DHCP Cisco IOS
|
The information in this article is targeted to Cisco CCNA and CCNP curriculum, and not meant as in-depth information on all IOS |
See the page DHCP for an explanation of DHCP.
DHCP Server
IOS DHCP Servers service is installed on Cisco Router IOS and most Cisco Switch IOS.
Contents
DHCP Server example with fixed options
ip dhcp excluded-address 192.168.22.2 192.168.22.99
ip dhcp excluded-address 192.168.22.200 192.168.22.255
!
ip dhcp pool STUDENTS
network 192.168.22.0 255.255.255.0
domain-name tekkom.dk
default-router 192.168.22.1
dns-server 192.168.22.223DHCP Server manual options
To add options which are not preconfigured, use the option flag. See example below. Option 150 adds a TFTP server, which for example are often used by IP Phones. The IP address points to the Call Manager (IP PBX).
ip dhcp excluded-address 172.20.0.1 172.20.0.99
!
ip dhcp pool VINKEL20
network 172.20.0.0 255.255.255.0
domain-name tekkom.dk
default-router 172.20.0.1
dns-server 172.21.0.201
option 150 ip 172.21.0.201Example below often used to LWAPP - Lightweight Access Points. Option 43 the number f104 describes the following as anIP address 0a0a0a0a=10.10.10.10 is the IP address of the WLAN Controller
ip dhcp excluded-address 172.20.0.1 172.20.0.99
!
ip dhcp pool VINKEL20
network 172.20.0.0 255.255.255.0
domain-name tekkom.dk
default-router 172.20.0.1
dns-server 172.21.0.201
option 43 hex f1040a0a0a0aLease time
- default lease time 1 day
To set lease time to 8 hours and 30 minutes, use the command lease 0 8 30 (0 days 8 hours and 30 minuttes)
ip dhcp excluded-address 172.20.0.1 172.20.0.99
!
ip dhcp pool VINKEL20
network 172.20.0.0 255.255.255.0
domain-name tekkom.dk
default-router 172.20.0.1
dns-server 172.21.0.201
<notice>lease 0 8 30</notice>DHCP Server often used SHOW commands
Show leased addresses
Mercantec#<input>show ip dhcp binding</input>
IP address Client-ID/Hardware address Lease expiration Type
192.168.22.100 0063.5972.636f.9da6. Jan 25 2009 12:30 AM Automatic
192.168.22.101 0063.6c72.636f.6e38. Jan 25 2009 12:53 AM Automatic
192.168.22.108 0063.7e7a.636f.247f. Jan 25 2009 14:32 AM AutomaticShow Server statistics
Mercantec#<input>show ip dhcp server statistics</input>
Memory usage 13906
Address pools 1
Database agents 1
Automatic bindings 1
Manual bindings 0
Expired bindings 0
Malformed messages 0
Message Received
BOOTREQUEST 0
DHCPDISCOVER 1
DHCPREQUEST 1
DHCPDECLINE 0
DHCPRELEASE 0
DHCPINFORM 0
Message Sent
BOOTREPLY 0
DHCPOFFER 1
DHCPACK 1
DHCPNAK 0
Show imported parameters from DHCP Client
This show command is used to see which DHCP server options that are imported from the Client. For example when connecting to an ISP the DHCP Client receives DNS server IP Addresses, that the inside clients need to use. This information is imported into the DHCP server.
Mercantec#<input>show ip dhcp import</input>
Address Pool Name: Client
Domain Name Server(s): 10.0.0.2
NetBIOS Name Server(s): 10.0.0.2
Domain Name Option: tekkom.dkShowing the pools
Mercantec#<input>show ip dhcp pool</input>
Pool VINKELVEJ :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 65534
Leased addresses : 0
Pending event : none
1 subnet is currently in the pool :
Current index IP address range Leased addresses
172.20.1.12 172.20.0.1 - 172.20.255.254 0DHCP Server Debug commands
Decode DHCP server receptions and transmissions
Mercantec#<input>debug ip dhcp server</input>DHCP Relay
ip helper-address command
When using a Cisco Router as a DHCP Relay you need to set the ip helper-address on the interface which receives the broadcast from the DHCP-client and specify the IP-address of the DHCP Server. See example below. R2 Receives the broadcasts on fastethernet 0/0 and need to transmit the request as a unicast to the DHCP-server R1. Se config examples below.
DHCP Relay example
Configuration of R1
hostname R1
!
ip dhcp excluded-address 192.168.22.1 192.168.22.99
ip dhcp excluded-address 192.168.22.200 192.168.22.255
!
ip dhcp pool STUDENTS
network 192.168.22.0 255.255.255.0
domain-name tekkom.dk
default-router 192.168.22.1
dns-server 192.168.22.223
!
interface fastethernet 0/0
ip address 172.16.10.1 255.255.255.0
Configuration of R2
hostname R2
!
interface fastethernet 0/0
ip address 192.168.22.1 255.255.255.0
ip helper-address 172.16.10.1
!
interface fastethernet 0/1
ip address 172.16.10.2 255.255.255.0
More than you really want to know about ip helper-addresses
The ip helper-address command forwards incoming UDP broadcast packets on the interface where the command is specified. default for the following ports
- Time UDP port 37
- Tacacs UDP port 49
- DNS UDP port 53
- BOOTP server UDP port 67
- BOOTP client UDP port 68
- TFTP UDP port 69
- NetBIOS name service UDP port 137
- NetBIOS Datagram service UDP port 138
Altering the default helper-address UDP ports
If you want to change the default UDP port forwaring, you can use the ip forward-protocol udp command. The example below will only allow DHCP clients BOOTP port 68 and SYSLOG port 514 to be forwarded.
Mercantec(config)#<input>no ip forward-protocol udp 37</input>
Mercantec(config)#<input>no ip forward-protocol udp 49</input>
Mercantec(config)#<input>no ip forward-protocol udp 53</input>
Mercantec(config)#<input>no ip forward-protocol udp 67</input>
Mercantec(config)#<input>no ip forward-protocol udp 69</input>
Mercantec(config)#<input>no ip forward-protocol udp 137</input>
Mercantec(config)#<input>no ip forward-protocol udp 138</input>
Mercantec(config)#<input>ip forward-protocol udp 514</input>DHCP Packet types
| Packet type | Sent by | From UDP port | to UDP port | Description |
|---|---|---|---|---|
| DHCP Discover | Client | 68 | 67 | Client looking for available DHCP Servers. It is a UDP broadcast. |
| DHCP offer | Server | 67 | 68 | This is a response to the Clients DHCP Discover packet. This is also a UDP broadcast. |
| DHCP request | Client | 68 | 67 | This is the clients response to a specific DHCP offer packet. |
| DHCP decline | Server | 67 | 68 | Server indicating that IP address already in use. (Perhaps client to slow) |
| DHCP ack | Server | 67 | 68 | This message is the posetive response to a client DHCP request. IP address leased by client. |
| DCHP nack | Server | 67 | 68 | This message is the negative response to a client DHCP request. IP address lease rejected. |
| DHCP release | Client | 68 | 67 | The client relinguishes its IP address and other parameters. |
| DHCP inform | Client | 68 | 67 | Using this message the client can optain local configuration parameters such as DNS server IP address, but gain its own IP address else where |
DHCP Client
DHCP Client simple example
!
interface FastEthernet0/1
description Outside: Internet connection to ISP
ip address dhcpChecking the DHCP client
To show the leased IP address and the additional options issue the show dhcp lease command. See example below.
FireWall#<input>show dhcp lease</input>
Temp IP addr: 192.168.22.178 for peer on Interface: FastEthernet0/1
Temp sub net mask: 255.255.255.0
DHCP Lease server: 192.168.22.73, state: 5 Bound
DHCP transaction id: 1075
Lease: 600 secs, Renewal: 300 secs, Rebind: 525 secs
Temp default-gateway addr: 192.168.22.73
Next timer fires after: 00:04:10
Retry count: 0 Client-ID: cisco-001b.d40f.d813-Fa0/1
Client-ID hex dump: 636973636F2D303031622E643430662E
643831332D4661302F31
Hostname: FireWallReleasing a DHCP lease
To release a lease from a DHCP server
FireWall#<input>release dhcp lease fastethernet0/1</input>Renewing a DHCP lease
To renew a lease from a DHCP server
FireWall#<input>renew dhcp lease fastethernet0/1</input>Examples with Server and Client
DHCP Client and Server with NAT/PAT example
ip dhcp excluded-address 192.168.22.1 192.168.22.99
ip dhcp excluded-address 192.168.22.200 192.168.22.255
!
ip dhcp pool HETH
network 192.168.22.0 255.255.255.0
domain-name tekkom.dk
default-router 192.168.22.1
dns-server 192.168.22.223
!
interface FastEthernet0/0
description Inside. Internal LAN
ip address 192.168.22.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1
description Outside: Internet connection to ISP
ip address dhcp
ip nat outside
!
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 remark Permit traffic from RFC1918 private net
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 172.16.0.0 0.15.255.255
access-list 1 permit 192.168.0.0 0.0.255.255DHCP Client and Server with NAT/PAT example and import
This example show a typical configuration of a small Internet gateway, which imports the IP-addresses of for example the DNS servers from the ISP.
ip dhcp excluded-address 192.168.22.1 192.168.22.99
ip dhcp excluded-address 192.168.22.200 192.168.22.255
!
ip dhcp pool HETH
network 192.168.22.0 255.255.255.0
default-router 192.168.22.1
import all
!
interface FastEthernet0/0
description Inside: Internal LAN
ip address 192.168.22.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1
description Outside: Internet connection to ISP
ip address dhcp
ip nat outside
!
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 remark Permit traffic from RFC1918 private net
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 172.16.0.0 0.15.255.255
access-list 1 permit 192.168.0.0 0.0.255.255
Troubleshooting DHCP
Is the DHCP server running
Show ip socket - shows active UDP sockets on a router. Notice below the Router is listing to UDP port 67.
R1#<input>sh ip socket</input>
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 172.16.4.84 162 192.168.159.1 57390 0 0 0 0
17 --listen-- 172.16.4.20 1975 0 0 11 0
17 172.16.4.20 54042 172.16.4.20 2228 0 0 211 0
<notice>17</notice> 0.0.0.0 0 172.16.4.20 <notice>67</notice> 0 0 2211 0
17 --listen-- 172.16.4.20 123 0 0 1 0
17 172.16.4.88 51407 172.16.4.20 161 0 0 1 0
17 --listen-- 172.16.4.20 162 0 0 11 0
17 --listen-- 172.16.4.20 54159 0 0 11 0
17 --listen-- 224.0.1.40 496 0 0 61 0In the example above protocol 17 (UDP) is listening on port 67 (bootp).
Start DHCP service
R1(config)#<input>service dhcp</input>
R1(config)#<input>^Z</input>
R1#<input>sh ip sockets</input>
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 0.0.0.0 0 10.10.10.1 67 0 0 2211 0
R1#