DHCP Boradcast Across VLANS

Unanswered Question
Apr 20th, 2009

I currently have a 2960 switch configured with 2 VLANs. VLAN 1 and VLAN 104. Each VLAN has it's own separate DHCP server serving addresses for it's VLAN. I was under the impression that the DHCP broadcast would not travel between VLANs, however it appears to be. The DHCP server on VLAN 104 was answereing the DHCP request from VLAN 1 and assigning addresses. How can I stop the DHCP requests from going between VLANS on this switch?

I am attaching a file showing the switch config.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
John Blakley Mon, 04/20/2009 - 05:49

What are you using to broadcast your DHCP traffic? A router? Can you post those configs?



lamav Mon, 04/20/2009 - 05:52

Good morning, Doug:

You are right that a DHCP broadcast should not be forwarded outside the routed interface of the vlan. If it is, then I would guess that you have an ip helper address configured on vlan 1's routed interface.

Now, what you are showing us is a L2 switch, and that vlan 1 interface is used for nothing but management traffic. It does not have anything to do with the way traiffic is forwarded from your end-users. Im assuming that some of those ports that have no port configuration on them have DHCP clients connected to them because youre saying vlan 1 clients are hitting the vlan 104 DHCP server. Moreover, you can remove the vlan interface for vlan 104 because it serves no purpose at all.

You should look at the uplink switch, the first hop L3 switch where all the L3 SVIs exist for all the vlans and I think you'll see the helper address.



dohogue Mon, 04/20/2009 - 06:05

Sorry guys I jumped the gun here. The broadcasts are not coming across the VLAN. The broadcasts are being seen because the DHCP server has a NIC on both VLANs. Everything now makes sense. The DHCP server has been set to respond to only those hosts in VLAN 104 so everything is all set. Thanks for the ideas and quick response.

greg.washburn Mon, 04/20/2009 - 06:16

Before you change the way they respond consider another option that may provide better resilence on the network.

An example set up would have the primary DHCP server in vlan 1 own 80% of all the available dhcp addresses on that network. Then have the other 20% on the "secondary" dhcp server. The secondary dhcp server for vlan 1 would be the primary dhcp server for vlan 104.

The idea behind this is that outages can be avoided while not placing too much burden on the primary function of a given dhcp server. Making the DHCP servers "back up" each other would hopefully provide better recovery from a DHCP outage.


This Discussion