Redundant DHCP server

If you want to build a truly redundant LAN infrastructure, you should also have redundant DHCP servers. If you decide to do the DHCP address allocation locally (on the router), you should take care that the two routers acting as DHCP servers don't assign overlapping addresses.

If the address space assigned to a LAN is at least twice as large as the number of LAN-attached devices, you can use the ip dhcp excluded-addresses command to exclude half of the address pool on each router, for example:

ip dhcp pool LAN
 network 192.168.1.0 192.168.0.0 255.255.255.0
!
! Exclude router addresses
ip dhcp excluded-addresses 192.168.0.1 192.168.0.10
!
! Exclude half of the pool
ip dhcp excluded-addresses 192.168.0.128 192.168.0.255
Alternatively, you can rely on the ip dhcp ping packets command; the router will ping an IP address to check whether it's live before assigning it (by default, the router sends two pings with 500 millisecond timeout).

Note: You can also inspect the conflicting IP addresses the router found with the show ip dhcp conflict command.

8 comments:

  1. Little mistake:
    192.168.1.0 has to be 192.168.0.1

    ReplyDelete
  2. Actually, it has to be 192.168.0.0 :) ... although your suggestion will work as well. Fixed.

    ReplyDelete
  3. To use dhcp conflict logging, doesn't one have to have a storage location configured?

    I generally configure "no ip dhcp conflict logging" as the router will broadcast for a tftp server to put the file on if left default. Or at least so I've been told.

    "router(config)#ip dhcp database ?
    WORD Uniform Resource Locator (URL)"

    ReplyDelete
  4. Hi All,

    Is there any way to have some kind of redundancy between a windows dhcp server and a Cisco router ?

    Thanks

    ReplyDelete
  5. You can use the same trick to achieve router/Windows redundancy, just make sure you use two separate address ranges.

    ReplyDelete
  6. hmm...I need to have the same scopes matinained in two routers.

    One rtr is pri/active and other is standby. we have same scopes in both of them.

    The service is running on the pri and not running on the sec. Only scopes have been created in sec and kept.

    When the pri goes down, we are unable start the service on the sec as it is....we have reboot the sec as well, only then we are able to get the serivce on the sec.

    not sure why we have to reboot the sec.

    Thanks
    Naveen

    ReplyDelete
  7. What exactly does not work on the secondary router?

    ReplyDelete
  8. I think the easiest way to have redundant DHCP is pfsense or DHCP failover in Windows Server. Even though it makes sense to hake it, even gigantic networks have a lazy DHCP setup with no rogue DHCP protection or redundancy.
    the IBM offices in Spain were brought down by some stray laptop that was running a DHCP server by accident. Yep. Believe it.

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.