| marked |

Suppose you have a network with multiple VLANs, each with its own subnet, and you want your DHCP server(s) to serve addresses and configuration to all subnets (or at least more than one of them). The problem normally is that broadcast traffic (such as DHCP requests from clients) cannot traverse broadcast domains, which is exactly what VLAN separation does: limit broadcast domains.

There’s basically three solutions: the first is to provide a single DHCP server with a network interface in each VLAN. This will work fine for a very limited number of VLANs, but is not very effective for larger numbers of VLANs and it’s also not very flexible. Every new VLAN requires an extra NIC, cabling, etc.

The second solution is to provide each VLAN with its own DHCP server. This is not very flexible either and eats lots of resources per VLAN and adds a lot of management complexity.

The third solution adds flexibility, ease of management and does not require a major investment in separate servers. What you do need however is a Layer3 switch in stead of a Layer2 model. The reason for this is that the switch has to be capable to route, or more accurately: re-route IP packets.

To enable a single DHCP server to serve multiple subnets, one per VLAN, you can configure your switch (both Cisco and HP Layer3 switches can do this, and probably most other brands as well) with an ‘IP helper’. An IP helper address tells the switch to forward certain types of broadcasts (like DHCP requests, TFTP requests and DNS requests) via unicast to the IP address(es) configured. An example:

Here the DHCP server is using address 10.0.1.5 in VLAN 1, on subnet 10.0.1.0 /24. The two clients are on separate VLANs 2 and 3 with subnets 10.0.2.0 /24 and 10.0.3.0 /24 respectively. In this case, we need the switch that receives the DHCP requests broadcast from the clients to forward the requests to the DHCP server. To do this, we add the IP address of the server to the different VLAN interfaces as the IP helper:

interface vlan 1
ip address 10.0.1.1 255.255.255.0

interface vlan 2
ip address 10.0.2.1 255.255.255.0
ip helper-address 10.0.1.5

interface vlan 3
ip address 10.0.3.1 255.255.255.0
ip helper-address 10.0.1.5

 

The switch will now forward the request broadcasts to the DHCP server. If the DHCP server has been configured with separate ranges for each subnet, the right answer will be sent back by it to the switch and then forwarded to the client.