most flexible): Distribute IP addresses over VLAN. So we get a universal solution that includes the benefits of all the previous ones. The flexibility of this solution is almost limitless.

And so, let's get started.

The practical side of the issue


For clarity, consider the following example, presented in the figure (see above).
We have: three access level switches (sw1, sw2, sw3), nine client computers (user 1-9), a level 3 switch (Multilayer Switch, we will designate it as Core) and three VLANs.
On access level switches, no additional configuration is required to complete the task (well, just configure the interfaces in the corresponding vlan), all the necessary settings are made on the Core switch. Core Switch Configuration Example:
!для начала создадим наши vlan'ы
core#vlan database
core(vlan)#vlan 10
core(vlan)#vlan 20
core(vlan)#vlan 30

!сохраняем базу и выходим
core(vlan)#exit
!назначаем vlan интерфейсам ip-адреса
core(config)#int vlan 10
core(config-if)#ip address 10.1.10.1 255.255.255.0

!и так для всех интерфейсов. vlan 20 - 10.1.20.1, vlan 30 10.1.30.1
!...
!включаем ip routing создаем пулы адресов dhcp
core(config)#ip routing
core(config)#ip dhcp pool vl10
core(dhcp-config)#network 10.1.10.0 255.255.255.0
core(dhcp-config)#default-router 10.1.10.1

!...
!и другие необязательные параметры, такие как dns
! + аналогично повторяем для каждого vlan'а
core(config)#ip dhcp excluded-address 10.1.10.1 10.1.20.1 10.1.30.1


That’s it, it’s done! When connected to a network, computers will receive IP addresses via DHCP in accordance with the pools for the VLANs in which they are located.
In real networks, it is probably advisable to divide VLANs by floors or by departments, etc. as you wish. Thus, the distribution of IP addresses is now completely in your hands.

Also popular now: