VLANS and DHCP

Glenn Satchell Glenn.Satchell at uniq.com.au
Fri Aug 18 14:58:25 UTC 2006 

Hi Steve,

The ip-helper function on the router listens for broadcast UDP traffic
on the nominated interface. When the router receives a DHCP broadcast
packet it adds the IP address of the interface the broadcast packet
came in on to the GIAddr (gateway internet address I think) field in
the DHCP packet and forwards it as a unicast packet to the designated
address (you called it dhcp-server-identifier) of the dhcp server.
Since this packet is unicast it follows normal routing rules to get to
the destination.

The DHCP server decodes the packet, and looks at the GIAddr field. It
uses this field to decide which subnet the request came from and
applies the appropriate settings. The dhcp server unicasts the response
back to the relay agent which then broadcasts it onto the proper router
interface.

Using ip-helpers is probably better, and more scalable, than using
separate VLAN interfaces on the dhcp server because it means you don't
need to extend the vlan all the way to the dhcp server. Remember there
may be lots of other broadcast traffic that will clog your networks
that the dhcp server does not need to see. Of course this may depend on
how your network is designed with respect to layer 2 and layer 3
management.

You don't need to add option dhcp-server-identifier to every subnet
definition, the system will work it out correctly by itself. If you use
ip-helper on the routers then the dhcp server's IP address will
probably not be on the client subnet anyway.

dhcp-server-identifier specifies the address of the dhcp server in
*outgoing* packets from the dhcp server. Setting this to an address not
configured on the dhcp server will break things big time.

Hope this helps, and feel free to keep posting questions...

regards,
-glenn
--
Glenn Satchell       mailto:glenn.satchell at uniq.com.au  |  Heard about
Uniq Advances Pty Ltd           http://www.uniq.com.au  |  the new Unix
PO Box 70 Paddington NSW Australia 2021                 |  sports car?
tel:0409-458-580   tel:02-9380-6360   fax:02-9380-6416  |  The  rwx

>Date: Fri, 18 Aug 2006 09:36:43 -0500
>From: "Steve Wenger" <steve at nconnectwireless.com>
>To: dhcp-users at isc.org
>Subject: Re: VLANS and DHCP
>
>the dhcp-server-identifier is I think the address that is specified by the 
>IP Helper in the cisco, my question is will that helper address direct the 
>traffic to the proper section in the dhcpd.conf file?
>Example if the ip-helper address is 206.126.242.2 will the traffic skip over 
>the vlan 19 and goto vlan20?
>
>#Vlan 19 - Rubicon Private
>subnet 172.19.0.0 netmask 255.255.254.0 {
>         range 172.19.0.10 172.20.0.254;
>         option routers 172.19.0.1;
>         option subnet-mask 255.255.254.0;
>         option dhcp-server-identifier 172.19.0.2 }
>}
>#Vlan 20 - Rubicon Public
>subnet 206.126.242.0 netmask 255.255.254.0 {
>         range 206.126.242.5 206.126.243.254;
>         option routers 206.126.212.1;
>         option subnet-mask 255.255.254.0;
>         option dhcp-server-identifier 206.126.242.2
>}
>
>Steve Wenger
>Nconnect Internet and High Speed Wireless.
>Got a need for speed?  We have a solution for you!
>
>
>-----Original Message-----
>From: Joseph Huang ¶À¥ß¦æ <lshuang at mcu.edu.tw>
>To: dhcp-users at isc.org
>Date: Fri, 18 Aug 2006 13:30:54 +0800
>Subject: Re: VLANS and DHCP
>
>> If your routers are cisco like
>> just add "ip helper-address dhcp.server.ip.address" configuration in
>> each vlan interface
>> like:
>> Switch>enable
>> Switch#configure terminal
>> Switch(config)#interface vlan 1968
>> Switch(config-if)#ip helper-address 192.168.100.200
>> Switch(config-if)#end
>> 
>> then the router will relay dhcp packets between dhcp server and dhcp
>> client
>> 
>> if you want to use a dhcp server with many virtual interface to do this
>> you need
>> 1. a nic with 802.1q vlan support on your dhcp server
>> 2. define virtual interfaces on your dhcp server machine
>> 3. define a trunk port which directly connect to dhcp server's nic and
>> brings all vlan tag to the nic of dhcp server
>> cisco like config is :
>> Switch>enable
>> Switch#configure terminal
>> Switch(config)#vtp mode transparent
>> Switch(config)#interface gigabitEthernet 0/12
>> Switch(config-if)#switchport trunk encapsulation dot1q
>> Switch(config-if)#switchport mode trunk
>> Switch(config-if)#end
>> 
>> 4. tell dhcp server to listen dhcp packets on virtual interfaces
>> 
>> however, maybe nic won't support more than 64 vlans
>> so, i think you need both router's dhcp relay and dhcp server's virtual
>> interface configuration
>> (mix L2 and L3 traffic on the router or core switch)
>> 
>> finally, you can download cisco's "Multilayer Switch Software
>> Configuration Guide" of their products
>> on cisco's web site, their manual is really easy to understand.
>> 
>> good luck!
>> 
>> Joseph Huang
>> 
>> 
>> Steve Wenger wrote:
>> > I will be running it on Fedora Core 5,  I am going to have approx 100
>> total 
>> > vlans to start, and I know it can be done I am just not sure how to
>> get it 
>> > done.
>> >
>> > Steve Wenger
>> > Nconnect Internet and High Speed Wireless.
>> > Got a need for speed?  We have a solution for you!
>> >
>> >
>> > -----Original Message-----
>> > From: Michael Loftis <mloftis at wgops.com>
>> > To: dhcp-users at isc.org
>> > Date: Thu, 17 Aug 2006 20:27:59 -0600
>> > Subject: Re: VLANS and DHCP
>> >
>> >   
>> >> --On August 17, 2006 9:09:53 PM -0500 Steve Wenger 
>> >> <steve at nconnectwireless.com> wrote:
>> >>
>> >>     
>> >>> I am currently running a wireless network with over 2ooo clients
>> >>>       
>> >> attached
>> >>     
>> >>> to  50 different access points,  I will be reconfiguring the
>> network
>> >>>       
>> >> and
>> >>     
>> >>> setting  up different VLANS for each tower location.  I want to use
>> >>>       
>> >> one
>> >>     
>> >>> centralized  DHCP server so I need to configure a DHCP server that
>> >>>       
>> >> can
>> >>     
>> >>> assign clients  addresses from multiple address blocks both public
>> >>>       
>> >> and
>> >>     
>> >>> private based upon  the VLAN that the client is part of.  Can
>> anyone
>> >>> point me to some  documentation on how to accomplish this.
>> >>> Steve Wenger
>> >>> Nconnect Internet and High Speed Wireless.
>> >>> Got a need for speed?  We have a solution for you!
>> >>>       
>> >> What platform?  Linux and FreeBSD both support an 802.1q/VLAN
>> >> encapsulation 
>> >> driver.  I've used both to run DHCP and they work very well.  They
>> both
>> >> expose an interface to DHCPd, so there's nothing 'special' as far as
>> >> DHCPd 
>> >> is concerned.  In Linux there's an option you have to sometimes set
>> >> that 
>> >> makes sure the Layer2 Ethernet headers are correct in order to make
>> >> certain 
>> >> the DHCPd works.  In any case it's not the DHCPd that does the VLAN 
>> >> interface, it's the host OS.
>> >>
>> >>     
>> >
>> >
>> >
>> >
>> >   
>> 
>> 
>> 
>
>
>

More information about the dhcp-users mailing list