Инструменты пользователя

Инструменты сайта


dhcp

Configuring Routers to Support DHCP

Dynamic Host Configuration Protocol (DHCP) is one of the most commonly used protocols in a TCP/IP network. The vast majority of hosts in a TCP/IP network are user devices, and the vast majority of user devices learn their IPv4 settings using DHCP.

The DHCP process to lease an IP address uses the following four messages between the client and server. (Also, as a way to help remember the messages, note that the first letters spell DORA):

Discover: Sent by the DHCP client to find a willing DHCP server
Offer: Sent by a DHCP server to offer to lease to that client a specific IP address (and inform the client of its other parameters)
Request: Sent by the DHCP client to ask the server to lease the IPv4 address listed in the Offer message
Acknowledgment: Sent by the DHCP Server to assign the address, and to list the mask, default router, and DNS server IP addresses

DHCP clients, however, have a somewhat unique problem: they do not have an IP address yet, but they need to send IP packets. To make that work, DHCP messages make use of two special IPv4 addresses that allow a host that has no IP address still be able to send and receive messages on the local subnet:

0.0.0.0: An address reserved for use as a source IPv4 address for hosts that do not yet have an IP address.
255.255.255.255: The address reserved as a local subnet broadcast address. Packets sent to this destination address are broadcast on the local data link, but routers do not forward them to other subnets.

Supporting DHCP for Remote Subnets with DHCP Relay

The ip helper-address server-ip subcommand tells the router to do the following for the messages coming in an interface, from a DHCP client:

  1. Watch for incoming DHCP messages, with destination IP address 255.255.255.255.
  2. Change that packet’s source IP address to the router’s incoming interface IP address.
  3. Change that packet’s destination IP address to the address of the DHCP server (as configured in the ip helper-address command).
  4. Route the packet to the DHCP server.


This command gets around the “do not route packets sent to 255.255.255.255” rule by changing the destination IP address. Once the destination has been set to match the DHCP server’s IP address, the network can route the packet to the server.

Information Stored at the DHCP Server

The following list shows the types of settings the DHCP server needs to know to support DHCP clients:

  1. Subnet ID and mask: The DHCP server can use this information to know all addresses in the subnet. Usually, unless reserved or excluded, the server believes that it can lease any and all valid addresses in the subnet. (The DHCP server knows to not lease the subnet ID or subnet broadcast address.)
  2. Reserved (excluded) addresses: The server needs to know which addresses in the subnet to not lease. This list allows some addresses to be reserved for assignment as statically assigned IP addresses. For example, most router and switch IP addresses, server addresses, and addresses of most anything other than user devices use a statically assigned IP address. Most of the time, engineers use the same convention for all subnets, either reserving the lowest IP addresses in all subnets, or reserving the highest IP addresses in all subnets.
  3. Default router(s): This is the IP address of the router on that subnet.
  4. DNS IP address(es): This is a list of DNS server IP addresses.

DHCP Server Configuration and Verification on Routers

The Cisco IOS DHCP server configuration steps are as follows:

Step 1. Exclude addresses from being assigned by DHCP: ip dhcp excluded-address first last
Step 2. Create a DHCP pool and go to pool configuration mode: ip dhcp pool name

  • A. Define subnet that the DHCP server should support: network subnet-ID mask or network subnet-ID prefix-length
  • B. Define default router IP address(es) in that subnet: default-router address1 address2…
  • C. Define list of DNS server IP addresses: dns-server address1 address2…
  • D. Define length of lease, in days, hours, and minutes: lease days hours minutes
  • E. Define the DNS domain name: domain-name name


ip dhcp excluded-address 172.16.1.1 172.16.1.50
ip dhcp excluded-address 172.16.2.1 172.16.2.100
!
ip dhcp pool subnet-left
network 172.16.1.0 255.255.255.0
dns-server 172.16.1.12
default-router 172.16.1.1
lease 0 23 59
domain-name example.com
!
ip dhcp pool subnet-right
network 172.16.2.0 /24
dns-server 172.16.1.12
default-router 172.16.2.1
lease 1 2 3

IOS DHCP Server Verification

The IOS DHCP server function has several different show commands. These three commands list most of the details:
show ip dhcp binding: Lists state information about each IP address currently leased to a client
show ip dhcp pool [poolname]: Lists the configured range of IP addresses, plus statistics for the number of currently leased addresses and the high-water mark for leases from each pool
show ip dhcp server statistics: Lists DHCP server statistics

The show ip dhcp conflict command lists the method through which the server added each address to the conflict list: either gratuitous ARP, as detected by the client, or ping, as detected by the server. The server avoids offering these conflicted addresses to any future clients, until the engineer uses the clear ip dhcp conflict command to clear the list.

Summary

  • Dynamic Host Configuration Protocol (DHCP) is one of the most commonly used protocols in a TCP/IP network. The vast majority of hosts in a TCP/IP network are user devices, and the vast majority of user devices learn their IPv4 settings using DHCP.
  • The DHCP process to lease an IP address uses the following four messages between the client and the server. (To remember the messages, note that the first letters spell DORA.)
  • Discover: Sent by the DHCP client to find a willing DHCP server
  • Offer: Sent by a DHCP server to offer to lease to that client a specific IP address (and inform the client of its other parameters)
  • Request: Sent by the DHCP client to ask the server to lease the IPv4 address listed in the Offer message
  • Acknowledgement: Sent by the DHCP Server to assign the address and list the mask, default router, and DNS server IP addresses
  • DHCP clients, however, have a somewhat unique problem: They do not have an IP address yet but they need to send IP packets. To make that work, DHCP messages use two special IPv4 addresses that enable a host that has no IP address to be able to send and receive messages on the local subnet:
  • 0.0.0.0: An address reserved for use as a source IPv4 address for hosts that do not yet have an IP address.
  • 255.255.255.255: The address reserved as a local subnet broadcast address. Packets sent to this destination address are broadcast on the local data link, but routers do not forward them to other subnets.
  • Many enterprise networks use a couple of DHCP servers at a centralized site that support DHCP services to all remote subnets. The routers need to somehow forward those DHCP messages between clients and the DHCP server. To make that work, the routers connected to the remote LAN subnets need an interface subcommand: the ip helper-address server_IP command.
  • The following list shows the types of settings the DHCP server needs to know to support DHCP clients:
  • Subnet ID and Mask: The DHCP server can use this information to know all addresses in the subnet. Usually, unless reserved or excluded, the server believes that it can lease all valid addresses in the subnet. (The DHCP server knows to not lease the subnet ID or subnet

broadcast address.)

  • Reserved (excluded) addresses: The server needs to know which addresses in the subnet to not lease. This list enables some addresses to be reserved for assignment as statically assigned IP addresses. For example, most router and switch IP addresses, server addresses, and addresses of almost anything other than user devices use a statically assigned IP address. Most of the time, engineers use the same convention for all subnets, either reserving the lowest IP addresses in all subnets or reserving the highest IP addresses in all subnets.
  • Default router(s): This is the IP address of the router on that subnet.
  • DNS IP Address(es): This is a list of DNS server IP addresses.
  • The following are the Cisco IOS DHCP server configuration steps:
  • Step 1. Exclude addresses from being assigned by DHCP: ip dhcp excluded-address first last.
  • Step 2. Create DHCP pool and go to pool configuration mode: ip dhcp pool name.
  • A. Define the subnet that the DHCP server should support: network subnet_ID mask or network subnet_ID prefix_length
  • B. Define the default router IP address(es) in that subnet: default-router address1 address2…
  • C. Define the list of DNS server IP addresses: dns-server address1 address2…
  • D. Define the length of lease, in days, hours, and minutes: lease days hours minutes
  • E. Define the DNS domain name: domain-name name
  • The Cisco IOS DHCP server function has several different show commands. These three commands list most of the details:
  • show ip dhcp binding: Lists the state information about each IP address currently leased to a client.
  • show ip dhcp pool [poolname]: Lists the configured range of IP addresses, plus statistics for the number of currently leased addresses and the high-water mark for leases from each pool.
  • show ip dhcp server statistics: Lists DHCP server statistics.
  • For a LAN-based host’s default router setting to work, the following must be true:
  • The host link to the LAN and the default router link to the LAN must be in the same VLAN.
  • The host and default router IP addresses must be in the same subnet.
  • The host default router setting must match the IP address configured on the router.
  • The LAN switches must not discard the frame due to the port security configuration.
  • The ping command exists to test connectivity. It sends a series of packets to one destination IP address. The packets mean basically, “If you get this packet, send a reply back.” Each time the sender sends the request and the other host sends a reply, the ping command knows a packet made it from the source host to the destination and back.
  • The traceroute command’s output, when the command successfully completes, identifies the routers in the path between the source and destination host. Specifically, it lists the next-hop IP address of each router that would be in each of the individual routes.

Configuration Command

Command Description
ip dhcp exclude-address first last A global command that reserves an inclusive range of addresses, so that the DHCP server function does not lease out these addresses.
ip dhcp pool pool-name A global command that creates a pool, by name, and moves the user to DHCP server pool configuration mode.
network subnet-id {ddn-mask or /prefix-length} A DHCP pool mode subcommand that defines a network or subnet causing the DHCP server will lease out IP addresses in that subnet.
default-router address1 address2… A DHCP pool mode subcommand that defines one or more routers as default routers, with that information passed for clients server by this pool.
dns-server address1 address2… A DHCP pool mode subcommand that defines the list of DNS servers that the DHCP server will list for clients server by this pool.
lease days hours minutes A DHCP pool mode subcommand that defines the length of time for a DHCP lease, for clients server by this pool.
ip helper-address IP-address An interface subcommand that tells the router to notice local subnet broadcasts (to 255.255.255.255), and change the source and destination IP address, enabling DHCP servers to sit on a remote subnet.
ip name-server address1… Global command that defines to a router or switch a list of DNS server IP addresses, which then lets users of the CLI of that router or switch resolve host names using DNS.
ip host name address Global command to configure a static host name–to–IP address mapping, so the router or switch does not have to ask DNS to resolve that name.
[no] ip domain-lookup Global command that enables or disables (with no in the front) the DNS resolver function on a router or switch.
ip address ip-address mask [secondary] Interface subcommand that assigns the interface’s IP address and optionally makes the address a secondary address.
show arp, show ip arp Lists the router’s IPv4 ARP table.
show ip dhcp binding Lists the currently leased IP addresses on a DHCP server, along with the client identifier and lease time information.
show ip dhcp pool name Lists the configured range of addresses in the pool, along with usage statistics and utilization high/low water marks.
show ip dhcp server statistics Lists statistics about the requests served by the DHCP server.
show ip dhcp conflict Lists IP addresses that the DHCP server found were already in use when the server tried to lease the address to a host.
clear ip dhcp conflict Removes all entries from the DHCP server’s conflict list.
ping {host-name or ip-address} Tests IP routes by sending an ICMP packet to the destination host
traceroute {host-name or ip-address} Tests IP routes by discovering the IP addresses of the routes between a router and the listed destination
telnet {host-name or ip-address} Creates a Telnet connection from the local router or switch to the host listed in the command.
show sessions where Lists Telnet or SSH connections from the local router, made to another device, and currently suspended. Users list the suspended connections and can then select one to resume the connection.
resume session_number Reconnects to a previously-suspended Telnet or SSH connection from some router or switch to another device.
disconnect session_number Disconnects to a previously suspended Telnet or SSH connection from some router or switch to another device.
show users Lists all users currently logged in to a router or switch.

Получение настроек по dhcp

  • Шаг 1. Когда клиент (компьютер или устройство) загружается или подключается к сети, серверу отправляется сообщение DHCPDISCOVER. Если нет никаких дополнительных данных о конфигурации, то сообщение отправляется с адреса 0.0.0.0 к 255.255.255.255. Если сервер DHCP находится в локальной подсети, то она напрямую получает сообщение, если он находится в другой подсети, то используется агент ретрансляции для передачи запроса к серверу DCHP. Используется протокол передачи UDP через порт 67. Клиент на данном этапе начинает стадию авторизации.
  • Шаг 2. В тот момент как сервер получил запрос DHCPDISCOVER, то он отправляет в ответ сообщение DHCPOFFER. Как говорилось ранее, в этом сообщении содержатся все необходимые параметры конфигурации, запрашиваемые клиентом. Например, IP-адрес, необходимый клиенту, а также значение маски подсети и информация о шлюзе. Также сервер сразу заполняет значения MAC-адреса в поле CHADDR. Сообщение отправляется клиенту от адреса 255.255.255.255 напрямую, а если сервер находится в другой подсети, то используются агенты ретрансляции, который отвечает за то, чтобы сообщение было доставлено. В этом случае для передачи применяется протокол UDP через порт 68. На этом этапе клиент начинает подбирать параметры.
  • Шаг 3. Клиент формирует сообщение DHCPREQUEST, которое служит ответом на DHCPOFFER от сервера, указав, что он принимает параметры конфигурации, отправленные ему. Если бы было несколько серверов DCHP, то клиент бы получил также несколько сообщений DHCPOFFER, но клиент отвечает только одному серверу, заполняя параметры конфигурации для настройки. Таким образом, он проходит авторизацию с получением IP-адреса от одного конкретного сервера DCHP. Все сообщение от других серверов блокируются. Сообщение DHCPREQUEST по-прежнему будет содержать адрес источника 0.0.0.0, если клиенту все еще нельзя использовать IP-адреса, полученные в сообщении DHCPOFFER. В течение этого этапа клиент получает ответы на свои запросы.
  • Шаг 4. Как только сервер получает DHCPREQUEST от клиента, он посылает DHCPACK сообщение о том, что теперь клиент может использовать IP-адрес, назначенный к нему. Клиент окончательно подключается к сети и с настроенными параметрами.
dhcp.txt · Последние изменения: 2016/02/03 06:06 — sander