dhcp offers leaking across vlans

steve.dutky · ‎04-29-2014

I have a 2960 poe switch connecting a number of voip phones and an Egdemark voip router on access ports on a dedicated voice vlan. It also connects several trunked access points. The 2960 is trunked to an upstream 3560 that provides ip routing for data vlans.

The Edgemark acts as dhcp server for the voip phones. I'm seeing bootps broadcasts from the Edgemark leak onto the data vlans.

Why is this happening? I fixed this by applying on the 3560 an inbound acl denying bootps originating from 2960.

Appreciate any insight

1977bjorn · ‎05-08-2014

Hi there,

I´m not sure what the Edgemark voip router does, please attach a link or something so I can have a look :-)

In short

Your 3560 will probably have the vlan and ip configuration. Have you specified "ip helper address" that directs dhcp requests to the edgemark?
The requests are not bound to any vlan and can traverse many networks to get to the destination and back. Depending on you size and design of the nework, the requests can take odd paths to reach the dhcp. Anyway, if you specify the helper address the router will send the request the best way to reach the dhcp. At least, they should not "leak" to any other network that is not specified in the helper address command

If the edgemark is placed locally on the same vlan it will catch the requests anyway so you do not have to do this if the phones are just local as well.

Not sure if that answered your question, but that´s how it works.