Alcatel Carrier Internetworking Solutions Switch/Router Application Example: DHCP Policies

Application Example: DHCP Policies

Page 20-27

Application Example: DHCP Policies

This application example shows how Dynamic Host Configuration Protocol (DHCP) port and

MAC address policies can be used in a DHCP-based network. DHCP is built on a client-server

model in which a designated DHCP server allocates network addresses and delivers configura-

tion parameters to dynamically configured clients.

Since DHCP clients initially have no IP address, placement of these clients in an AutoTracker

VLAN presents a problem. AutoTracker determines VLAN membership by looking at traffic

from source devices. Since the first traffic transmitted from a source DHCP client does not

contain the actual address for the client (because the server has not allocated the address yet),

the client may not be placed in the same VLAN as its server.

Before the introduction of DHCP port and MAC address rules, various strategies were deployed

to use DHCP with Groups and VLANs. Typically these strategies involved IP protocol and

network rules along with Bootp relay functionality. (See Chapter 24 for some application

examples of these strategies.) These solutions required that all DHCP clients in a particular

mobile group or VLAN be grouped together through a common IP policy.

DHCP port and MAC address rules simplify the configuration of DHCP networks. Instead of

relying on IP-based policies to group all DHCP clients in the same network as a DHCP server,

you can manually place each individual DHCP client in the VLAN or mobile group of your

choice. DHCP port and MAC address policies operate the same way as standard port and MAC

address policies except these new rules have been enhanced for use with DHCP clients.

This application example contains three (3) AutoTracker VLANs within a single non-mobile

group. These VLANs are called Test, Production, and Branch.

The Test VLAN connects to the main network, the Production VLAN, through an external

router. This VLAN is intended to be self-contained such that copies of it could be made and

attached to the Production VLAN in the same way this VLAN does. The Test VLAN contains its

own DHCP server and DHCP clients. The clients gain membership to the VLAN through DHCP

port rules.

The Production VLAN carries most of the traffic in this network. It does not contain a DHCP

server, but does contain DHCP clients that gain membership through DHCP port rules. Two

external routers connect this VLAN to the Test VLAN and a Branch VLAN. One of the external

routers—the one connected to the Branch VLAN—has Bootp relay functionality enabled. It is

through this router that the DHCP clients in the Production VLAN access the DHCP server in

the Branch VLAN.

The Branch VLAN contains a number of DHCP client stations and its own DHCP server. The

DHCP clients gain membership to the VLAN through both DHCP port and MAC address rules.

The DHCP server allocates IP addresses to all clients in this VLAN as well as the DHCP clients

in the Production VLAN.