Dynamic Vlans and DHCP

Unanswered Question
Apr 3rd, 2007

Hey guys...

Just a question regarding Dynamic vlans and DHCP

A requirement has come up wherein i need to configure Dynamic vlans so that a user from XYZ dept can go anywere in the campus plug into a switch and authenticate to the same VLAN. (we are using an acs box as well)

Once he's been put in the XYZ VLAN he needs to be given an IP address in the range allocated to the XYZ Vlan..

I have come to understand that on the core switch, i can create a number of VLANS and set the IP helper address in each of the VLANS to point to the Windows2003 DHCP server. In the DHCP server i have about 25 scopes.

Now i wanna know how each vlan can pick the right scope, secondly how do i go about configuring dynamic vlans and dynamic dhcp... im using cisco 3560's as edge switches and cisco 6509 as a core switch..

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mahmoodmkl Tue, 04/03/2007 - 22:36


For dynamic vlans u need to have VMPS server.

I think u r 6509 can act as a VMPS server.

U need to have a database of mac address mapped to vlans.check weather u r 3560 can become a VMPS client.So when u r done with mapping if the switch recieves the request from that particular mac-address it will dynamically assing it to the proper vlan.



binoyjosephstanly Tue, 04/03/2007 - 22:42

Hey Mahmood,

Thanks alot for your reply. I have read about the VMPS server.. need to look how to configure it.

Mapping MAC addresses to each vlan would be a small problem for us.. as we have over 2000 users :(

Do u have any alternative suggestions?

mahmoodmkl Tue, 04/03/2007 - 22:53


Well i dnot think there is any other method than creating the mapped databse,may be some expert put his input in this.



Jon Marshall Tue, 04/03/2007 - 22:53


You can take a look at 802.1x dynamic vlan assignment. Attached is a link to this for the 3560 switch. The user has to authenticate to the network and if successful the network port is dynamically allocated to a vlan.


As long as you have the ip helper-addresses set up on the vlan interfaces the user will get the right IP address for the vlan they have been assigned to.



nyr.hakeem-habeeb Wed, 04/04/2007 - 01:50

Hi there,

with the ip helper command under the SVI interfaces, DHCP requests will be sourced with the IP address of the gateway for the VLAN hence the DHCP server returns an available IP from a scope this IP fall into. I guess you already know you need to ensure all VLANs (on all access switches) are trunked back to the core switches in order not to break connectivity.

Hope this help.



binoyjosephstanly Fri, 04/06/2007 - 05:54

Thanks for ur help HH .. im gonna give it a shot over the next 2 days.. have 2- 6509 switches and 15-20 3560 (edge) switches.

will try out and get back here :) thanks for all ur help and inputs so far


Once the acs assigns the vlan on the switchport the dhcp should only be able to assign ip addresses within the particular vlan assigned... like if I understand you correctly there should be a gateway address associated with each vlan/vlan interface... if this is the case then each dhcp scope created should point to the vlan/vlan interface ip address, in which case the dhcp server knows which scope to use for which vlan/gateway...

hope that made sense... ;p


This Discussion