Link to home
Create AccountLog in
Avatar of taverny
taverny

asked on

How to setup IP HELPER ADDRESS or GIADDR

HI Experts,

I am setting up a voip solution into my netwrok. Currently I have 2 switch cisco 2950 and one router cisco . one server that has DHCP. I just bought a new switch from DELL 3448 it has POE and VLAN. I was able to setup 2 VLAN:
VLAN 1 for my computers and VLAN 5 for my phone.
my first scope on my DHCP is : 192.168.1.50--> 125
I want to create a second scope : 192.168.2.50 -->125

Now my problem is how do I tell the DHCP server to give IPs from the second scope to my phones only (VLAN 5)?
I kind of understand the concept of ip helper , but how to set it up? or is it better to use GIADDR? or something else.

thanks,
David


Avatar of adnanmig
adnanmig


Hi,

what you need to do is configure the following command in your cisco router where the gateway of your vlan is: ip helper-address <dhcp server address>

so if the client is in vlan i it will get 192.168.1.50--> 125
and clients in vlan 5 will get 192.168.2.50 -->125

ofcourse, the scopes should be configured first in the dhcp server.

regards,
Avatar of taverny

ASKER

Ok,
so if I understand it right , I have to go to my router and type the following command: ip helper-address 192.168.1.3 ( which is the ip of my dhcp server). But then how my server knows which scope to take the ip from? do I put something in the options of the scope to define the vlan?

the switch that will have the 2 vlan has an ip address of Vlan1 ( 192.168.1.71)
each ports of that switch are configure to vlan 1 and vlan 5 , since my computers are gonna be connected to the phone port and then the phone to the switch.

Sorry it my be confusing. I probably don't explain myself correclty.

Hi,

you need to do the following:
go to the device that has the ip address configured for the the two vlans and give the helper command in both vlan interfaces. if i understand right, you have vlans configured on your switch but the ip address of those vlans are on the router meaning the routing is done on your router. for the question ofhow the server will know which ip to give, when the request will be directed to the server through the vlan interface of either vlan 1 or 5, the packet will contain the ip of that vlan and the server will give the ip accordingly.

regards,
Avatar of taverny

ASKER

Hi ,
Thanks for your reply. my dell switch is the one that has the 2 vlan configured. I haven't touch anything in the router or the other switches yet .i have red somewhere that by default every switches are enable for Vlan 1 and every devices are in Vlan 1 if we don't configure Vlan. so I didn't want to change anything in my current network I just added Vlan 5 in my new switch. But when I try to go to the configuration of my new switch through the web browser I type 192.168.1.71 so it does have an ip that belongs to vlan1.
I tried to setup a second IP for the switch belonging to Vlan 5 , but it overwrite the first one if I do that.
In the manual it states that I can only have one ip for the device.so I left it with 192.168.1.71(vlan1).

Now I assume you meant that when one of my device connected to  my new switch is requesting an ip , the switch pass the request to the router with the vlan that the request has been originating and the router pass this request to the server with all those tags; now when the server gets the request it sees that it's a request from Vlan 5 but how does it now wich scope?( I could have 4 scope configure there) I haven't setup anything on the server to define the lan for the scope.

I am really sorry I might sounds stupid since I am pretty sure your giving me the answer on your posts, but it's still unclear on the actual setup.

thanks for your patience.
David

Hi,

you seemed to confused on the matter of layer three. in order for your setup to work properly with both vlans, you will have to have the similar configuration:

if your router has two interfaces that you can connect to two switches, your setup should be like this:
both interfaces of your router should have ip addresses each from one vlan. then connect the switches to each interface and each switch will have client on different vlan with different ip addresses. you will require to setup the ip helper on the router interfaces.

router--(ip of vlan 1) -------------------> switch1 (vlan 1)
|
(ip of vlan 5)
|__________________> switch2 (vlan 5)

now, if you can draw the diagram of your connections like what i did, i will be able to help you with proper configuration.

regards,
Avatar of taverny

ASKER

Hello,
ok now with your drawing it make sense, but I only have one port connected to my switches:


                                                          DHCP Server
                                                        /                  PCs
                                                      /                 /
T1----Router----Firewall---------Switch 1 (vlan 1)
                                                    |
                                                    |                 PCs
                                                    |               /
                                                  Switch 2 (Vlan 1)
                                                    |                  
                                                    |       Pcs(vlan1)            
                                                    |      /            Polycom Phone(vlan5)-----PC(vlan1)
                                                    |    /           /    
                                                  Switch 3 (Vlan 1, 5)
                                                           \
                                                             \
                                                                Polycom Phones(Vlan5)


Thanks
David
ASKER CERTIFIED SOLUTION
Avatar of adnanmig
adnanmig

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of taverny

ASKER

Hi Adnanmig,
Thanks for all your help. I think I do understand everything now. I haven't done anything yet since the router is in production and I really don't want to mess anything. Actually , I though all the config was in the router but actually the firewall is the one that has everything , the router is managed by our service provider.
i am gonna post the config of my firewall, please let me know if by entering your commnad I am not gonna mess everything thanks.
David
Avatar of taverny

ASKER

This is my current config:


PIX Version 6.3(1)
interface ethernet0 10full
interface ethernet1 10full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 9pTBWr7dxsawNwKvSi encrypted
passwd 9pTBWr7dxsawNwKvSi encrypted
hostname psinet
domain-name psxxxxx.com
clock timezone CST -6
clock summer-time CDT recurring
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
names
name 192.168.1.3 PSHDC1
name 192.168.1.90 MULTIVOIP
name 192.168.1.7 ICEBOX
name 192.168.1.65 TRIXBOX
pager lines 24
logging on
logging monitor warnings
mtu outside 1500
mtu inside 1500
ip address outside xxx.xxx.72.42 255.255.255.248
ip address inside 192.168.1.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.1.0 255.255.255.0 inside
pdm location PSHDC1 255.255.255.255 inside
pdm location 192.168.1.11 255.255.255.255 inside
pdm location 192.168.1.53 255.255.255.255 inside
pdm location MULTIVOIP 255.255.255.255 inside
pdm location ICEBOX 255.255.255.255 inside
pdm location TRIXBOX 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) xxx.xxx.72.43 PSHDC1 netmask 255.255.255.255 0 0
static (inside,outside) xxx.xxx.72.45 MULTIVOIP netmask 255.255.255.255 0 0
static (inside,outside) xxx.xxx.72.46 TRIXBOX netmask 255.255.255.255 0 0
static (inside,outside) xxx.xxx.72.44 ICEBOX netmask 255.255.255.255 0 0
conduit permit icmp any any
conduit permit icmp any any time-exceeded
conduit permit icmp any any unreachable
conduit permit tcp host xxx.xxx.72.44 eq ssh any
conduit permit tcp host xxx.xxx.72.44 eq smtp any
conduit permit tcp host xxx.xxx.72.43 eq www any
conduit permit tcp host xxx.xxx.72.43 eq pop3 any
conduit permit tcp host xxx.xxx.72.43 eq pptp any
conduit permit gre host xxx.xxx.72.43 any
conduit permit udp host xxx.xxx.72.45 eq 1700 any eq 1700
conduit permit tcp host xxx.xxx.72.45 eq www any
conduit permit tcp host xxx.xxx.72.44 eq www any
conduit permit udp host xxx.xxx.72.46 any
conduit permit tcp host xxx.xxx.72.46 any
conduit permit tcp host xxx.xxx.72.44 eq https any
route outside 0.0.0.0 0.0.0.0 xxx.xxx.72.41 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http PSHDC1 255.255.255.255 inside
http 192.168.1.254 255.255.255.255 inside
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
tftp-server inside TRIXBOX /tftpboot/
floodguard enable
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:d1eb8e0efdd5d25191279c7d7acdc2
Avatar of taverny

ASKER

I didn't try the solution, but that helped me setup my switch the way I wanted it.
thanks for your help