Cisco Routing/Switching – Layer 3 DHCP with Etherchannel

Configuring DHCP from a layer 3 switch using etherchanneling.. this is going to be fun!

So in some organisations routers are designed by 3rd parties or not even managed in house or simply just routers… we want to use our Layer 3 Switch to take care of DHCP until we can afford to buy a DHCP server.. well this is easily done!

Take a look at the design below, take note of the Pools and Port-Channeling:

 

 

 

 

 

 

 

 

 

 

 

Hopefully this makes sense, we have two PC’s, two switches & a layer 3 switch, on one side we want to deploy VLAN 60 to distribute out IP’s in the 10.1.2.x Range and the other we want VLAN 30 to distribute IP’s in the 10.1.1.x Range, but we have devices inbetween that need to communicate with each other to achieve this.

Starting on your left hand switch create your VLANS 30 & 60:

AS-01#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
AS-01(config)#vlan 30
AS-01(config-vlan)#name Clients
AS-01(config-vlan)#exit
AS-01(config)#vlan 60
AS-01(config-vlan)#name Servers
AS-01(config-vlan)#exit
AS-01(config)#

Then repeat the same on the right hand switch:

AS-02#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
AS-02(config)#vlan 30
AS-02(config-vlan)#name Clients
AS-02(config-vlan)#exit
AS-02(config)#vlan 60
AS-02(config-vlan)#name Servers
AS-02(config-vlan)#end
AS-02#
%SYS-5-CONFIG_I: Configured from console by console

AS-02#

Then back on the left hand switch, create your port-channel:

AS-01(config)#interface port-channel 1
AS-01(config-if)#sw
AS-01(config-if)#switchport trunk allowed vlan 30,60
AS-01(config-if)#switchport mode trunk
AS-01(config-if)#end
AS-01#

and repeat on the right hand switch:

AS-02#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
AS-02(config)#interface port-channel 1
AS-02(config-if)#sw
AS-02(config-if)#switchport trunk allowed vlan 30,60
AS-02(config-if)#switchport mode trunk
AS-02(config-if)#end
AS-02#
%SYS-5-CONFIG_I: Configured from console by console

AS-02#

Then create the two interfaces to allow the specified VLANS and act as trunk ports, then join them to the port-channel:

AS-02#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
AS-02(config)#int range fastEthernet 0/23-24
AS-02(config-if-range)#switchport trunk allowed vlan 30,60
AS-02(config-if-range)#switchport mode trunk
AS-02(config-if-range)#channel-group 1 mode active
AS-02(config-if-range)#end
AS-02#

This will create the two interfaces as trunk links and add them into the channel-group 1 with the mode ‘active’ which  enables LACP unconditionally.

 

Then repeat back on the other switch:

AS-01#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
AS-01(config)#int range fastethernet 0/23-24
AS-01(config-if-range)#switchport trunk allowed vlan 30,60
AS-01(config-if-range)#switchport mode trunk
AS-01(config-if-range)#channel-group 1 mode active
AS-01(config-if-range)#end
AS-01#

We now need to configure our two VLANS on our core switch (L3 Switch) and create them as VLAN interfaces (Layer 3):

Core-Sw#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Core-Sw(config)#vlan 30 
Core-Sw(config-vlan)#name Clients
Core-Sw(config-vlan)#exit
Core-Sw(config)#vlan 60 
Core-Sw(config-vlan)#Name Servers
Core-Sw(config-vlan)#exit
Core-Sw(config)#int vlan 30
Core-Sw(config-if)#
%LINK-5-CHANGED: Interface Vlan30, changed state to up

Core-Sw(config-if)#ip address 10.1.1.254 255.255.255.0
Core-Sw(config-if)#exit
Core-Sw(config)#int vlan 60
Core-Sw(config-if)#
%LINK-5-CHANGED: Interface Vlan60, changed state to up

Core-Sw(config-if)#ip address 10.1.2.254 255.255.255.0
Core-Sw(config-if)#exit
Core-Sw(config)#do sh ip int brief
Interface              IP-Address      OK? Method Status                Protocol 
GigabitEthernet1/0/1   unassigned      YES unset  down                  down 
GigabitEthernet1/0/2   unassigned      YES unset  down                  down 
GigabitEthernet1/0/3   unassigned      YES unset  down                  down 
GigabitEthernet1/0/4   unassigned      YES unset  down                  down 
GigabitEthernet1/0/5   unassigned      YES unset  down                  down 
GigabitEthernet1/0/6   unassigned      YES unset  down                  down 
GigabitEthernet1/0/7   unassigned      YES unset  down                  down 
GigabitEthernet1/0/8   unassigned      YES unset  down                  down 
GigabitEthernet1/0/9   unassigned      YES unset  down                  down 
GigabitEthernet1/0/10  unassigned      YES unset  down                  down 
GigabitEthernet1/0/11  unassigned      YES unset  down                  down 
GigabitEthernet1/0/12  unassigned      YES unset  down                  down 
GigabitEthernet1/0/13  unassigned      YES unset  down                  down 
GigabitEthernet1/0/14  unassigned      YES unset  down                  down 
GigabitEthernet1/0/15  unassigned      YES unset  down                  down 
GigabitEthernet1/0/16  unassigned      YES unset  down                  down 
GigabitEthernet1/0/17  unassigned      YES unset  down                  down 
GigabitEthernet1/0/18  unassigned      YES unset  down                  down 
GigabitEthernet1/0/19  unassigned      YES unset  down                  down 
GigabitEthernet1/0/20  unassigned      YES unset  down                  down 
GigabitEthernet1/0/21  unassigned      YES unset  down                  down 
GigabitEthernet1/0/22  unassigned      YES unset  down                  down 
GigabitEthernet1/0/23  unassigned      YES unset  down                  down 
GigabitEthernet1/0/24  unassigned      YES unset  down                  down 
GigabitEthernet1/1/1   unassigned      YES unset  down                  down 
GigabitEthernet1/1/2   unassigned      YES unset  down                  down 
GigabitEthernet1/1/3   unassigned      YES unset  down                  down 
GigabitEthernet1/1/4   unassigned      YES unset  down                  down 
Vlan1                  unassigned      YES unset  administratively down down 
Vlan30                 10.1.1.254      YES manual up                    down 
Vlan60                 10.1.2.254      YES manual up                    down
Core-Sw(config)#

So as above I have configured the two VLANS, and then configured the int VLANS (Layer 3) with their default gateway IP.

Next we need to configure the two port-channels (47&48) some switches will allow you to use the switchport mode trunk without having to specify the encapsulation mode, if not just copy the below and specify switchport trunk encapsulation dot1q:

Core-Sw#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Core-Sw(config)#interface port-channel 47
Core-Sw(config-if)#switchport trunk allowed vlan 30,60
Core-Sw(config-if)#switchport trunk encapsulation dot1q
Core-Sw(config-if)#switchport mode trunk
Core-Sw(config-if)#exit
Core-Sw(config)#
Core-Sw(config)#interface port-channel 48
Core-Sw(config-if)#switchport trunk allowed vlan 30,60
Core-Sw(config-if)#switchport trunk encapsulation dot1q
Core-Sw(config-if)#switchport mode trunk
Core-Sw(config-if)#exit
Core-Sw(config)#

This configures the two port-channels on the Layer 3 switch and allows the VLANS to communicate through those port-channels.

Next configure the two interfaces on the Layer 3 switch to go down to the left hand L2 switch:

Core-Sw#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Core-Sw(config)#int range gig
Core-Sw(config)#int range gigabitEthernet 1/0/1-2
Core-Sw(config-if-range)#switchport trunk allowed vlan 30,60
Core-Sw(config-if-range)#switchport trunk encapsulation dot1q
Core-Sw(config-if-range)#switchport mode trunk 
Core-Sw(config-if-range)#channel-group 47 mode active
Core-Sw(config-if-range)#end
Core-Sw#

Then configure the other port-channel:

Core-Sw#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Core-Sw(config)#int range gig
Core-Sw(config)#int range gigabitEthernet 1/0/3-4
Core-Sw(config-if-range)#switchport trunk allowed vlan 30,60
Core-Sw(config-if-range)#switchport trunk encapsulation dot1q
Core-Sw(config-if-range)#switchport mode trunk
Core-Sw(config-if-range)#channel-group 48 mode active
Core-Sw(config-if-range)#end
Core-Sw#
%SYS-5-CONFIG_I: Configured from console by console

Core-Sw#

Next configure DHCP:

Core-Sw#
Core-Sw#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Core-Sw(config)#ip dhcp pool DHCP-VLAN30
Core-Sw(dhcp-config)#network 10.1.1.0 255.255.255.0
Core-Sw(dhcp-config)#default-router 10.1.1.254
Core-Sw(dhcp-config)#exit
Core-Sw(config)#ip dhcp pool DHCP-VLAN60
Core-Sw(dhcp-config)#network 10.1.2.0 255.255.255.0
Core-Sw(dhcp-config)#default-router 10.1.2.254
Core-Sw(dhcp-config)#end
Core-Sw#

This configures the two pools for seperate vlans and uses the default gateway’s which are the interface vlans (Layer 3) 10.1.1.254 & 10.1.2.254

On the left hand layer 2 switch configure an access port for VLAN 30:

AS-01#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
AS-01(config)#int fast
AS-01(config)#int fastEthernet 0/1
AS-01(config-if)#sw
AS-01(config-if)#switchport access vlan 30
AS-01(config-if)#no shutdown
AS-01(config-if)#

On the right hand layer 2 switch configure an access port for VLAN 60:

AS-02#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
AS-02(config)#int fas
AS-02(config)#int fastEthernet 0/1
AS-02(config-if)#sw
AS-02(config-if)#switchport access vlan 60

Plug in your devices to those ports in my example a machine into fastEthernet 0/1 on both switches and see if you get the IP address and can ping the Default gateway:

 

 

 

 

 

 

 

 

 

You should also find that you can ping the other PC in the other VLAN,

 

 

 

 

 

 

If for some reason it doesn’t ping its probably a layer 3 issue, go to your L3 switch and run the command below:

Core-Sw#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.1.0 is directly connected, Vlan30
C       10.1.2.0 is directly connected, Vlan60

Core-Sw#

As you can see above mine is showing as the two VLAN’s are directly connected and there is a configuration in the routing table. If you find yours displays nothing then go into global configuration mode and issue the command:

Core-Sw#
Core-Sw#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Core-Sw(config)#ip routing
Core-Sw(config)#

This enables the layer 3 routing on the device and will update the routing table with the connected devices.

Leave a Reply

Your email address will not be published. Required fields are marked *