Hi all, in your opinions, what do you think the pros and cons of using DHCP on a switch would be as oppose to having it on a typical DHCP server? To be honest, I only see it as being advantageous.
We use a server because we are huuuuuuuuuuuuuuuuuuuuuuuge and have to keep all our DHCP scopes straight.
I can definitely see that. We only have 1 subnet so I was thinking about offering to move our dhcp services to our switch, more fun and more control for me! Lol Just an idea I was throwing around in my head.
I prefer putting it on a server just because the server guys tend to get into it more than the network guys. Also I don't want to be setting up an exclusion every time someone decides they need a new server to host photos of white cats instead of using the generic cat photo server that already exists.
In our environment a decision is made between infrastructure, server, and security teams that a new vlan is needed. Then the infrastructure team assigns the vlan some address space, and we put a helper on the gateway to the DHCP servers. Then the server teams are responsible for assigning addresses within that space (minus the first 9 addresses and the last 5). So they get to control DHCP, and setup reservations, and exclusions as they see fit.
-Otanx
If you have the scope on a windows server, you can:
- split the scope easily across multiple DHCP servers
- easily graphically view all scopes / servers / options etc
- clients update reverse DNS
- faster to manage changes / additions etc
I do however have DHCP running on my 3560 at home. Purely because the ISP router thing is crap and wouldn't let me set the DHCP option 150 for the CUCME I have. Don't have any servers at home.
I dont really like it, but its always up to you!
I think you could have more versatility on a dhcp installed in a rapsberry than using the embedded one in a L3 switch ;D
For SOHO I'd do it on a local switch (like at home). Over WAN of VPN IPsec lines it's useful to have a local DHCP scope for small offices in case the WAN line is lost, assuming there's still some functionality for the end-users at said office if that happens.
For any bigger deployments I would use a dedicated IPAM or server. MAC reservations are easier, logging, debugging, centralized management.
Probably doesn't apply in your case but the DHCP Failover feature in Server 2012 is a real nice to have for larger environments where you have lots of scopes.
Personally I really like how Windows Server handles DHCP so I prefer to keep the DHCP role on a Windows Server.
Switches keep no history of dhcp allocations, so if you wanted to know who had ip 10.45.99.15 last Thursday at 5PM for a security investigation you are out of luck.
Any services run on routers take up CPU and Memory that could affect the primary directive, either routing or switching. really want to keep the device doing it's primary function.
Router and switches don't supply DHCP options ( that I am aware of, other than DNS Server, default gateway, etc).
you can import options from a DHCP Server into the router. if you need to provide other information through options (e.g. option 82), you may need a real DHCP Server.
for a small company, wouldn't worry too much, as it's worth the savings not to standup and manage another server.
Quote from: ristau5741 on March 10, 2016, 08:30:38 AMRouter and switches don't supply DHCP options ( that I am aware of, other than DNS Server, default gateway, etc).
you can import options from a DHCP Server into the router. if you need to provide other information through options (e.g. option 82), you may need a real DHCP Server.
Not that I would ever recommend running a DHCP server on your Cisco switch or router, but they do actually offer the capability to send custom options, base leases on option 82 and a couple of other things.
Quote from: ristau5741 on March 10, 2016, 08:30:38 AM
Switches keep no history of dhcp allocations, so if you wanted to know who had ip 10.45.99.15 last Thursday at 5PM for a security investigation you are out of luck.
You had me at hello LOL....great reason! Thank you all for your insight. I think I'll leave it to the Server team LOL
a rule of thumb i use. check proc and mem. we use dhcp on all of our routers for their stub networks. more than one network, i would def get a dhcp server. they are dirt cheap to make.
A long, long time ago we had about 100 racks with a pair of Cisco 4948's in our Data Center. We were doing L3 in each of these 4948's and then L3 back to our Cisco 6509's. Each 4948 had 8 IP subnets. One for Management, one for Windows, one for Linux, one for UNIX (AIX/iSeries), and four spares. Our Platforms team (setup Windows and Linux servers, VM's, etc) had a need for PXE boot to stage new servers in the Data Center without having to take them out and bring them into the lab which was built for this purpose. I don't remember the exact details but I had to go around and create a DHCP scope in the eight IP subnet of each switch for this to be strictly for PXE boot and then hang a purple cable that was only for this purpose to be unshut when they needed to use it. It was a total nightmare implemeting 100 different DHCP subnets and getting it all correct and working. We even ended up having to do an upgrade of these to get it all working. It was the only time in my eight year they required a code upgrade for the switches. They have since migrated just about everything over to VM's now which has stopped the need for this. I would not recommend this. It probably would have been a lot easier to create a L3 VLAN on the Cisco 6509's and dropped in all the rack switches but then you have a large spanning-tree VLAN out of every rack that leaves room for loops.
In my opinion having DHCP in switch is a best hassle free way to provide IP to the systems, i don't think there is no any cons.
Quote from: zarawatsonn on April 07, 2016, 01:35:27 AM
In my opinion having DHCP in switch is a best hassle free way to provide IP to the systems, i don't think there is no any cons.
In small environments, you are correct. In larger environments, it's not a very manageable arrangement.
I use to put DHCP on all of the collapsed core deployments I did, mainly 3560/3750 small office IDF's. FYI - Microsoft DHCP requires a CAL for "any" device obtaining a lease. Now a days it all about the Infoblok
I have also noticed that with our setup with having our switchs running DHCP. We have issues with the Cisco switchs not releasing IP conflicts. It just holds on to those IPs. It is an easy enough fix. You just have to simply run "#show ip dhcp conflicts" to see if there are any. But this is tough when our IT team consist of just two IT personal for about 1500 devices. To clear the conflicts all one has to do is run "#clear ip dhcp conflict *" and that will resolved the issue. With that being said I've never had this kind of an issues with a Windows DHCP server. Plus as mentioned before the DHCP server also keeps a record of the IPs used and for security purposes that is a good thing to have. Since this is an issue I plan on discussing having an DHCP server put in place of that with our new tech plan coming up.
Quote from: grfgonza on January 20, 2017, 01:44:40 PM
I have also noticed that with our setup with having our switchs running DHCP. We have issues with the Cisco switchs not releasing IP conflicts. It just holds on to those IPs. It is an easy enough fix. You just have to simply run "#show ip dhcp conflicts" to see if there are any. But this is tough when our IT team consist of just two IT personal for about 1500 devices. To clear the conflicts all one has to do is run "#clear ip dhcp conflict *" and that will resolved the issue. With that being said I've never had this kind of an issues with a Windows DHCP server. Plus as mentioned before the DHCP server also keeps a record of the IPs used and for security purposes that is a good thing to have. Since this is an issue I plan on discussing having an DHCP server put in place of that with our new tech plan coming up.
True, true. And I've heard more than once - from Cisco, even - not to run their DHCP in production.
I use Windows 2012 Active Directory Domain Controller as redundant DHCP servers so dyn.dns gets updated and it's easy to manage in one place. I have two servers and they serve both offices across VPN. I do this to maintain a "skeleton" network in the remote offices, accelerated via Riverbed. Remote office literally has 1 switch, 1 router, 1 riverbed and some AP's. DR plan for that office is "work from home" :)
80% of enterprise I've seen use AD as the DHCP.
Quote from: wintermute000 on January 20, 2017, 08:58:19 PM
80% of enterprise I've seen use AD as the DHCP.
Probably also why Cisco never felt the heat to get its own DHCP game together.