Application Example: DHCP Policies
Page 20-28

DHCP Servers and Clients

DHCP clients must be able to communicate with a DHCP server at initialization. The most reli-
able way to ensure this communication is for the server and its associated clients to share the
same VLAN or mobile group. However, if the network configuration does not lend itself to
this solution (as the Production VLAN does not in this application example), then the server
and clients can communicate through a router with Bootp relay enabled.
The DHCP servers and clients in this example are either in the same VLAN or are connected
through a router with Bootp relay. All clients in the Test VLAN receive IP addresses from the
server in their VLAN (Server 1). Likewise, all clients in the Branch VLAN receive IP addresses
from their local server (Server 2). The DHCP clients in the Production VLAN do not have a
local DHCP server, so they must rely on the Bootp relay functionality in external Router 2 to
obtain their IP addresses from the DHCP server in the Branch VLAN.
Both DHCP servers gain membership to their VLANs through IP network address policies.
The following table summarizes the VLAN architecture and policies for all devices in this
network configuration. The diagram on the following page illustrates this network configura-
tion.
Devices and VLAN Membership
Device VLAN Membership Policy Used/Router Role
DHCP Server 1 Test VLAN IP subnetwork rule=10.15.X.X
DHCP Server 2 Branch VLAN IP subnetwork rule=10.13.X.X
External Router 1 Test VLAN
Production VLAN
Connects Test VLAN to Production VLAN
External Router 2 Production VLAN
Branch VLAN
Bootp relay provides access to DHCP server in
Branch VLAN for clients in Production VLAN.
DHCP Client 1 Test VLAN DHCP Port Rule
DHCP Client 2 Test VLAN DHCP Port Rule
DHCP Client 3 Production VLAN DHCP Port Rule
DHCP Client 4 Production VLAN DHCP Port Rule
DHCP Client 5 Branch VLAN DHCP Port Rule
DHCP Client 6 Branch VLAN DHCP Port Rule
DHCP Client 7 Branch VLAN DHCP MAC Address Rule
DHCP Client 8 Branch VLAN DHCP MAC Address Rule