DHCP over VLAN on Cisco switches
In this article I want to talk about a very convenient, in my opinion, scheme for IP addressing on a network with and using VLAN.
In the sample configuration, we will use the following scheme:
VLAN, or Virtual Local Area Network, is a group of hosts with a common set of requirements that interact as if they were connected to a broadcast domain, regardless of their physical location.
In other words, VLAN is a technology of segmentation of a local network into smaller virtual local area networks with its broadcast domain.
Advantages of networks with VLAN:
I don’t need to talk about what DHCP is, but for those who are “not sure” there is a good article, you can read it here . It also describes the basic DHCP settings on Cisco routers. They are no different for switches. I will add only that before configuring DHCP I need to enable ip routing on the switch, which would raise it to level 3 and perform interwave routing, which in turn requires entering the corresponding command in global configuration mode:
')
Everyone knows that it is very convenient to use the DHCP protocol, since the network administrator does not need to configure the TCP / IP protocol stack for each client machine. On the other hand, in the general case, addresses are assigned randomly, and it is not known in advance which host will receive which address. And if you need to keep some order of address assignment, what to do in this case!?
1st solution: Having retained the convenience of using DHCP, bind each computer to a specific IP address, the so-called binding to the MAC address: a table of addresses is stored on the DHCP server, where the IP is assigned to the MAC, according to which the issue occurs. The table is filled as you add computers to the network.
The disadvantages of this solution are that the administrator needs to track the MAC address and maintain the matching tables on the server.
Solution # 2: Assign the IP addresses not to the MAC addresses, but to the access switch ports to which the client computers are connected.
Decision â„–3 The issuance of IP addresses occurs depending on which DHCP relay request came from. In this case, addresses are issued from the same subnet, but with the binding of specific ranges of addresses to specific switches that act as DHCP relays (dhcpsnooper). This can quite substantially help the network administrator, since by the IP address of the client computer, it is immediately clear to which switches it is connected to. This solution uses option 82 of the DHCP protocol.
Solution # 4 (And the most flexible): Distribute IP addresses over VLAN. So we get some kind of universal solution that includes the advantages of all the previous ones. The flexibility of such a solution is almost limitless.
And so, let's get started.
For clarity, consider the following example, shown in the figure (see above).
We have: three access level switches (sw1, sw2, sw3), nine client computers (user 1-9), a level 3 switch (Multilayer Switch, let's designate it as Core) and three VLANs.
On access level switches, no additional configuration is required to accomplish the task (well, just configure the interfaces in the appropriate vlan), all the necessary configuration is done on the Core switch. Core switch configuration example:
That's it, ready! Computers connected to the network will receive IP addresses via DHCP in accordance with the pools for the VLANs in which they are located.
In real networks, it may be advisable to separate VLANs by floor or by department, etc. as you wish. Thus, the distribution of IP addresses is now completely in your hands.
In the sample configuration, we will use the following scheme:
A bit of theory for the smallest
VLAN, or Virtual Local Area Network, is a group of hosts with a common set of requirements that interact as if they were connected to a broadcast domain, regardless of their physical location.
In other words, VLAN is a technology of segmentation of a local network into smaller virtual local area networks with its broadcast domain.
Advantages of networks with VLAN:
- Facilitates moving, adding devices and changing their connections with each other;
- Since the routing between VLANs is carried out at the third level, the degree of administrative control in the network therefore increases;
- In connection with the splitting of the broadcast domain, the broadcast traffic on the network is reduced, which saves bandwidth;
- Reduced non-productive use of the CPU by reducing the forwarding of broadcast messages;
- Preventing broadcast storms and preventing loops.
Introduction
I don’t need to talk about what DHCP is, but for those who are “not sure” there is a good article, you can read it here . It also describes the basic DHCP settings on Cisco routers. They are no different for switches. I will add only that before configuring DHCP I need to enable ip routing on the switch, which would raise it to level 3 and perform interwave routing, which in turn requires entering the corresponding command in global configuration mode:
core(config)#ip routing')
Everyone knows that it is very convenient to use the DHCP protocol, since the network administrator does not need to configure the TCP / IP protocol stack for each client machine. On the other hand, in the general case, addresses are assigned randomly, and it is not known in advance which host will receive which address. And if you need to keep some order of address assignment, what to do in this case!?
1st solution: Having retained the convenience of using DHCP, bind each computer to a specific IP address, the so-called binding to the MAC address: a table of addresses is stored on the DHCP server, where the IP is assigned to the MAC, according to which the issue occurs. The table is filled as you add computers to the network.
The disadvantages of this solution are that the administrator needs to track the MAC address and maintain the matching tables on the server.
Solution # 2: Assign the IP addresses not to the MAC addresses, but to the access switch ports to which the client computers are connected.
Decision â„–3 The issuance of IP addresses occurs depending on which DHCP relay request came from. In this case, addresses are issued from the same subnet, but with the binding of specific ranges of addresses to specific switches that act as DHCP relays (dhcpsnooper). This can quite substantially help the network administrator, since by the IP address of the client computer, it is immediately clear to which switches it is connected to. This solution uses option 82 of the DHCP protocol.
Solution # 4 (And the most flexible): Distribute IP addresses over VLAN. So we get some kind of universal solution that includes the advantages of all the previous ones. The flexibility of such a solution is almost limitless.
And so, let's get started.
The practical side of the issue
For clarity, consider the following example, shown in the figure (see above).
We have: three access level switches (sw1, sw2, sw3), nine client computers (user 1-9), a level 3 switch (Multilayer Switch, let's designate it as Core) and three VLANs.
On access level switches, no additional configuration is required to accomplish the task (well, just configure the interfaces in the appropriate vlan), all the necessary configuration is done on the Core switch. Core switch configuration example:
! vlan'
core#vlan database
core(vlan)#vlan 10
core(vlan)#vlan 20
core(vlan)#vlan 30
!
core(vlan)#exit
! vlan ip-
core(config)#int vlan 10
core(config-if)#ip address 10.1.10.1 255.255.255.0
! . vlan 20 - 10.1.20.1, vlan 30 10.1.30.1
!...
! ip routing dhcp
core(config)#ip routing
core(config)#ip dhcp pool vl10
core(dhcp-config)#network 10.1.10.0 255.255.255.0
core(dhcp-config)#default-router 10.1.10.1
!...
! , dns
! + vlan'
core(config)#ip dhcp excluded-address 10.1.10.1 10.1.20.1 10.1.30.1
That's it, ready! Computers connected to the network will receive IP addresses via DHCP in accordance with the pools for the VLANs in which they are located.
In real networks, it may be advisable to separate VLANs by floor or by department, etc. as you wish. Thus, the distribution of IP addresses is now completely in your hands.
Source: https://habr.com/ru/post/113431/
All Articles