Routing – Single DHCP Server for Multiple VLANs in Packet Tracer

dhcproutingvlan

I have a layer 2 switch, PC 1 connected to port 1 and PC 2 connected to port 2.

Port 1 is in VLAN 20
Port 2 is in VLAN 21

Can I use a single DHCP server without a router and give IP to both the PCs?

I don't want to route coz I don't want VLANs 20 and 21 to communicate, I need the networks to be isolated.

Best Answer

There are basically two ways to do this:

DHCP server in both VLANs -- either a server with a trunk port or a server with two physical ethernet ports. Make it serve addresses for both VLANs. (Make sure you don't enable on any routing.)
With DHCP forwarding -- if there is a suitable DHCP forwarder present, it can be configured to relay (at Layer 4) the DHCP requests and answers to a DHCP server on another network. DHCP forwarding is a standard feature of most routers (eg Cisco's ip helper dhcp), but this router doesn't have to route packets, or can have all traffic prohibited between the VLANs. Also host-based DHCP systems can relay (eg ISC's dhcrelay). With this setup, the actual DHCP server has to know how to deal with remote networks (Cisco's and ISC's both work fine for this.)
Hybrid obviously you could have DHCP relay from one VLAN to the other, which is just a hybrid of the two methods.

Single DHCP server in both networks, with two interfaces or with trunk.

  DHCPD                 DHCPD
   | |                    |
===1=2===1===2===      ===T===1===2===    (1,2,T = VLAN 20, 21, Trunk)
         |   |                |   |
        PC1 PC2              PC1 PC2

With DHCP relays in each network, forwarding to a DHCP server elsewhere. (Could be on adjacent LAN, across the corporate network, or, unwisely, across the internet.)

   DHCPD
   |   |        
  REL1 REL2
   |   |                    
===1===2===1===2===
           |   |    
          PC1 PC2

In a real network, you might think about starting from a point like this, where there's a control LAN for multiple redundant DHCP servers, LDAP etc, connected by router to the VLANs. This router would have DHCP relaying enabled, and control traffic between the VLANs and the internet. In reality it might well be multiple routers with some hot standby mechanism (HSRP, VRRP etc)>

 internet
    |
    R   DHCP1 DHCP2
   / \    |     |
  |  =+===+=====+===
  |
 =T===1===2===3===
      |   |   |

Related Solutions

Vlan – Connecting two VLANs together on a single switch

You could do this, but you run into all kinds of problems with spanning-tree. Your ports could go into err-disabled.

You won't have two separate switches though. The single switch still learns MAC addresses on a port and vlan and that is switch-wide

Vlan – IPv6 DHCP Server vs Router

IPv6 has more options for configuring addresses than IPv4. The process works as follows:

A new client joins the network and sends a Router Solicitation (RS)
Each router (can be multiple) sends a Router Advertisement (RA)
- This happens both on request (when receiving an RS) as well as periodically
The RA contains a lot of information on how the network is run:
- If the router sending the RA can be a default gateway, and for how long
- Telling clients if there is a stateless (not giving out addresses, only providing extra information like DNS settings) DHCPv6 server on the network (the O=other flag)
- Telling clients if there is a stateful (like in IPv4) DHCPv6 server on the network (the M=managed flag)
- Telling clients about the prefixes in use on the network
  - For each prefix: tell the clients if they can auto-configure an address by themselves (the A=autoconf flag)
- And possibly lots of other stuff

If you want to run a fully managed network where the DHCPv6 server manages all the addresses (and please think why you want this before choosing it, if you don't use the information in the DHCPv6 server then letting clients configure their own addresses is much easier) then the router has to turn off the A (autoconf) flag for every prefix it announces and turn on the M (managed) flag so that clients know that they are not allowed to choose their own addresses but that there is a DHCPv6 server available to help them.

This is how to do that on a Cisco router:

; Go to the interface configuration
interface FastEthernet0/0
  ; Tell clients that auto configuration is not allowed
  ; This changes the default parameters.
  ; You have to specify the timers, so I use the standard values
  ipv6 nd prefix default 2592000 604800 no-autoconfig
  ;
  ; Tell the clients that there is a stateful DHCPv6 server available
  ipv6 nd managed-config-flag

; Repeat this for every (sub)interface where you want to force clients to use DHCPv6.

Also note: You need those RA packets. DHCPv6 only provides information, and optionally addresses. It does not provide a default gateway. That is done using RA. The idea here is that routers usually have better information on routing and gateways than DHCP servers, with the added benefit that you can have multiple routers on one subnet acting as default gateways with clients load balancing between them etc.

Best Answer

Related Solutions

Vlan – Connecting two VLANs together on a single switch

Vlan – IPv6 DHCP Server vs Router

Related Topic