How to setup a single Windows DHCP server with multiple VLAN's

Posted on 2013-09-17
Medium Priority
Last Modified: 2014-01-21
I am trying to setup my home lab Windows 2012 server as a single Windows DHCP server with multiple Vlans.

My hardware setup is 1x Cisco 2960G switch with 1x Cisco ASA5505 Firewall.
The Cisco ASA5505 has the  Security Plus License installed so no VLAN restrictions.

I have a HP Micro Server with one network interface connected up to the Cisco Switch 2960G

Can anyone help me guide me on how I would go about setting up this environment.
Question by:Robert_Rayworth
  • 2

Expert Comment

ID: 39501233
On the Windows server, setup a DHCP scope for each VLAN.

On your Cisco switches, when setting up your VLAN definitions, add the following line to each VLAN, substituting the IP of your DHCP server.  This will redirect the DHCP requests across the VLANs.
ip helper-address


Author Comment

ID: 39501275
I have setup several scopes on my Windows DHCP server this part is working fine

You mentioned adding the following line please can you be more specific

 my current dhcp server is the gateway is
The first scope is
The second scope is

I have been running with one scope fine but by adding the second scope wont this cause a conflict with the first. Whats stopping the wrong ip address being handed out
There was nothing in the scope creation that told them they were specific to a vlan any ideas?

Expert Comment

ID: 39501288
Your VLAN config on your switch should define the IP addresses allowed on that VLAN.    This will prevent the DHCP server from handing out addresses to the wrong VLAN.

Can you share your VLAN interface config?
LVL 18

Accepted Solution

Akinsd earned 2000 total points
ID: 39501447
Your next step now is to configure ip helper on the gateway interface for each vlan

Allowed vlan configuration on a switch only stops broadcast or multicast messages from traversing the specified vlan on the switch. Only messages coming to the allowed vlan is allowed. Vlans not allowed can still communicate with the vlans allowed.
This is like having 5 rooms, 4 for you, your wife and 2 kids and 1 for guests. You then give an instruction to post office saying "it is true I have a room for guests but the only mails allowed in this house are mails coming to me, my wife or my kids. No guest mail or junk mail or any mail not addressed to allowed recipients can come through"

You will configure ip helper on the gateway of the devices for each vlan. This is what ensures that dhcp applies the correct scope appropriately.

You mentioned that remote locations connect to main site via vpn. Devices must belong to a network that is configured in the VPN policy for VPN tunnel to form. If you have Ethernet handoff connecting the sites, then the dhcp concept you are proposing may work.

Without a tunnel, there is no connection, and without a network there is no tunnel. You need the tunnel to get to the dhcp server and you need an existing network to form a tunnel.

I hope this helps

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question