Configuring Multi-VLAN DHCP

March 25, 2025 - Reading time: 4 minutes

Dynamic Host Configuration Protocol (DHCP) allows a router to automatically assign IP addresses and other network parameters (such as default gateway and DNS server) to hosts. In a router-on-a-stick setup, one physical interface on the router is divided into multiple subinterfaces, each subinterface corresponding to a VLAN. The router will act as a DHCP server for each VLAN.

Step‑by‑Step Lab: DHCP

Topology

• Router0 (DHCP server)
• Switch (with trunk link to Router0)
• 3 Hosts: 2 in VLAN 100, 1 in VLAN 150

IP Addressing Plan

• VLAN 100: 192.168.100.0/24
  • Router subinterface: 192.168.100.1
  • DHCP scope: 192.168.100.11 – 192.168.100.254
• VLAN 150: 192.168.150.0/24
  • Router subinterface: 192.168.150.1
  • DHCP scope: 192.168.150.11 – 192.168.150.254
• DNS server: 8.8.8.8 (public DNS)

Router0 Configuration

1. Create Subinterfaces for VLANs

   Router0> enable
   Router0# configure terminal
   !
   ! Subinterface for VLAN 100
   Router0(config)# interface FastEthernet0/0.100
   Router0(config-subif)# encapsulation dot1Q 100
   Router0(config-subif)# ip address 192.168.100.1 255.255.255.0
   Router0(config-subif)# no shutdown
   !
   ! Subinterface for VLAN 150
   Router0(config)# interface FastEthernet0/0.150
   Router0(config-subif)# encapsulation dot1Q 150
   Router0(config-subif)# ip address 192.168.150.1 255.255.255.0
   Router0(config-subif)# no shutdown
   !
   

2. Exclude Addresses

   Router0(config)# ip dhcp excluded-address 192.168.100.1 192.168.100.10
   Router0(config)# ip dhcp excluded-address 192.168.150.1 192.168.150.10
   
   

   (We exclude the router’s own IP within the small range)

3. Create DHCP Pools

   ! DHCP pool for VLAN 100
   Router0(config)# ip dhcp pool VLAN100
   Router0(dhcp-config)# network 192.168.100.0 255.255.255.0
   Router0(dhcp-config)# default-router 192.168.100.1
   Router0(dhcp-config)# dns-server 8.8.8.8
   Router0(dhcp-config)# exit
   !
   ! DHCP pool for VLAN 150
   Router0(config)# ip dhcp pool VLAN150
   Router0(dhcp-config)# network 192.168.150.0 255.255.255.0
   Router0(dhcp-config)# default-router 192.168.150.1
   Router0(dhcp-config)# dns-server 8.8.8.8
   Router0(dhcp-config)# exit
   

• Router0 is acting as a DHCP server for two VLANs (100 and 150).

• Each VLAN has its own network range and default gateway.

• Both VLANs share the same DNS server (8.8.8.8).

• When PCs in VLAN 100 or VLAN 150 boot up and send a DHCP request, the router will hand out an IP from the correct pool, along with gateway and DNS info.

Switch Configuration

1. Configure the trunk to Router0

   Switch> enable
   Switch# configure terminal
   Switch(config)# interface FastEthernet0/1
   Switch(config-if)# switchport mode trunk
   Switch(config-if)# no shutdown
   

2. Assign ports to VLANs
   (Example: Hosts on ports Fa0/2 and Fa0/3 are VLAN 100, host on Fa0/4 is VLAN 150.)
   Switch(config)# interface FastEthernet0/2
   Switch(config-if)# switchport mode access
   Switch(config-if)# switchport access vlan 100
   Switch(config-if)# no shutdown
   !
   Switch(config)# interface FastEthernet0/3
   Switch(config-if)# switchport mode access
   Switch(config-if)# switchport access vlan 100
   Switch(config-if)# no shutdown
   !
   Switch(config)# interface FastEthernet0/4
   Switch(config-if)# switchport mode access
   Switch(config-if)# switchport access vlan 150
   Switch(config-if)# no shutdown
   

Host Verification

• Each host is connected to the switch in the correct VLAN.
• Hosts will receive their IP address, subnet mask, default gateway (router interface IP), and DNS server from the router’s DHCP pools. Make sure Hosts are in DHCP mode.

Verification Commands

Use the following commands on Router0 to ensure everything is working.

1. Show IP Interface Brief

   Router0# show ip interface brief
   Interface              IP-Address      OK? Method Status       Protocol
   FastEthernet0/0        unassigned      YES manual up           up
   FastEthernet0/0.100    192.168.100.1   YES manual up           up
   FastEthernet0/0.150    192.168.150.1   YES manual up           up
   FastEthernet0/1        unassigned      YES unset  administratively down down
   Vlan1                  unassigned      YES unset  administratively down down
   

2. Show IP DHCP Binding
   After hosts have obtained an IP address, you should see entries similar to:

   Router0# show ip dhcp binding
   IP address        Client-ID/              Lease expiration        Type
                     Hardware address
   192.168.100.11    0100.50.56.bc.d4.19     Feb 25 2025 12:00 AM    Automatic
   192.168.100.12    0100.53.5A.7B.45.01     Feb 25 2025 12:00 AM    Automatic
   192.168.150.11    0100.4A.23.0F.A9.B2     Feb 25 2025 12:00 AM    Automatic
   

3. Show Running Configuration (Section DHCP)
   Useful for checking your DHCP pools:

   Router0# show running-config | section dhcp
   ip dhcp excluded-address 192.168.100.1 192.168.100.10
   ip dhcp excluded-address 192.168.150.1 192.168.150.10
   ip dhcp pool VLAN100
    network 192.168.100.0 255.255.255.0
    default-router 192.168.100.1
    dns-server 8.8.8.8
   ip dhcp pool VLAN150
    network 192.168.150.0 255.255.255.0
    default-router 192.168.150.1
    dns-server 8.8.8.8
   

4. Ping Tests
   From each host, you should be able to ping the router interfaces (192.168.100.1 or 192.168.150.1) and potentially other hosts in the same VLAN.

Common Mistakes

1. Forgetting to Create/Enable Subinterfaces

   • Symptom: No IP address assigned to the VLAN interface; DHCP fails.
   • Solution: Configure and enable subinterfaces with the correct encapsulation dot1Q VLAN_ID and IP addresses.

2. Incorrect or Missing Excluded Addresses

   • Symptom: IP conflicts between the router interface and DHCP-assigned hosts.
   • Solution: Make sure the router interface IP is excluded from the pool.

3. No DHCP Pool or Incorrect Network Statement

   • Symptom: Hosts fail to receive an IP address or receive one from a different subnet.
   • Solution: Use network <subnet> <mask> accurately in the DHCP pool.

4. Switchport Not in the Correct VLAN Mode

   • Symptom: Hosts never get DHCP offers; subinterfaces do not see broadcast traffic.
   • Solution: Configure the switch port to switchport mode trunk for the router link, and switchport mode access for host ports.

User Challenge

The lab is available for download from this link. 

Before the next lesson, try the following to reinforce your DHCP knowledge:

1. Add Another VLAN (e.g., VLAN 200)

   • Create a new subinterface on Router0 (FastEthernet0/0.200), assign an IP, set up a new DHCP scope, and verify a host on that VLAN gets an address.

2. Change the DNS Server

   • Modify the DHCP pool to use a different DNS server, verify hosts receive the updated DNS server address upon DHCP renewal.
     
     
3.  Download the DHCP1 and DHCP2 troubleshooting scenarios and apply what you've learned. (requires version 2.7)