Suppose you have a network with multiple VLANs, each with its own subnet, and you want your DHCP server(s) to serve addresses and configuration to all subnets (or at least more than one of them). The problem normally is that broadcast traffic (such as DHCP requests from clients) cannot traverse broadcast domains, which is exactly what VLAN separation does: limit broadcast domains.
There’s basically three solutions: the first is to provide a single DHCP server with a network interface in each VLAN. This will work fine for a very limited number of VLANs, but is not very effective for larger numbers of VLANs and it’s also not very flexible. Every new VLAN requires an extra NIC, cabling, etc.
The second solution is to provide each VLAN with its own DHCP server. This is not very flexible either and eats lots of resources per VLAN and adds a lot of management complexity.
The third solution adds flexibility, ease of management and does not require a major investment in separate servers. What you do need however is a Layer3 switch in stead of a Layer2 model. The reason for this is that the switch has to be capable to route, or more accurately: re-route IP packets.
To enable a single DHCP server to serve multiple subnets, one per VLAN, you can configure your switch (both Cisco and HP Layer3 switches can do this, and probably most other brands as well) with an ‘IP helper’. An IP helper address tells the switch to forward certain types of broadcasts (like DHCP requests, TFTP requests and DNS requests) via unicast to the IP address(es) configured. An example:
Here the DHCP server is using address 10.0.1.5 in VLAN 1, on subnet 10.0.1.0 /24. The two clients are on separate VLANs 2 and 3 with subnets 10.0.2.0 /24 and 10.0.3.0 /24 respectively. In this case, we need the switch that receives the DHCP requests broadcast from the clients to forward the requests to the DHCP server. To do this, we add the IP address of the server to the different VLAN interfaces as the IP helper:
interface vlan 1 ip address 10.0.1.1 255.255.255.0 interface vlan 2 ip address 10.0.2.1 255.255.255.0 ip helper-address 10.0.1.5 interface vlan 3 ip address 10.0.3.1 255.255.255.0 ip helper-address 10.0.1.5
The switch will now forward the request broadcasts to the DHCP server. If the DHCP server has been configured with separate ranges for each subnet, the right answer will be sent back by it to the switch and then forwarded to the client.
Posts
Good tutorial…but i guess the ip-helper tool is not the only solution, i think router-on-a-stick can also do that…or?
Yes, with a router-on-a-stick you could do this, as long as the router in question provides the DHCP services, through the trunk it will be able to reach all VLAN’s on the trunk.
What about where a server in a DMZ with multiple NIC’s each on a different VLAN needs to get DHCP assisnged addresses on each interface from a DHCP server on the internal network. Will this still work. Only one interface has a default gateway
Yes, that should work. The switch is basically unaware that the different NICs are in the same machine if each NIC is connected to a different VLAN as you say. The process is basically the same as with different systems on the different VLANs. And if you’re using DHCP the default gateway will also be provided by the DHCP server (normally).