By default DHCP works via broadcasting on the local subnet and therefore is limited to being able to provide IP addresses for devices on its subnet only. In modern day networks this is a serious limitation as it would mean that for every subnet you would need a DHCP server – imagine the management overhead!
So how can we configure a DHCP server in one subnet to respond and provide IP addresses to clients in multiple other subnets? The answer is to use a DHCP Relay Agent.
The following article explains how to configure a DHCP relay agent for a Cisco SG300 Layer 3 managed switch.
Background Information
In my home test lab I installed a Microsoft Server 2012 DHCP server in one of my subnets (192.168.10.0/24) to be used to lease IP addresses to devices in another subnet (192.168.100.0/24).
To help you better understand what I was trying to achieve, I drew a quick diagram:
Testlab.com DHCP & Subnet Configuration
Basically to get this working I needed to configure my Cisco SG300–10 Layer 3 managed switch to be a DHCP relay so that I could get across subnet (or across VLAN) DHCP working.
What is a DHCP Relay Agent?
A DHCP relay agent is a small program that relays DHCP/BOOTP messages between clients and servers on different subnets. To support and use DHCP service across multiple subnets, the router(s) that connect each subnet must support DHCP/BOOTP relay agent capabilities.
DHCP Relay configuration on Cisco SG300 Managed Switch
Once I had configured my Microsoft DHCP server, I then needed to enable and configure the Cisco SG300 managed switch to be a DHCP relay. Here is how I did that:
1. From a browser, navigate to the Cisco SG300 switch IP address. Log in as a user with administrator privileges
2. From the main menu, navigate to IP Configuration >> DHCP Snooping/Relay >> Properties
3. From here enable the following and then click Apply
Option 82
DHCP Relay
4. From the DHCP Relay Server Table section, click on Add. From the window that appears enter the IP address of the DHCP server (in this case 192.168.20.1) and then click Apply
5. From the main menu, navigate to IP Configuration >> DHCP Snooping/Relay >> Interface Settings. Click the Add button
6. From the window that appears, select the VLAN you want to allow DHCP for (in this case VLAN 100) and then enable DHCP Relay. Finally click Apply
7. Repeat steps 5 and 6 above for each VLAN that required DHCP access. In my case it was only one (VLAN 100)
8. Test to ensure you get an IP address from the DHCP server
Microsoft DHCP Server Configuration
Although this article is not about how to configure a Microsoft DHCP server, for completeness sake, I thought I would add a few screenshots of how I configured my DHCP scope for the 192.168.100.0/24 subnet:
DHCP Scope Configuration
Cisco Documentation
If you are interested in the original Cisco documentation on how to enable and configure DHCP Relay on a Cisco SG300 managed switch then you can access it here >>> DHCP Relay Configuration on 300 Series Managed Switch.
Any questions let me know in the comments below
Thanks
Luca
Comments
Hello Luca,
Thanks for the above information and its really informative. Can you please also post about how to configure VLAN’s as similar to your lab as i’m trying to stimulate the same infrastructure as yours.
I’m quite new to networking and not too sure how to set it up.
The Cisco SG300 has a GUI so it is pretty easy to create via the GUI. Alternatively you can use the CLI to create the VLANs as well. What model of switch do you have?
Thanks very much for getting back Luca and providing some information which i really looking for. At the moment I have a NeatGear plug and play switch which is unmanaged.
I really want to setup my infrastructure as similar to your’s. Below are the details of my lab:
I have a wireless router which i have configured just for my lab and one of the LAN ports from my ISP router is connected to the wireless lab router to provide internet access and port forwarding for RDP, netscaler etc. I have two hosts with only 2 NIC’s assigned to each.
Based on the above configuration, If i purchase a managed L3 cisco switch can I setup VLANS’s may be similar to yours to separate out network traffic for each service?
Hello Luca,
Great article.
What it you needed DHCP address from your “.20” network (the same network that hosts your DHCP server)? Would you need to relay those requests as well or will the DHCP server just catch the broadcast on its own. I assume I only want to relay requests from a VLAN other than where the DHCP server sits. Is this correct?
Apologies for the late reply. Yes that is correct, DHCP is a broadcast service, so any device that requires a DHCP lease on the same subnet as the DHCP server and with an active scope for that subnet configured on the DHCP server will get an address. You only need to configure a DHCP relay if you need to provide addresses to clients on other subnets (or VLANs).
I have the DHCP Relay setup but how did you actually configure the switch ports?
I have an ESXi server with a DHCP server within. Then I have my SG300 setup with 3 VLANS 20,30 and 40 with ip addresses assigned and are in my DHCP scope as the same.
Is there anything specific you did on the switch otherwise to get a device direct connected to a port to get a IP address?
DHCP used UDP traffic which is broadcast which means it will respond to any device on the same subnet as itself. If you need devices on other subnets to get a DHCP lease from the DHCP server then you will need to configure a DHCP relay on the SG300 as per the information in the article.
I got the DHCP Relay working just fine The problem is that my original router is on a 192.168.1.x network and my VM’s on my ESXI server are on 192.168.20.x and 192.168.30.x.
I cannot ping any VM on .20 or .30 network from the 192.168.1.x network that my home router provides addresses from. So are you using a business class router or normal everyday home router?
Ah ok sorry I mis-understood your original post. What you need to do is you need to setup some static routes on your home router to point to the SG300 IP address. The IP address needs to be on the same subnet of your home router. Here is a screenshot of what mine looks like. Hope this helps. My home router is a Netgear R8000.
Thanks very much for the feedback. I would assume the 192.168.0.50 is the actual IP assigned to your home router? Which in my case would be the 192.168.1.1 for my ASUS router.
192.168.0.50 is the IP of the SG300 which is connected to my Netgear R8000 home router (192.168.0.1). Take a look at the diagram in the post Test Lab Update – January 2015.
In order to be on your home network (192.168.1.x) and be able to route to a device on one of the VLANs, your home router needs to know where to re-direct the traffic otherwise by default it will route it out to the internet. The static route for each VLAN network should therefore tell your home router to route the traffic to the SG300 because it knows about those networks and will be able to route the traffic on.
So your static routes should be pointing to the IP address of your SG300 (it should be a 192.168.1.x IP address).
Thanks for the diagram. I seem to have a possible mistake in my setup according to your diagram.
The port you have going from your router directly to the SG300 you have configured for only VLAN 1 I noticed. Whereas my connection from my router to the SG300 I actually have configured for VLAN 20 and VLAN 30 as a TRUNK port.
Maybe I should just change that port to only support native VLAN 1?
Are any of the other VLAN ports on your SG300 configured as port-channels as well? Since they have multiple VLANS we can already assume they are TRUNK.
I have done the same , a trunk connection but , it does not work . Can someone clarify if the connection between the router and the switch should be a trunk ?
Hello Luca,
Thanks for the above information and its really informative. Can you please also post about how to configure VLAN’s as similar to your lab as i’m trying to stimulate the same infrastructure as yours.
I’m quite new to networking and not too sure how to set it up.
Many thanks in advance.
Thanks,
Pavan
Hi Pavan,
To create VLANs you need a compatible layer 3 switch. The one I have is the Cisco SG300-10 (10 port) but you can get the same model with more or less ports if required. For a full list of Cisco SG300 switches, have a look here >>> http://www.cisco.com/c/en/us/products/switches/small-business-300-series-managed-switches/models-comparison.html.
The Cisco SG300 has a GUI so it is pretty easy to create via the GUI. Alternatively you can use the CLI to create the VLANs as well. What model of switch do you have?
Thanks very much for getting back Luca and providing some information which i really looking for. At the moment I have a NeatGear plug and play switch which is unmanaged.
I really want to setup my infrastructure as similar to your’s. Below are the details of my lab:
I have a wireless router which i have configured just for my lab and one of the LAN ports from my ISP router is connected to the wireless lab router to provide internet access and port forwarding for RDP, netscaler etc. I have two hosts with only 2 NIC’s assigned to each.
Based on the above configuration, If i purchase a managed L3 cisco switch can I setup VLANS’s may be similar to yours to separate out network traffic for each service?
Can you please help me out with it Luca?
Many Thanks in advance,
Pavan
Hello Luca,
Great article.
What it you needed DHCP address from your “.20” network (the same network that hosts your DHCP server)? Would you need to relay those requests as well or will the DHCP server just catch the broadcast on its own. I assume I only want to relay requests from a VLAN other than where the DHCP server sits. Is this correct?
Thanks.
Hi Dan,
Apologies for the late reply. Yes that is correct, DHCP is a broadcast service, so any device that requires a DHCP lease on the same subnet as the DHCP server and with an active scope for that subnet configured on the DHCP server will get an address. You only need to configure a DHCP relay if you need to provide addresses to clients on other subnets (or VLANs).
Hope that helps
Luca
Thanks man for this infor.you are alife saver.
Hey Luca,
I have the DHCP Relay setup but how did you actually configure the switch ports?
I have an ESXi server with a DHCP server within. Then I have my SG300 setup with 3 VLANS 20,30 and 40 with ip addresses assigned and are in my DHCP scope as the same.
Is there anything specific you did on the switch otherwise to get a device direct connected to a port to get a IP address?
Hi Marshall,
DHCP used UDP traffic which is broadcast which means it will respond to any device on the same subnet as itself. If you need devices on other subnets to get a DHCP lease from the DHCP server then you will need to configure a DHCP relay on the SG300 as per the information in the article.
Luca
Hello Luca,
I got the DHCP Relay working just fine The problem is that my original router is on a 192.168.1.x network and my VM’s on my ESXI server are on 192.168.20.x and 192.168.30.x.
I cannot ping any VM on .20 or .30 network from the 192.168.1.x network that my home router provides addresses from. So are you using a business class router or normal everyday home router?
Hi Marshall,
Ah ok sorry I mis-understood your original post. What you need to do is you need to setup some static routes on your home router to point to the SG300 IP address. The IP address needs to be on the same subnet of your home router. Here is a screenshot of what mine looks like. Hope this helps. My home router is a Netgear R8000.
Hello Luca,
Thanks very much for the feedback. I would assume the 192.168.0.50 is the actual IP assigned to your home router? Which in my case would be the 192.168.1.1 for my ASUS router.
So I have routes that look like the following:
192.168.20.0 255.255.255.0 192.168.1.1
192.168.30.0 255.255.255.0 192.168.1.1
I’m starting to think my ASUS router might be the problem. Ughhh
192.168.0.50 is the IP of the SG300 which is connected to my Netgear R8000 home router (192.168.0.1). Take a look at the diagram in the post Test Lab Update – January 2015.
In order to be on your home network (192.168.1.x) and be able to route to a device on one of the VLANs, your home router needs to know where to re-direct the traffic otherwise by default it will route it out to the internet. The static route for each VLAN network should therefore tell your home router to route the traffic to the SG300 because it knows about those networks and will be able to route the traffic on.
So your static routes should be pointing to the IP address of your SG300 (it should be a 192.168.1.x IP address).
Thanks for the diagram. I seem to have a possible mistake in my setup according to your diagram.
The port you have going from your router directly to the SG300 you have configured for only VLAN 1 I noticed. Whereas my connection from my router to the SG300 I actually have configured for VLAN 20 and VLAN 30 as a TRUNK port.
Maybe I should just change that port to only support native VLAN 1?
Are any of the other VLAN ports on your SG300 configured as port-channels as well? Since they have multiple VLANS we can already assume they are TRUNK.
I have done the same , a trunk connection but , it does not work . Can someone clarify if the connection between the router and the switch should be a trunk ?
Thank you for you document, It it useful.
Hi I have a simmilar environment W16 Server, SG300 , two VLANS
I have followed the instructions but the relay is not working across VLANS .