×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Can you configure a VLAN interface on a 2960 with DHCP? I have never heard of this, have you?

Answered Question

Hi Engineers alike -



I have had a customer ask me to configure multiple VLAN's on a Cisco 2960 standard switch. They have stated that they would like DHCP enabled on the VLAN interfaces as they don't want ANY STATIC IP's within their subnets. Has anyone heard of such a thing? I don't think it's possible personally, but then again I am sure it is and I am just no in the know.




Thanks.

Correct Answer by Jon Marshall about 3 years 7 months ago

Rick


I would certainly say that having an IP address configured on the vlan interface of the device that is doing the layer 3 routing is a best practice (and I suspect that Jon would also but I do not want to put words in his mouth).


Your suspicions are correct, i most definitely would say the same thing


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jon Marshall Mon, 01/06/2014 - 06:06
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

They have stated that they would like DHCP enabled on the VLAN interfaces as they don't want ANY STATIC IP's within their subnets

I suspect they mean they want ip helper-addresses configured under the SVI config and not that they want the actual SVI itself to get an IP from DHCP. You need a static IP on the SVI itself otherwise how do you configure the default gateway per subnet on the DHCP server.


Note, i know with the right IOS version the 2960 does support limited static routing but i can't say for sure it supports the ip helper-address function.


Jon

Thanks Jon,


no, they actually mean DHCP on their VLAN interface itself and to me, that's not really logical nor possible. You can only have 1 DEFAULT GATEWAY on the switch anyways, so I am not sure about that statement as you can still have a DEFAULT GATEWAY configured in that subnet even if your IP ADDRESS changes, just look at how a PC behaves.


Thoughts?

Jon Marshall Mon, 01/06/2014 - 06:17
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

You can only have 1 DEFAULT GATEWAY on the switch anyways, so I am not sure about that statement as you can still have a DEFAULT GATEWAY configured in that subnet even if your IP ADDRESS changes, just look at how a PC behaves.

I didn't mean the default gateway on the switch, i meant on the clients in the subnet. When you configure a DHCP scope you need to add a default gateway address. If the L3 SVI is dynamically assigned then how do you know which IP to configure as the default gateway for the clients in that subnet ?


Jon

Ok, I see what you're saying now but the PC/Clients don't use the VLAN interface as their DEFAULT GATWAY they would typically or in this case use the Internet Gateway/Router as that gatway. I configure all of my Cisco VLANs with an IP ADDRESS, I do not do basic layer 2 configuration with just a VLAN ID. I don't like doing it that way and I think having an IP ADDRESS as management on each VLAN is best practice.



thoughts?

Jon Marshall Mon, 01/06/2014 - 06:32
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Ok, I see what you're saying now but the PC/Clients don't use the VLAN interface as their DEFAULT GATWAY they would typically or in this case use the Internet Gateway/Router as that gatway

If that is the case then the switch is only acting as a L2 switch and you only need a management SVI for accessing the actual switch ie. not for clients.

and I think having an IP ADDRESS as management on each VLAN is best practice.


If the switch is acting as a L2 switch only then no it is not best practice to have multiple SVIs with IP addresses. In fact if the switch is L2 capable only (as opposed to a L3 switch acting as a L2 switch only) you can only have one L3 SVI configured for management.


So it's one or the other ie. if it s a L2 switch (or acting as one) use one SVI for management and no other SVIs on the switch. If it is L3 and doing inter vlan routing then there will be multiple SVIs each with an IP.


Jon

Richard Burts Mon, 01/06/2014 - 06:20
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

I have not tried this on a 2960 and so can not speak from any experience. But I believe that it is technically possible. I assume that if you configure the vlan interface and specify ip address negotiated (or ip address dhcp or whatever syntax is correct) that the vlan interface can learn its IP address dynamically.


But ultimately I think you customer will not like this solution. Because it will require that a DHCP server be physically located on each vlan. If there are 20 vlans do they want to deploy 20 DHCP servers? As Jon mentioned if the switch vlan interface has an IP address configured then it can also be configured with ip helper-address which will forward DHCP requests to a remote DHCP server. This would allow a single DHCP server to provide addresses for all the vlans. But if there is not a static IP configured on the vlan interface then there is no ability to use ip helper-address. And with no helper address then the DHCP server must be local on the vlan.


HTH


Rick

Richard Burts Mon, 01/06/2014 - 06:37
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

I am a little puzzled at the statement that the clients usually use the Internet gateway router as their default gateway. A PC gateway is supposed to be a device within the local subnet. How do you get the Internet gateway router to have an address in each of the vlans?


Jon has pointed out an important logical problem about the switch vlan interfaces not having a configured/static IP address. I have pointed out a logistical problem with the switch vlan interfaces not having a configured/static IP address.


I would certainly say that having an IP address configured on the vlan interface of the device that is doing the layer 3 routing is a best practice (and I suspect that Jon would also but I do not want to put words in his mouth). So perhaps we need to ask the question about where in this customer network is layer 3 routing being done?


HTH


Rick

Correct Answer
Jon Marshall Mon, 01/06/2014 - 06:41
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Rick


I would certainly say that having an IP address configured on the vlan interface of the device that is doing the layer 3 routing is a best practice (and I suspect that Jon would also but I do not want to put words in his mouth).


Your suspicions are correct, i most definitely would say the same thing


Jon

Thanks Richard, the switch as mentioned is a "STANDARD" no layer 3 routing switch. In regards to being puzzled -


In a typical SMB/MID environment yes, you have your L2 switche(s) and then you have your INTERNET/WAN GATWAY/ROUTER/CORE ROUTER/DEFAULT GATEWAY etc etc etc whatever you would like to label it. This is in most circumstances is the DEFAULT GATEWAY or the SUB-INTERFACE(s) connecting back to the LAN or trunked LAN SWITCHPORT is the DEFAULT GATEWAY for the respective subnet. So, from this response you can certainly see that as these(switches) are NOT doing any dynamic or static routing, there would be no impact with doing DHCP on the Switch itself, but the question is would it be possible? I know theoretically it might be, but do we know if there even commands to turn a VLAN interface into a DHCP Client?


I don't think it is, but again the customer seems to think this is logical and is possible. Thanks for all your thoughts, I appreciate it.

Jon Marshall Mon, 01/06/2014 - 06:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

As Rick mentioned, you should be able to use something like "ip address dhcp" or it's equivalent under the SVI although again you would need to check whether it is supported.


But the main question is, if the SVI is being used for management, and it sounds like it is because you are referring to sub interfaces on a router, if the ip address is assigned via DHCP how do you know which IP to telnet/ssh to for managing the switch ?


To me at least, it seems completely pointless whether the switch is L2 or L3 ie. if it is L2 you need to know the IP so you can manage it, if it is L3 you need to know the IPs for the clients default gateways.


It might be worth asking the customer exactly what they think this will achieve.


Jon

Richard Burts Mon, 01/06/2014 - 07:01
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

I find the clarification that these switches are operating only as layer 2 switches to be helpful. If the switches are doing only layer 2 forwarding, if the vlans are trunked to the gateway router, and if the layer 3 routing is all done on subinterfaces of the gateway router, then the problems that Jon and I were describing are resolved.


The remaining issue is the ability to manage the switches. To manage the switches one vlan interface on the switch must have an IP address. I believe that it is technically feasible to have the switch use DHCP and dynamically learn an IP address. Jon has pointed out that this will pose a bit of a challenge in managing the switches because it becomes difficult to know which switch is using what address (since the addresses can change over time). If your customer is willing to deal with this (or if the customer is really not very interested in managing the switches) then DHCP on the switch vlan interface should be possible.


HTH


Rick

Richard Burts Mon, 01/06/2014 - 07:09
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Jon and I agree with you that having a configured IP address on the switch vlan interface is generally a best practice. But if the network is what I think we understand it to be (all switches are operating only at layer 2, all vlans are trunked to the gateway router, and all layer 3 processing is done on subinterfaces of the gateway router) then the only gotcha I can think of is the difficulty in managing the switch.


HTH


Rick

bgroves Mon, 01/06/2014 - 07:19
User Badges:

It can be useful to ship or rack as dhcp let it pick up an address.


Once on net you find the switch via cdp and either change the address to a static or leave switch set to dhcp but in your dhcp server map it's mac to an IP creating a situation where every time the switch requests an IP via dhcp it's always given the same IP.

Just pick one of the vlan's create an interface vlanXXX and on that interface give it the command ip address dhcp.

I'd suggest from global config create a static route for 0/8 via interface vlanXXX so when you try and log in or poll the switch it has a route back to world.


Some older versions of IOS wouldn't let you use the ip address dhcp command and I'm too lazy to look when it became supported on what


That said I wonder if your customer wasn't saying they didn't want infrastructure on static IP's but wanted all end devices like workstations, MFD's etc to be dhcp which would be a matter of putting ip helper on the layer 3 interfaces wherever they reside.


To Jon and RIchard's point managing your infrastructure is going to be a nightmare if you don't even know what IP address it's using at any given moment.


For workstations and other end devices we've standardized on static DHCP mapping as it avoids touching machines if you change things like subnet mask, gateway, dns servers etc.. but infrastructure we always manually IP.

You change something for a network you just adjust the dhcp scope on the dhcp server and the workstations will pick it up on lease renewal.


YMMV

Actions

This Discussion