Solved: Overlapping DHCP for HSRP pair

steven.crutchley · ‎07-29-2014

In the event that I have a pair of HSRP routers that also act as DHCP servers, what is the best way to avoid an IP address conflict? I don't want the Active Router to give out an IP, fail and then have the Standby (now the Active) give out the same IP again to different device.

I am not aware of HSRP doing any kind of DHCP binding synchronization. My first though is to give each router half of the DHCP range. But this raises two concerns for me:

1. If the range on the Active is used up, will the Standby start to respond to DHCP discoveries?

2. In the DHCP configuration, when I use the network command I will use (for example) network 192.168.1.0 255.255.255.128 on the Active and network 192.168.1.128 255.255.255.128 on the Standby.

Won't this incorrectly give the hosts a /25 subnet masks? The LAN IP is just 192.168.1.1/24 - which is excluded of course, along with the Standby router and HSRP IP. From a quick CLI context sensitive help search it looks like the subnet prefix-length command might get around this but I'm not sure...

lucentmoon · ‎07-30-2014

On each HSRP router you wouldnt necessarily have to give out a /25 mask. But could exclude half the range, i.e dhcp excluded-address 192.168.1.1 192.168.1.127 & exclude the opposite range on the standby HSRP router. OR as a better solution you could just not use DHCP on the HSRP routers & have a 3rd device or Server handing out DHCP addresses. HSRP is designed so that they default gateway failover is transparent to all devices for the subnet.

lucentmoon · ‎07-30-2014

On each HSRP router you wouldnt necessarily have to give out a /25 mask. But could exclude half the range, i.e dhcp excluded-address 192.168.1.1 192.168.1.127 & exclude the opposite range on the standby HSRP router. OR as a better solution you could just not use DHCP on the HSRP routers & have a 3rd device or Server handing out DHCP addresses. HSRP is designed so that they default gateway failover is transparent to all devices for the subnet.

steven.crutchley · ‎08-09-2014

Yeah that makes sense. Much simpler and smarter way to split the range as well.

Unfortunately the scenario doesn't allow me to use seperate DNS servers. I have used a EEM script that clears the DHCP bindings if HSRP fails over. Not ideal but I will see how it goes.