Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is DHCP working if I set VLAN secondary IP address ?

Status
Not open for further replies.
reggaedancer

reggaedancer

Technical User
Apr 6, 2010
4
SK
Hello,

I have two subnets for customers:
192.168.1.0/24 and 192.168.5.0/24
I want them in one VLAN, let's say VLAN10.
I have one DHCP server 10.172.10.2/24 (VLAN20)

All I want to do is to assign IP address from the second scope to customers' hosts.

Here below is my switch configuration (Layer 3):
Cisco Catalyst 3750, WS-C3750G-24T:
-------------------------------------
interface Vlan10
ip address 192.168.5.1 255.255.255.0 secondary
ip address 192.168.1.1 255.255.255.0
ip helper-address 10.172.10.2

DHCP server config:
-------------------
scope1: 192.168.1.2 - 192.168.1.254
Router: 192.168.1.1
scope2: 192.168.5.2 - 192.168.5.254
Router: 192.168.5.1

For the customers in first subnet, they can get IP address from the DHCP server, but I could not get IP address from the scope2.
When I set IP static(from scope2) to any host, e.g. 192.168.5.2, it's working. But it seems that the DHCP server will not assign IP address from the switch's secondary IP address.

My question is, is it possible (for the DHCP server) to assign IP address from the secondary IP address ?
I want the customers (500 hosts) in one VLAN.

Any help would be appreaciated.
 
Sort by date Sort by votes
Upvote 0 Downvote
To get this to work you need to combine both DHCP scopes into a SuperScope on the DHCP server. This is what DHCP SuperScopes are for.
What happens with the helpers is they encapsulate the DHCP Broadcasts and unicast the packets to the DHCP Server (helper) and insert their interface IP address so the DHCP server knows what scope to allocate an IP address from. With secondary IP addresses the Server doesn't know that a 2nd DHCP scope can be used. Combining both scopes into a SuperScope works around this.

Personally I think this is a bodge as you end up with two IP networks/subnets exisiting on the same broadcast domain which goes against any design philosophy and should only be used as a temporary measure until you can fix the issue properly.

Andy
 
Upvote 0 Downvote
Why in the world would you need two subnets in the same VLAN in the first place???

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Upvote 0 Downvote
Why in the world would you need two subnets in the same VLAN in the first place???
Click to expand...

Yep, there are very few scenarios I can think of where you would want to do this...
Years ago when all you had was a router and your LAN (flat network with hubs...) and you ran out of IP addresses changing the network address (or mask?) usually meant reconfiguring every workstation/server and it was 'easier' to add on another subnet/network using a secondary IP address. Today though I really can't see why you would need to do this as everyone has Layer-3 switches and creating additional VLANs is simple, or even if your switches are Layer-2 and you still have a flat network (god forbid?) your router is likely to support 802.1q and you can support multiple networks that are physically separate broadcast domains...
There was always the scenario where two companies merge and they tranport all of one companies Servers/Workstations to the others network and don't want to re-address everything. Still think a router between the two would be easier, but I have heard this 'excuse' used before.

That being said though I am working on a network at the moment that uses some Secondary IP addresses. Its all legacy though and isn't really needed although the customer is insistent they are required..

Andy
 
Upvote 0 Downvote
True, but still horrible design, evident in this post. Two sides to every story, Andy---good point.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Upvote 0 Downvote
I visited a network recently where they gave me details of several subnets they wanted on it. They didn't want VLANs, though, and wanted to use a Server as a remotely-accessed host for hopping onto other hosts on the different subnets.

Hideous. Complex. Hard to manage.

From other recent experiences with weird design decisions, I am guessing that this is the kind of anti-knowledge you acquire from spending too long studying "Computer Science" at University.
 
Upvote 0 Downvote
Hello,

thank you all, for your answers and ideas.
Why I wanted 2 subnets in one VLAN ?
Just for simple reason, I want all customers in one VLAN,
and don't want separate them.
As I see from your answers, this is not a good design,
therefore,at first I will try the SuperScope as ADB100 explained, then later (if this really matters),
I will create 1 VLAN per subnet.
Anyway, thank you for your ideas and points of view which I appreciate.
 
Upvote 0 Downvote
I want all customers in one VLAN,and don't want separate them
Click to expand...

Why would you want to do this? I am sure your customers would not be happy knowing they have no protection from other customers sharing the same LAN infrastructure? Plus where would you stand from a legal point of view if you are providing the service and they get PCs/Servers hacked or data is accessed (or destroyed?) by other customers?
The extra effort of separating each customer into their own VLAN and implementing ACLs ro give some protection is minimal?

Andy
 
Upvote 0 Downvote
Hello ADB,

it was my fault not to make things clear :( please accept my appologies.

The customers I mentioned before are all employees from one company,
hence I wanted created for them one VLAN, if I have new customers (from another company) of course, I will create
a new VLAN.
So, company1 (= customer1) 2 subnets => VLAN10
if I have company2 (=customer2) => I will create VLAN11

If there is a security problem/threat with the 2 subnets to one VLAN,
I will create 2 VLANs for company1(customer1), i.e 1 VLAN per subnet.

 
Upvote 0 Downvote
But still, why not 2 vlans for the same company? They can still communicate w/eachother...separate collision domains is more efficient...

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat 1
Replies
1
Views
537
BIS
BIS
quazimotto
  • Locked
  • Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
142
quazimotto
quazimotto
dogg1
  • Locked
  • Question
CUCM SNMP Set Command
Replies
1
Views
352
whykap
whykap
phonedudeSr
  • Locked
  • Question
Collaboration Cluster Force fallover to secondary site
Replies
0
Views
111
phonedudeSr
phonedudeSr
cheikhdtn
  • Locked
  • Question
VLAN
Replies
3
Views
150
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top