Application example: dhcp policies, The vlans, Application example: dhcp policies -27 – Alcatel Carrier Internetworking Solutions Omni Switch/Router User Manual

Application Example: DHCP Policies

Page 20-27

Application Example: DHCP Policies

This application example shows how Dynamic Host Configuration Protocol (

DHCP

) port and

MAC

address policies can be used in a

DHCP

-based network.

DHCP

is built on a client-server

model in which a designated

DHCP

server allocates network addresses and delivers configura-

tion parameters to dynamically configured clients.

Since

DHCP

clients initially have no

IP

address, placement of these clients in an AutoTracker

VLAN

presents a problem. AutoTracker determines

VLAN

membership by looking at traffic

from source devices. Since the first traffic transmitted from a source

DHCP

client does not

contain the actual address for the client (because the server has not allocated the address yet),
the client may not be placed in the same

VLAN

as its server.

Before the introduction of

DHCP

port and

MAC

address rules, various strategies were deployed

to use

DHCP

with Groups and

VLAN

s. Typically these strategies involved IP protocol and

network rules along with Bootp relay functionality. (See Chapter 24 for some application
examples of these strategies.) These solutions required that all

DHCP

clients in a particular

mobile group or

VLAN

be grouped together through a common IP policy.

DHCP

port and

MAC

address rules simplify the configuration of

DHCP

networks. Instead of

relying on IP-based policies to group all

DHCP

clients in the same network as a

DHCP

server,

you can manually place each individual

DHCP

client in the

VLAN

or mobile group of your

choice.

DHCP

port and

MAC

address policies operate the same way as standard port and

MAC

address policies except these new rules have been enhanced for use with

DHCP

clients.

The VLANs

This application example contains three (3) AutoTracker

VLAN

s within a single non-mobile

group. These

VLAN

s are called Test, Production, and Branch.

The Test

VLAN

connects to the main network, the Production

VLAN

, through an external

router. This

VLAN

is intended to be self-contained such that copies of it could be made and

attached to the Production

VLAN

in the same way this

VLAN

does. The Test

VLAN

contains its

own

DHCP

server and

DHCP

clients. The clients gain membership to the

VLAN

through

DHCP

port rules.

The Production

VLAN

carries most of the traffic in this network. It does not contain a

DHCP

server, but does contain

DHCP

clients that gain membership through

DHCP

port rules. Two

external routers connect this

VLAN

to the Test

VLAN

and a Branch

VLAN

. One of the external

routers—the one connected to the Branch

VLAN

—has Bootp relay functionality enabled. It is

through this router that the

DHCP

clients in the Production

VLAN

access the

DHCP

server in

the Branch

VLAN

.

The Branch

VLAN

contains a number of

DHCP

client stations and its own

DHCP

server. The

DHCP

clients gain membership to the

VLAN

through both

DHCP

port and

MAC

address rules.

The

DHCP

server allocates IP addresses to all clients in this

VLAN

as well as the

DHCP

clients

in the Production

VLAN

.