What is the IP helper address

Best Practice Using Cisco's “IP Helper” for DHCP?

Our topology is such that we have two 4510s in our IDF cabinets. Each switch has a data VLAN and a voice VLAN. The switches are connected to the core on level 2, where the VLAN interfaces are located, routing takes place and DHCP is forwarded to the DHCP server.

What is the best practice to provide DHCP service redundancy? If there are two DHCP servers and two "IP helper" addresses, does the network only forward DHCP requests to the first IP as long as they are reachable from the network perspective? If it fails, does DHCP go to the second address?

What if the first server's DHCP service has a problem - but the server is still reachable over the network (you can ping it, but the DHCP service is down)? Or what if the DHCP scope is full? Does the second IP address help? Does the second address only come into play if the first server fails?

Is there a way to get the IP helper to "round-robin" between the two?

PS. Unfortunately, this is only a Microsoft DHCP server option. I've been asked for ideas and mentioned Infoblox, but that's in the future ... maybe.

Many Thanks.


The router forwards all DHCP requests to all servers configured with ip helper. The first server to respond with a usable address wins. I am not aware of any router round robin options.

All broadcast traffic (DHCPDISCOVERs and DHCPREQUESTs) is forwarded to all IP helper addresses. The order in which the ip-helper statements are configured does not matter. The device takes an address from the first server, from which it receives a DHCPOFFER.

The only way to bypass an area that is full is to configure a secondary subnet on the interface. In Cisco IOS the configuration looks like this:

All lines configured in your VLAN receive the DHCP broadcast from the client, add the address of the router (gateway) to the UDP packet and send unicasts to the DHCP server. [I'm sure the packet is rewritten only once and then a copy is sent to each DHCP server.] All the listed servers that have been configured will receive the DHCPDiscover packet from the router relay.

The redundancy of your DHCP server depends not only on your operating system, but also on the specific version! For Windows that was mentioned, your options range from a real split scope in Windows 2008 R2 to active failover redundancy in Windows 2012. For less robust DHCP servers (e.g. Windows 2003), you can use a split- Configure the scope manually. Scope. A common recommendation is the 80/20 rule, where 80% of the leases are configured for the primary DHCP server (and only for you) and 20% for the secondary. Exclusions are added to each DHCP server because they have overlapping ranges.

Since I'm not a fan of overlapping areas in Windows 2003 because the Exclusions often I prefer to simply split the subnet in half for each DHCP server. One / 24 block for client leases becomes two / 25 blocks. The key is that the subnet mask is still a / 24 in scope. Your start and end IP address in the range configured in the range follows the / 25. Now I recommend some exclusions for network devices such as VLAN interface IP addresses and HSRP, as well as some for static devices (e.g. printers) in the same subnet. So I exclude the first 16 (0-15) addresses - a zero address would of course not be used anyway - and the top 16 (240-255) - 255 broadcasts of course. You can actually get away from not configuring the exclusion by simply starting and stopping the IP address accordingly.

The basic range information in a manually configured 50/50 split range (2x / 25 = / 24) is similar to:

DHCP primary scope lower:, start, end, no exclusions DHCP secondary scope upper:, start, end, no exclusions

Configure identical areas (2x / 24) with appropriate exclusions if you prefer this method:

DHCP primary scope full:, start, end, exclusions 1-15, 128-254 DHCP secondary scope full:, start, end 192.0 2.239, exclusions 1-127, 240-254

Since the duplicate DHCPDiscover packets are only slightly delayed and all others are the same, the first listed DHCP server usually responds first with a DHCPOffer and the address that the client selected in its DHCPRequest - no guarantee. So place your primary DHCP server in your SVI for the VLAN first. A client usually receives several DHCP offers and decides the best, which is usually received first. The assignment is only completed after the client has sent a DHCP request back to the server - in the event that the server has changed its mind about the lease or is no longer available, or ??? - and the server sends a DHCPACK.

Interface vlan123 desc svi for vl123 dhcp relay example IP address IP helper address! Primary DHCP server IP helper address! Secondary DHCP server

You may want to switch between your data and voice VLANs from what you consider to be the primary DHCP server for a given VLAN. I'm doing this to spread the rental burden a bit.

If the scope of a DHCP server is full, it does not respond with a DHCPOffer, so the offer comes from another DHCP server, unless this is also full. When troubleshooting, remember that a Windows client will remember the most recently leased IP and try to get it again. Also, keep in mind that any reservations you make must be made on both servers and reflected in all of your ACLs, such as: B. in firewalls.

See Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Networks for detailed explanation and sniffer traces of the DHCP relay process.

The whole point is that 80% of the DHCP redundancy is a problem with the DHCP server. You can use a split-scope approach. Windows 2012 allows you to have active and standby replication without clustering. We only have daily backups (we use 7 day leases) and then restore them to another box or VM. Check what your DHCP server software is providing. The address of the utility is really the least of your worries

We use cookies and other tracking technologies to improve your browsing experience on our website, to show you personalized content and targeted ads, to analyze our website traffic, and to understand where our visitors are coming from.

By continuing, you consent to our use of cookies and other tracking technologies and affirm you're at least 16 years old or have consent from a parent or guardian.

You can read details in our Cookie policy and Privacy policy.