Link to home
Create AccountLog in
Avatar of masdf123
masdf123

asked on

DHCP Relay agent on Vlan

Hi,

I have a topology as follows:

Router (Relevant sub interfaces for the vlan's  AND dhcp server for each vlan's network)  

CONNECTED TO

Switch(With Multiple VLAN's AND 2 trunks: 1 for AP and 1 for the router))

CONNECTED TO

Access Point (Cisco Aironet, broadcasting multiple SSID's, each assigned to a specific vlan).

Now if I add another vlan (example vlan 66) and want to host the dhcp server for that vlan somewhere else.

How can I tell the AP to send the dhcp requests coming on ssid of vlan 66 and switch ports of vlan 66 to a specific IP and not the router?

Will I still have a sub interface for vlan 66 on the router so clients on vlan 66 can talk to clients on other vlans?

Thanks


How

ASKER CERTIFIED SOLUTION
Avatar of Les Moore
Les Moore
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of masdf123
masdf123

ASKER

so how does it work exactly?

When it doesn't find a dhcp server for that network (the sub interfaces network) it would automatically go to the other dhcp server?

How do I enable L3 on a sub interface?
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Thanks guys this clarify my question.
Another question I had was if a person gives himself a static and connect to the vlan 66 switchport...he would have access to the network. Basically vlan 66 has a cilli hotspot with free radius backwnd which also acts as a dhcp server. So after user authenticates chilli spot would replace the client gateway to the ip of vlan 66 sub interface.

So how can I prevent users from statically assigning an ip and connect straight to vlan66.
you would need a cisco switch and use a feature called dhcp snooping in combination with ip source guard (ip verify source), but this seems a new question to me, doesn't it?