Hi, I planning to restrure the my network. We have 2000 pc's & 100 Server's Apx. All are in Class B network. Now Plan to segment the network. As per the plan, Servers will have one subnet and other desktop's will have spread access 40 subnet's. We are using 6509 & 6009 L3 Switch for Server segment and desktops CAT 4006-17 Nos, CAT4003-5 Nos, CAT5505-1 No, CAT-2950-3 Nos & CAT-2910-2 Nos.
Using Single DHCP Server (with out DHCP Relay agent) plan to use IP HELPER-ADDRESS <DHCP IP address> in L3 Switch for all the VLAN's. Please suggest will this command handle perfectly with out any problem ??
or Please suggest me what best we can do the network segmentation with more secured ??
Hi, let me know in details. I don't have any exp in this area. I am looking for Network segmentation article (Precautionary stpes before and after network segmentation). If you have anything please let me know
on all the vlan interfaces where the DHCP server doesn't reside you must configure
description Client VLAN
When a client now sends DHCP request, the router
forwards this request to the ip helper-address.
Because the router also puts in its own interface ip address as source ip, the packet finds the way back.
DHCP uses UDP port 67 and 68. With the command ip helper-address, there are also some other ports which are opened for udp. To close this ports you configure (global command)
no ip forward-protocol udp tftp
no ip forward-protocol udp nameserver
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
On your DHCP Server you have to configure a scope for each ip subnet.
If your dhcp server is located at ther server vlan, do NOT configure a helper-address there.
For the migration I would suggest to use two different ip subnets. Image all your clients are now in VLAN2 10.2.0.0/16. If you have this IP subnet on your Router you can't add a new VLAN with 10.2.1.0/24, because this overlaps.
So make the new VLANs with 10.3.1.0/24, 10.3.2.0/24, ... and move the clients to the new
vlans by change the vlan of the port where the PC is conneted to. When you then reboot the PC it shoud get a new ip from the dhcp and everything sould be fine.
One other issue you will see is that you will have to set all your user ports on your switchs to run portfast. If you don't you will find that sometimes the station will get an ip number and sometimes it will not. when we set portfast on all our switch port with users the problem goes away. Hope this will help. And the ip-helper command works fine. I have about 40 networks running on a 6509 and one dhcp server and it works great.
Sorry for the noob question here, but could someone post the exact command. I have been trying to get this to work with a 1722 but have had no luck. Also do you have to type something other than config t to access this command? And do you have to write mem to save the changes?
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
With Vignesh R. P.Welcome to the Cisco Support Community Ask the Expert
conversation.This is an opportunity to learn and ask questions of Cisco
expert Vignesh R. P. about the Cisco® Nexus 7000 Series Switches and
support for the Cisco NX-OS Software platf...