• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1185
  • Last Modified:

DHCP Relay agent on Vlan

Hi,

I have a topology as follows:

Router (Relevant sub interfaces for the vlan's  AND dhcp server for each vlan's network)  

CONNECTED TO

Switch(With Multiple VLAN's AND 2 trunks: 1 for AP and 1 for the router))

CONNECTED TO

Access Point (Cisco Aironet, broadcasting multiple SSID's, each assigned to a specific vlan).

Now if I add another vlan (example vlan 66) and want to host the dhcp server for that vlan somewhere else.

How can I tell the AP to send the dhcp requests coming on ssid of vlan 66 and switch ports of vlan 66 to a specific IP and not the router?

Will I still have a sub interface for vlan 66 on the router so clients on vlan 66 can talk to clients on other vlans?

Thanks


How

0
masdf123
Asked:
masdf123
  • 3
  • 2
  • 2
3 Solutions
 
lrmooreCommented:
Yes, you will need a L3 subinterface on the router.
As long as the other DHCP server is connected to a VLAN66 access port and you do not setup DHCP on the router, the clients should get IP addresses no problem. Nothing else to configure.
0
 
masdf123Author Commented:
so how does it work exactly?

When it doesn't find a dhcp server for that network (the sub interfaces network) it would automatically go to the other dhcp server?

How do I enable L3 on a sub interface?
0
 
joelvpCommented:
You create a vlan interface on the router and use the ip helper-address command

So let's assume you're DHCP server has ip address 1.1.1.1 and the subnet for vlan 66 is 192.168.66.0/24

You will create a DHCP scope for subnet 192.168.66.0/24 on the DHCP server (1.1.1.1)

Then on the router, you can instruct the router to relay DHCP messages to this DHCP server for this specific vlan

interface vlan66
ip address 192.168.66.x 255.255.255.0
ip helper-address 1.1.1.1

By the way: by creating a vlan interface (as above) you in essence enable L3 on a subinterface (in switching terminology a subinterface would be called a vlan)

I think this is what you need?

0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
lrmooreCommented:
If the DHCP server is in the same subnet as VLAN66, and connected to a switch port in static access vlan 66, there is nothing else to do because a VLAN is a broadcast domain.

If the DHCP server is on a different network, and has a scope for the 66 vlan subnet, then you use ip helper-address on the Vlan66 subinterface to act as a relay.

The L3 interface is the sub-interface with an IP address. This sub-interface IP would be configured as the default-router in the DHCP scope.
0
 
masdf123Author Commented:
Thanks guys this clarify my question.
0
 
masdf123Author Commented:
Another question I had was if a person gives himself a static and connect to the vlan 66 switchport...he would have access to the network. Basically vlan 66 has a cilli hotspot with free radius backwnd which also acts as a dhcp server. So after user authenticates chilli spot would replace the client gateway to the ip of vlan 66 sub interface.

So how can I prevent users from statically assigning an ip and connect straight to vlan66.
0
 
joelvpCommented:
you would need a cisco switch and use a feature called dhcp snooping in combination with ip source guard (ip verify source), but this seems a new question to me, doesn't it?
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now