If all clients on the 2 new switches are getting the IPs from the same second server then you can set up the IP helper command to point the switches to a specific DHCP server address.
IP Helper
The IP Helper feature allows the switch to forward certain configured UDP broadcast packets to a
particular IP address. This allows various applications, such as the DHCP relay agent, to reach servers on
non-local subnets, even if the application was designed to assume a server is always on a local subnet and
uses broadcast packets (with either the limited broadcast address 255.255.255.255, or a network directed
broadcast address) to reach the server.
You can configure relay entries both globally and on specific routing interfaces. Each relay entry maps an
ingress interface and destination UDP port number to a single IPv4 address (the helper address). You can
configure multiple relay entries for the same interface and UDP port, in which case the relay agent relays
matching packets to each server address. Interface configuration takes priority over global configuration.
In other words, if the destination UDP port of a packet matches any entry on the ingress interface, the
packet is handled according to the interface configuration. If the packet does not match any entry on the
ingress interface, the packet is handled according to the global IP helper configuration.
On page 555 of the User guide provided in previous post.
To configure the helper address, identify the router interface that will receive the broadcasts for UDP services. In interface configuration mode, use the "helper-address" command to define the address to which UDP broadcasts for services should be forwarded.
How this will prevent other clients on the network (not connected directly to 6024/6224) from getting DHCP from 2nd DHCP server and not from the main one?
DELL-Willy M
802 Posts
1
February 29th, 2012 18:00
You can enable DHCP Snooping on the switch along with setting a specific scope on your DHCP servers to hand out address to a certain subnet or range.
DHCP snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP
servers to filter harmful DHCP messages and to build a bindings database of MAC address, IP address,
VLAN ID, and port tuples that are considered authorized. You can enable DHCP snooping globally, perinterface,
and on specific VLANs, and configure ports within the VLAN to be trusted or untrusted.
DHCP servers must be reached through trusted ports.
DHCP snooping enforces the following security rules:
• DHCP packets from a DHCP server (DHCPOFFER, DHCPACK, DHCPNAK,
DHCPRELEASEQUERY) are dropped if received on an untrusted port.
• DHCPRELEASE and DHCPDECLINE messages are dropped if for a MAC address in the snooping
database, but the binding’s interface is other than the interface where the message was received.
• On untrusted interfaces, the switch drops DHCP packets whose source MAC address does not match
the client hardware address. This feature is a configurable option.
Page 448 User guide:
support.dell.com/.../ucg_en.pdf
DELL-Willy M
802 Posts
1
March 1st, 2012 10:00
If all clients on the 2 new switches are getting the IPs from the same second server then you can set up the IP helper command to point the switches to a specific DHCP server address.
IP Helper
The IP Helper feature allows the switch to forward certain configured UDP broadcast packets to a
particular IP address. This allows various applications, such as the DHCP relay agent, to reach servers on
non-local subnets, even if the application was designed to assume a server is always on a local subnet and
uses broadcast packets (with either the limited broadcast address 255.255.255.255, or a network directed
broadcast address) to reach the server.
You can configure relay entries both globally and on specific routing interfaces. Each relay entry maps an
ingress interface and destination UDP port number to a single IPv4 address (the helper address). You can
configure multiple relay entries for the same interface and UDP port, in which case the relay agent relays
matching packets to each server address. Interface configuration takes priority over global configuration.
In other words, if the destination UDP port of a packet matches any entry on the ingress interface, the
packet is handled according to the interface configuration. If the packet does not match any entry on the
ingress interface, the packet is handled according to the global IP helper configuration.
On page 555 of the User guide provided in previous post.
To configure the helper address, identify the router interface that will receive the broadcasts for UDP services. In interface configuration mode, use the "helper-address" command to define the address to which UDP broadcasts for services should be forwarded.
console(config)# interface vlan xx
console(config-if-vlan11)# helper-address xxx.xxx.xxx.xxx
Console(config)#
itsar
2 Posts
0
March 6th, 2012 19:00
How this will prevent other clients on the network (not connected directly to 6024/6224) from getting DHCP from 2nd DHCP server and not from the main one?
Thank you
OB
DELL-Willy M
802 Posts
0
March 7th, 2012 12:00
You can use the IP Helper Interface Command described in the User Guide pages 556-558.
http://support.dell.com/support/edocs/network/PC62xx/en/UCG/ucg_en.pdf
With this command you can specify a DHCP server address to a certain interface (range, vlan).