Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DHCP server redundancy between 4503 switches

We have two core switches 4503 C1 & C2. we have configured C1 switch as DHCP server. In case of Core 1 down we need to activate Core 2 to act as the DHCP server. Do let me know how to acheive DHCP failover between the Core switches.

15 REPLIES
Bronze

Re: DHCP server redundancy between 4503 switches

If you have twice as much address space as hosts on the LAN you can define the same (DHCP) network on each switch but exclude one half on each switch.

Re: DHCP server redundancy between 4503 switches

with server based DHCP requests, u can have 2 or more servers. hosts requests are forwarded to all available servers, however when servers respond, host accept the 1st offer . so first come, first served basis.

when Cisco devices are used as in ur case, I don't see why the behavior should be any different.So the same range to be assigned is configured on both core switches, and hosts will send requests to both if ip helper command is used for example.

I will stand corrected as I have not tested the above scenario. and look forward to hear more comments on this.

HTH

Sam

Bronze

Re: DHCP server redundancy between 4503 switches

That's essentially what I described. However, host-based firewalls are common now and relying on the DHCP servers' ping test for duplicate address detection can lead to problems. The method I described allows for both switches to offer addresses in the same network while not offering addresses in the same range of addresses. So, assuming that you have <128 hosts in a /24 the config would look something like:

sw1:

ip dhcp pool vlan100

network 10.1.1.0 255.255.255.0

! Exclude your gateway address

ip dhcp excluded-addresses 10.1.1.254

! Exclude the last half of the network

ip dhcp excluded-addresses 10.1.1.129 10.1.1.254

sw2:

ip dhcp pool vlan100

network 10.1.1.0 255.255.255.0

! Exclude your gateway address

ip dhcp excluded-addresses 10.1.1.254

! Exclude the first half of the network

ip dhcp excluded-addresses 10.1.1.1 10.1.1.128

Re: DHCP server redundancy between 4503 switches

in the above config, each switch is effectively only assigning half a /24. what happens when one switch dies ?

What I suggested is that each switch assigns the full /24. when a host gets an offer and accepts it from one Switch it will decline the second switch offer.

in this case, if one of the switches fails all hosts can still obtain an IP address from the other, as full scope is defined on both switches.

HTH

Sam

Bronze

Re: DHCP server redundancy between 4503 switches

Which is why the network should be double the size of the number of hosts and this excess capacity is relatively common. One switch is fully capable of offering addresses to all the clients in the LAN. In your solution, one switch could offer the exact same address as the other and you'd wind up with a collision.

I should also mention that it's important for the OP to make sure the DHCP binding table is backed up somewhere because it doesn't persist between reloads.

Re: DHCP server redundancy between 4503 switches

Ok, I see what u mean now.

for a requirement of /28 number of hosts you would use a full /24. Technically valid, but waste of IP addresses especially if we are talking public.

With regards to collision, I don't see how this will happen.there should not be any conflicts as a host requesting ip address can accept from one switch and decline from another.

The declined DHCP, would also ensure the IP address has not be assigned already before assigning anything new.

I totally agree on backing up DHCP binding table

Sam

Bronze

Re: DHCP server redundancy between 4503 switches

Ok, an example. 2 clients and 2 dhcp servers with identical scopes and empty binding tables. Client 1 requests an address, dhcp server 1 looks for an address (the db is blank so it picks .1), pings it and then extends the offer. DHCP server 2 does the same thing and lets say that server 1 wins and enters the address in its copy of the binding table. Client 2 comes up and the process repeats, only this time server 2 wins and also offers .1. Now because the clients have the windows firewall turned on server 2's dup address detection doesn't find the collision.

All of the above doesn't happen if the scope's address space is split between the 2 servers and so there's no possibility of offering the same address. For a /28 worth of hosts you'd need a /27, n-1 etc etc. You're right in that the address space is not efficiently used but most of the internal networks I come across have this kind of excess capacity. Something about the last byte of the netmask being something other than 0 scares people :-)

Re: DHCP server redundancy between 4503 switches

Yes of course, if FW is turned on conflict may occur.

as I said before, I have not tested my suggested solution so I will proceed with caution.

DHCP does not only rely on PINGs for its checks but on gratuitous ARP from users as well as database. Granted, timers settings with database transfer can cause "blind spots".

I am also not sure how SW2 behaves before assigning an IP (that it has not spotted as already assigned due to FW as u said) if it has an entry for the same IP address on its CAM table seen from another port. would a snoop binding entry be created when the host's MAC address is already known.

I will put my scenario in test bed and validate ( I shall use /25 :-))

Sam

New Member

Re: DHCP server redundancy between 4503 switches

Thanks. In present set up I have configured Core 1 4503 as DHCP server having 10 Vlan pools and lease time 1 week. Also running HSRP between the Core 1 & 2. So I have given the default gateway as the virtual HSRP IP in the pool.

1) In case of Core 1 (DHCP server)down, will the hosts able to work with core 2 with the old IP got from the core 1?

2) If I manually create the same pools for the 10 vlans in Core 2, will the core 2 learn the IP's already in the network ?

3) How to acheive automatic DHCP redundancy between the core switches?

Thanks in advance.

Re: DHCP server redundancy between 4503 switches

1-I have tested few things, and I think jcoke's suggestion is a good one.

u cab achieve redundancy by allowing DHCP to assign twice more than what u need. so DHCP1 has a scope and DHCP2 has another..totally different yet summarisable.

2-u need a database that logs the binding of DHCP.

3-the above will be dynamic.

HTH

Sam

New Member

Re: DHCP server redundancy between 4503 switches

Gentlemen,

Can we configure both of the switches for the same tftp DHCP database. In that case IP conflict should not occur? Waiting for your comments.

Thanks,

--gaurav

Re: DHCP server redundancy between 4503 switches

Gaurav,

This is the syntax : Switch(config)# ip dhcp snooping database tftp://10.1.1.1/directory/file

as I see it you can write to the same database from 2 sources. however bear in mind that this database will only be used if the switch actually reboots. Until then, each switch woudl use its own snoop bindind database located in the switch itself.

Take a look at this document:

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sga/configuration/guide/dhcp.html

HTH

Sam

New Member

Re: DHCP server redundancy between 4503 switches

thanks for the information Sam. I'll keep that in mind... So practically there is no true mathod for providing DHCP redundancy on two layer-3 swicthes/routers.

--gaurav

Re: DHCP server redundancy between 4503 switches

Yes there is, it was covered by JCoke.

take the subnet u need and double it and make each subnet as a scope in each Switch.

please look at suggestion from JCoke.

HTH

Sam

Bronze

Re: DHCP server redundancy between 4503 switches

I wouldn't. I suspect you'd wind up with corruption in the file if both agents attempted to manipulate the file at the same time.

Re: The DHCP snooping command:

I'm a little confused. That's for the DHCP snooping DB, not the DHCP server binding table. The DHCP database agent command is:

ip dhcp database url [timeout seconds | write-delay seconds]

http://www.cisco.com/en/US/docs/ios/12_4/ip_addr/configuration/guide/hipdhcps.html

2617
Views
0
Helpful
15
Replies