Posted on 2007-10-04
Last Modified: 2013-11-09
HI Experts,

I am setting up a voip solution into my netwrok. Currently I have 2 switch cisco 2950 and one router cisco . one server that has DHCP. I just bought a new switch from DELL 3448 it has POE and VLAN. I was able to setup 2 VLAN:
VLAN 1 for my computers and VLAN 5 for my phone.
my first scope on my DHCP is :> 125
I want to create a second scope : -->125

Now my problem is how do I tell the DHCP server to give IPs from the second scope to my phones only (VLAN 5)?
I kind of understand the concept of ip helper , but how to set it up? or is it better to use GIADDR? or something else.


Question by:taverny
    LVL 4

    Expert Comment



    what you need to do is configure the following command in your cisco router where the gateway of your vlan is: ip helper-address <dhcp server address>

    so if the client is in vlan i it will get> 125
    and clients in vlan 5 will get -->125

    ofcourse, the scopes should be configured first in the dhcp server.


    Author Comment

    so if I understand it right , I have to go to my router and type the following command: ip helper-address ( which is the ip of my dhcp server). But then how my server knows which scope to take the ip from? do I put something in the options of the scope to define the vlan?

    the switch that will have the 2 vlan has an ip address of Vlan1 (
    each ports of that switch are configure to vlan 1 and vlan 5 , since my computers are gonna be connected to the phone port and then the phone to the switch.

    Sorry it my be confusing. I probably don't explain myself correclty.
    LVL 4

    Expert Comment



    you need to do the following:
    go to the device that has the ip address configured for the the two vlans and give the helper command in both vlan interfaces. if i understand right, you have vlans configured on your switch but the ip address of those vlans are on the router meaning the routing is done on your router. for the question ofhow the server will know which ip to give, when the request will be directed to the server through the vlan interface of either vlan 1 or 5, the packet will contain the ip of that vlan and the server will give the ip accordingly.


    Author Comment

    Hi ,
    Thanks for your reply. my dell switch is the one that has the 2 vlan configured. I haven't touch anything in the router or the other switches yet .i have red somewhere that by default every switches are enable for Vlan 1 and every devices are in Vlan 1 if we don't configure Vlan. so I didn't want to change anything in my current network I just added Vlan 5 in my new switch. But when I try to go to the configuration of my new switch through the web browser I type so it does have an ip that belongs to vlan1.
    I tried to setup a second IP for the switch belonging to Vlan 5 , but it overwrite the first one if I do that.
    In the manual it states that I can only have one ip for the I left it with

    Now I assume you meant that when one of my device connected to  my new switch is requesting an ip , the switch pass the request to the router with the vlan that the request has been originating and the router pass this request to the server with all those tags; now when the server gets the request it sees that it's a request from Vlan 5 but how does it now wich scope?( I could have 4 scope configure there) I haven't setup anything on the server to define the lan for the scope.

    I am really sorry I might sounds stupid since I am pretty sure your giving me the answer on your posts, but it's still unclear on the actual setup.

    thanks for your patience.
    LVL 4

    Expert Comment



    you seemed to confused on the matter of layer three. in order for your setup to work properly with both vlans, you will have to have the similar configuration:

    if your router has two interfaces that you can connect to two switches, your setup should be like this:
    both interfaces of your router should have ip addresses each from one vlan. then connect the switches to each interface and each switch will have client on different vlan with different ip addresses. you will require to setup the ip helper on the router interfaces.

    router--(ip of vlan 1) -------------------> switch1 (vlan 1)
    (ip of vlan 5)
    |__________________> switch2 (vlan 5)

    now, if you can draw the diagram of your connections like what i did, i will be able to help you with proper configuration.


    Author Comment

    ok now with your drawing it make sense, but I only have one port connected to my switches:

                                                              DHCP Server
                                                            /                  PCs
                                                          /                 /
    T1----Router----Firewall---------Switch 1 (vlan 1)
                                                        |                 PCs
                                                        |               /
                                                      Switch 2 (Vlan 1)
                                                        |       Pcs(vlan1)            
                                                        |      /            Polycom Phone(vlan5)-----PC(vlan1)
                                                        |    /           /    
                                                      Switch 3 (Vlan 1, 5)
                                                                    Polycom Phones(Vlan5)

    LVL 4

    Accepted Solution



    now it is clear what is needed to be done:

    on the router:
    create two subinterfaces, one for each vlan and give them ip addresses.
    inter f0/0.1
    ip address <ip>
    encapsulation dot1q 1
    interface f0/0.2
    ip address <ip>
    encapsulation dot1q 5

    then on the switches:
    the link between all switches/router should be trunk:
    inter f0/24
    switchport encapsulation dot1q
    switchport mode trunk

    finally, create both vlans on each switch:
    vlan 1
    no shut
    vlan 5
    no shut
    in global config mode.

    this will work.


    Author Comment

    Hi Adnanmig,
    Thanks for all your help. I think I do understand everything now. I haven't done anything yet since the router is in production and I really don't want to mess anything. Actually , I though all the config was in the router but actually the firewall is the one that has everything , the router is managed by our service provider.
    i am gonna post the config of my firewall, please let me know if by entering your commnad I am not gonna mess everything thanks.

    Author Comment

    This is my current config:

    PIX Version 6.3(1)
    interface ethernet0 10full
    interface ethernet1 10full
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password 9pTBWr7dxsawNwKvSi encrypted
    passwd 9pTBWr7dxsawNwKvSi encrypted
    hostname psinet
    clock timezone CST -6
    clock summer-time CDT recurring
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol ils 389
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    no fixup protocol smtp 25
    fixup protocol sqlnet 1521
    name PSHDC1
    name MULTIVOIP
    name ICEBOX
    name TRIXBOX
    pager lines 24
    logging on
    logging monitor warnings
    mtu outside 1500
    mtu inside 1500
    ip address outside
    ip address inside
    ip audit info action alarm
    ip audit attack action alarm
    pdm location inside
    pdm location PSHDC1 inside
    pdm location inside
    pdm location inside
    pdm location MULTIVOIP inside
    pdm location ICEBOX inside
    pdm location TRIXBOX inside
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0 0
    static (inside,outside) PSHDC1 netmask 0 0
    static (inside,outside) MULTIVOIP netmask 0 0
    static (inside,outside) TRIXBOX netmask 0 0
    static (inside,outside) ICEBOX netmask 0 0
    conduit permit icmp any any
    conduit permit icmp any any time-exceeded
    conduit permit icmp any any unreachable
    conduit permit tcp host eq ssh any
    conduit permit tcp host eq smtp any
    conduit permit tcp host eq www any
    conduit permit tcp host eq pop3 any
    conduit permit tcp host eq pptp any
    conduit permit gre host any
    conduit permit udp host eq 1700 any eq 1700
    conduit permit tcp host eq www any
    conduit permit tcp host eq www any
    conduit permit udp host any
    conduit permit tcp host any
    conduit permit tcp host eq https any
    route outside 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    http server enable
    http PSHDC1 inside
    http inside
    http inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    tftp-server inside TRIXBOX /tftpboot/
    floodguard enable
    telnet inside
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    terminal width 80

    Author Closing Comment

    I didn't try the solution, but that helped me setup my switch the way I wanted it.
    thanks for your help

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Suggested Solutions

    When posting a question about a Cisco ASA, Cisco Router or Cisco Switch, it can aid diagnosis if a suitably sanitised copy of the config is provided. It is much better to leave as much of the configuration as original as possible, as it could be tha…
    I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now