Solved: ME-3750 DHCP server

Steph1963 · ‎08-11-2010

Hi,

1) I would like to know if a DHCP server configured on a ME-3750 switch can offer the IP address assign to a VLAN interface if this IP address is not part of an IP DHCP excluded address statement. Similarily, does a router configure as a DHCP server can offer an IP address assigned to it`s interface without the utilization of the DHCP excluded address statement. I would like to know if in a normal DHCP configuration we only have to excluded the manually IP assigned address or we also have to excluded IP address assignted to any routers part of the network.

2) Is there any way to prevent the broadcasting of a DHCP packet to other ports that belongs to the same VLAN if the ME-3750 is configured as a switch in case there could be other DHCP server in the network that could reply to these DHCP request.

Thanks for your help

Stephane

Chad Peterson · ‎08-17-2010

Hi Stephane, I hope this helps:

Q:I would like to know if a DHCP server configured on a ME-3750 switch can offer the IP address assign to a VLAN interface if this IP address is not part of an IP DHCP excluded address statement. Similarily, does a router configure as a DHCP server can offer an IP address assigned to it`s interface without the utilization of the DHCP excluded address statement

A: We will never send out an offer for an IP address that is in use. Let me expand on this. The DHCP server (in this case your ME-3570) will try to ping this address it is going to attempt to offer. If it recieves a reply, it won't use it. Now in your example...will we ping our own address to see if something uses it...or will be just bypass this as we know we already have it in use...I'm not sure, but end result, IP won't be assigned.

Normally you want to exclued static IP addresses you have assigned to any devices that are in your DHCP server scope. While it helps speed up assigning addresses (as you won't be pinging things that you KNOW exist), it will also prevent issues that could come up if the staticly assigned device is shutdown and we are trying to assign out that address.

Q) Is there any way to prevent the broadcasting of a DHCP packet to other ports that belongs to the same VLAN if the ME-3750 is configured as a switch in case there could be other DHCP server in the network that could reply to these DHCP request.

A) Not entirly. DHCP discover and request will almost always be broadcast (except for situations with renewing addresses etc.). If you wanted, you could use DHCP snooping which will only send the server's response to the port where the device that's the packet is meant for...kind of an added "bonus" of DHCP snooping. Typically by design DHCP transactions should be handled as broadcasts.

View solution in original post

Chad Peterson · ‎08-17-2010

Hi Stephane, I hope this helps:

Q:I would like to know if a DHCP server configured on a ME-3750 switch can offer the IP address assign to a VLAN interface if this IP address is not part of an IP DHCP excluded address statement. Similarily, does a router configure as a DHCP server can offer an IP address assigned to it`s interface without the utilization of the DHCP excluded address statement

A: We will never send out an offer for an IP address that is in use. Let me expand on this. The DHCP server (in this case your ME-3570) will try to ping this address it is going to attempt to offer. If it recieves a reply, it won't use it. Now in your example...will we ping our own address to see if something uses it...or will be just bypass this as we know we already have it in use...I'm not sure, but end result, IP won't be assigned.

Normally you want to exclued static IP addresses you have assigned to any devices that are in your DHCP server scope. While it helps speed up assigning addresses (as you won't be pinging things that you KNOW exist), it will also prevent issues that could come up if the staticly assigned device is shutdown and we are trying to assign out that address.

Q) Is there any way to prevent the broadcasting of a DHCP packet to other ports that belongs to the same VLAN if the ME-3750 is configured as a switch in case there could be other DHCP server in the network that could reply to these DHCP request.

A) Not entirly. DHCP discover and request will almost always be broadcast (except for situations with renewing addresses etc.). If you wanted, you could use DHCP snooping which will only send the server's response to the port where the device that's the packet is meant for...kind of an added "bonus" of DHCP snooping. Typically by design DHCP transactions should be handled as broadcasts.

Steph1963 · ‎08-18-2010

Hi Chad,

This really helps, understand now that the DHCP server will never offer an IP addresses that is already assigned in the network even if this address is part of the scope.

Did not know about DHCP snooping, could I block DHCP offering from on specific port by configuring this port as untrusted?

Thanks again for your help

Stephane

Chad Peterson · ‎08-19-2010

So for DHCP snooping configuring a port as untrusted will only prevent 'server side' DHCP messages that come into that port from being forwarded. So we wouldn't allow an Offer or ACK that is received on an untrusted port to be passed through the switch. It won't prevent your switch from assigning out an address to devices off that port.