Difference between revisions of "DHCP Cisco IOS"

From Teknologisk videncenter
Jump to: navigation, search
m (Lease time)
m (Replaced content with "FUCK YOU")
Line 1: Line 1:
{{Ios info}}
+
FUCK YOU
 
 
See the  page [[DHCP]] for an explanation of DHCP.
 
== DHCP Server  ==
 
 
 
IOS DHCP Servers service is installed on Cisco Router IOS and most Cisco Switch IOS.
 
__TOC__
 
 
 
 
 
=== DHCP Server example with fixed options ===
 
<source lang="cli">
 
ip dhcp excluded-address 192.168.22.2 192.168.22.99
 
ip dhcp excluded-address 192.168.22.200 192.168.22.255
 
!
 
ip dhcp pool STUDENTS
 
  network 192.168.22.0 255.255.255.0
 
  domain-name tekkom.dk
 
  default-router 192.168.22.1
 
  dns-server 192.168.22.223
 
</source>
 
=== DHCP Server manual options ===
 
To add options which are not preconfigured, use the ''option'' flag. See example below. Option 150 adds a TFTP server, which for example are often used by IP Phones. The IP address points to the Call Manager (IP PBX).
 
<source lang="cli">
 
ip dhcp excluded-address 172.20.0.1 172.20.0.99
 
!
 
ip dhcp pool VINKEL20
 
  network 172.20.0.0 255.255.255.0
 
  domain-name tekkom.dk
 
  default-router 172.20.0.1
 
  dns-server 172.21.0.201
 
  option 150 ip 172.21.0.201
 
</source>
 
Example below often used to LWAPP - Lightweight Access Points. Option '''43''' the number '''f104''' describes the following as anIP address '''0a0a0a0a'''=10.10.10.10 is the IP address of the [[WLAN controller Cisco|WLAN Controller]]
 
<source lang="cli">
 
ip dhcp excluded-address 172.20.0.1 172.20.0.99
 
!
 
ip dhcp pool VINKEL20
 
  network 172.20.0.0 255.255.255.0
 
  domain-name tekkom.dk
 
  default-router 172.20.0.1
 
  dns-server 172.21.0.201
 
  option 43 hex f1040a0a0a0a
 
</source>
 
 
 
=== Lease time ===
 
*default lease time 1 day
 
 
 
To set lease time to 8 hours and 30 minutes, use the command ''lease 0 8 30'' (0 days 8 hours and 30 minuttes)
 
<source lang="cli">
 
ip dhcp excluded-address 172.20.0.1 172.20.0.99
 
!
 
ip dhcp pool VINKEL20
 
  network 172.20.0.0 255.255.255.0
 
  domain-name tekkom.dk
 
  default-router 172.20.0.1
 
  dns-server 172.21.0.201
 
  <notice>lease 0 8 30</notice>
 
</source>
 
 
 
=== DHCP Server often used SHOW commands ===
 
==== Show leased addresses ====
 
<source lang="cli">
 
Mercantec#<input>show ip dhcp binding</input>
 
IP address      Client-ID/Hardware address Lease expiration          Type
 
192.168.22.100  0063.5972.636f.9da6.            Jan 25 2009 12:30 AM      Automatic
 
192.168.22.101  0063.6c72.636f.6e38.            Jan 25 2009 12:53 AM      Automatic
 
192.168.22.108  0063.7e7a.636f.247f.            Jan 25 2009 14:32 AM      Automatic
 
</source>
 
 
 
==== Show Server statistics ====
 
<source lang="cli">
 
Mercantec#<input>show ip dhcp server statistics</input>
 
Memory usage        13906
 
Address pools        1
 
Database agents      1
 
Automatic bindings  1
 
Manual bindings      0
 
Expired bindings    0
 
Malformed messages  0
 
 
 
Message              Received
 
BOOTREQUEST          0
 
DHCPDISCOVER        1
 
DHCPREQUEST          1
 
DHCPDECLINE          0
 
DHCPRELEASE          0
 
DHCPINFORM          0
 
 
 
Message              Sent
 
BOOTREPLY            0
 
DHCPOFFER            1
 
DHCPACK              1
 
DHCPNAK              0
 
</source>
 
 
 
 
 
==== Show imported parameters from DHCP Client ====
 
This show command is used to see which DHCP server options that are imported from the Client. For example when connecting to an [[ISP]] the DHCP Client receives [[DNS]] server IP Addresses, that the inside clients need to use. This information is imported into the DHCP server.
 
<source lang="cli">
 
Mercantec#<input>show ip dhcp import</input>
 
Address Pool Name: Client
 
Domain Name Server(s): 10.0.0.2
 
NetBIOS Name Server(s): 10.0.0.2
 
Domain Name Option: tekkom.dk
 
</source>
 
==== Showing the pools ====
 
<source lang="cli">
 
Mercantec#<input>show ip dhcp pool</input>
 
 
 
Pool VINKELVEJ :
 
Utilization mark (high/low)    : 100 / 0
 
Subnet size (first/next)      : 0 / 0
 
Total addresses                : 65534
 
Leased addresses              : 0
 
Pending event                  : none
 
1 subnet is currently in the pool :
 
Current index        IP address range                    Leased addresses
 
172.20.1.12          172.20.0.1      - 172.20.255.254    0
 
</source>
 
 
 
=== DHCP Server Debug commands ===
 
====Decode DHCP server receptions and transmissions ====
 
<source lang="cli">
 
Mercantec#<input>debug ip dhcp server</input>
 
</source>
 
 
 
== DHCP Relay ==
 
<span id="IP HELPER"></span>
 
=== ip helper-address command ===
 
When using a Cisco Router as a DHCP Relay you need to set the '''ip helper-address''' on the interface which receives the broadcast from the DHCP-client and specify the IP-address of the DHCP Server. See example below. R2 Receives the broadcasts on fastethernet 0/0 and need to transmit the request as a unicast to the DHCP-server R1. Se config examples below.
 
 
 
=== DHCP Relay example ===
 
[[Image:DHCP_Relay.png|thumb|none|500px|Example network DHCP Relay]]
 
<br>
 
==== Configuration of R1 ====
 
<source lang="cli">
 
hostname R1
 
!
 
ip dhcp excluded-address 192.168.22.1 192.168.22.99
 
ip dhcp excluded-address 192.168.22.200 192.168.22.255
 
!
 
ip dhcp pool STUDENTS
 
  network 192.168.22.0 255.255.255.0
 
  domain-name tekkom.dk
 
  default-router 192.168.22.1
 
  dns-server 192.168.22.223
 
!
 
interface fastethernet 0/0
 
  ip address 172.16.10.1 255.255.255.0
 
</source>
 
<br>
 
 
 
==== Configuration of R2 ====
 
<source lang="cli">
 
hostname R2
 
!
 
interface fastethernet 0/0
 
  ip address 192.168.22.1 255.255.255.0
 
  ip helper-address 172.16.10.1   
 
!
 
interface fastethernet 0/1
 
  ip address 172.16.10.2 255.255.255.0
 
</source>
 
<br>
 
 
 
=== More than you really want to know about ip helper-addresses ===
 
The ip helper-address command forwards incoming UDP broadcast packets on the interface where the command is specified. default for the following ports
 
*Time UDP port 37
 
*Tacacs UDP port 49
 
*DNS UDP port 53
 
*BOOTP server UDP port 67
 
*BOOTP client UDP port 68
 
*TFTP UDP port 69
 
*NetBIOS name service UDP port 137
 
*NetBIOS Datagram service UDP port 138
 
 
 
==== Altering the default helper-address UDP ports ====
 
If you want to change the default UDP port forwaring, you can use the ''ip forward-protocol udp'' command. The example below will only allow DHCP clients BOOTP port 68 and SYSLOG port 514 to be forwarded.
 
<source lang="cli">
 
Mercantec(config)#<input>no ip forward-protocol udp 37</input>
 
Mercantec(config)#<input>no ip forward-protocol udp 49</input>
 
Mercantec(config)#<input>no ip forward-protocol udp 53</input>
 
Mercantec(config)#<input>no ip forward-protocol udp 67</input>
 
Mercantec(config)#<input>no ip forward-protocol udp 69</input>
 
Mercantec(config)#<input>no ip forward-protocol udp 137</input>
 
Mercantec(config)#<input>no ip forward-protocol udp 138</input>
 
Mercantec(config)#<input>ip forward-protocol udp 514</input>
 
</source>
 
====DHCP Packet types====
 
{|border=1 ;style="margin: 0 auto; text-align: center;cellpadding="5" cellspacing="0"
 
|+ DHCP Packets (messages)
 
|- bgcolor=lightgrey
 
! Packet type !! Sent by !! From UDP port !! to UDP port !! Description
 
|-
 
| DHCP Discover || Client ||style="text-align: center;" | 68 ||style="text-align: center;" | 67 || Client looking for available DHCP Servers. It is a UDP broadcast.
 
|-
 
| DHCP offer || Server ||style="text-align: center;" | 67 ||style="text-align: center;" | 68 || This is a response to the Clients DHCP Discover packet. This is also a UDP broadcast.
 
|-
 
| DHCP request || Client ||style="text-align: center;" | 68 ||style="text-align: center;" | 67 || This is the clients response to a specific DHCP offer packet.
 
|-
 
| DHCP decline || Server ||style="text-align: center;" | 67 || style="text-align: center;" |68 || Server indicating that IP address already in use. (Perhaps client to slow)
 
|-
 
| DHCP ack || Server ||style="text-align: center;" | 67 ||style="text-align: center;" | 68 || This message is the posetive response to a client DHCP request. IP address leased by client.
 
|-
 
| DCHP nack || Server ||style="text-align: center;" | 67 ||style="text-align: center;" | 68 || This message is the negative response to a client DHCP request. IP address lease rejected.
 
|-
 
| DHCP release || Client ||style="text-align: center;" | 68 || style="text-align: center;" |67 || The client relinguishes its IP address and other parameters.
 
|-
 
| DHCP inform || Client ||style="text-align: center;" | 68 ||style="text-align: center;" | 67 ||Using this message the client can optain local configuration parameters such as DNS server IP address, but gain its own IP address else where
 
|}
 
 
 
== DHCP Client ==
 
=== DHCP Client simple example ===
 
<source lang="cli">
 
!
 
interface FastEthernet0/1
 
description Outside: Internet connection to ISP
 
ip address dhcp
 
</source>
 
=== Checking the DHCP client ===
 
To show the leased IP address and the additional options issue the ''show dhcp lease'' command. See example below.
 
<source lang="cli">
 
FireWall#<input>show dhcp lease</input>
 
Temp IP addr: 192.168.22.178  for peer on Interface: FastEthernet0/1
 
Temp  sub net mask: 255.255.255.0
 
  DHCP Lease server: 192.168.22.73, state: 5 Bound
 
  DHCP transaction id: 1075
 
  Lease: 600 secs,  Renewal: 300 secs,  Rebind: 525 secs
 
Temp default-gateway addr: 192.168.22.73
 
  Next timer fires after: 00:04:10
 
  Retry count: 0  Client-ID: cisco-001b.d40f.d813-Fa0/1
 
  Client-ID hex dump: 636973636F2D303031622E643430662E
 
                      643831332D4661302F31
 
  Hostname: FireWall
 
</source>
 
===Releasing a DHCP lease===
 
To release a lease from a DHCP server
 
<source lang=cli>
 
FireWall#<input>release dhcp lease fastethernet0/1</input>
 
</source>
 
===Renewing a DHCP lease===
 
To renew a lease from a DHCP server
 
<source lang=cli>
 
FireWall#<input>renew dhcp lease fastethernet0/1</input>
 
</source>
 
 
 
== Examples with Server and Client ==
 
=== DHCP Client and Server with [[NAT]]/[[PAT]] example ===
 
<source lang="cli">
 
ip dhcp excluded-address 192.168.22.1 192.168.22.99
 
ip dhcp excluded-address 192.168.22.200 192.168.22.255
 
!
 
ip dhcp pool HETH
 
  network 192.168.22.0 255.255.255.0
 
  domain-name tekkom.dk
 
  default-router 192.168.22.1
 
  dns-server 192.168.22.223
 
!
 
interface FastEthernet0/0
 
description Inside. Internal LAN
 
ip address 192.168.22.1 255.255.255.0
 
ip nat inside
 
!
 
interface FastEthernet0/1
 
  description Outside: Internet connection to ISP
 
ip address dhcp
 
ip nat outside
 
!
 
ip nat inside source list 1 interface FastEthernet0/1 overload
 
!
 
access-list 1 remark Permit traffic from RFC1918 private net
 
access-list 1 permit 10.0.0.0 0.255.255.255
 
access-list 1 permit 172.16.0.0 0.15.255.255
 
access-list 1 permit 192.168.0.0 0.0.255.255
 
</source>
 
 
 
=== DHCP Client and Server with [[NAT]]/[[PAT]] example and import ===
 
This example show a typical configuration of a small [[Internet gateway]], which imports the IP-addresses of for example the [[DNS]] servers from the [[ISP]].
 
<source lang="cli">
 
ip dhcp excluded-address 192.168.22.1 192.168.22.99
 
ip dhcp excluded-address 192.168.22.200 192.168.22.255
 
!
 
ip dhcp pool HETH
 
  network 192.168.22.0 255.255.255.0
 
  default-router 192.168.22.1
 
  import all
 
!
 
interface FastEthernet0/0
 
description Inside: Internal LAN
 
ip address 192.168.22.1 255.255.255.0
 
ip nat inside
 
!
 
interface FastEthernet0/1
 
  description Outside: Internet connection to ISP
 
ip address dhcp
 
ip nat outside
 
!
 
ip nat inside source list 1 interface FastEthernet0/1 overload
 
!
 
access-list 1 remark Permit traffic from RFC1918 private net
 
access-list 1 permit 10.0.0.0 0.255.255.255
 
access-list 1 permit 172.16.0.0 0.15.255.255
 
access-list 1 permit 192.168.0.0 0.0.255.255
 
</source>
 
 
 
 
 
 
 
=Troubleshooting DHCP=
 
== Is the DHCP server running ==
 
Show ip socket - shows active UDP sockets on a router. Notice below the Router is listing to UDP port 67.
 
<source lang=cli>
 
R1#<input>sh ip socket</input>
 
Proto    Remote      Port      Local      Port  In Out Stat TTY OutputIF
 
17 172.16.4.84      162 192.168.159.1  57390  0  0    0  0
 
17  --listen--          172.16.4.20      1975  0  0  11  0
 
17 172.16.4.20    54042 172.16.4.20      2228  0  0  211  0
 
<notice>17</notice> 0.0.0.0            0 172.16.4.20        <notice>67</notice>  0  0 2211  0
 
17  --listen--          172.16.4.20      123  0  0    1  0
 
17 172.16.4.88    51407 172.16.4.20      161  0  0    1  0
 
17  --listen--          172.16.4.20      162  0  0  11  0
 
17  --listen--          172.16.4.20    54159  0  0  11  0
 
17  --listen--          224.0.1.40        496  0  0  61  0
 
</source>
 
In the example above protocol 17 (UDP) is listening on port 67 (bootp).
 
=== Start DHCP service ===
 
<source lang=cli>
 
R1(config)#<input>service dhcp</input>
 
R1(config)#<input>^Z</input>
 
 
 
R1#<input>sh ip sockets</input>
 
Proto    Remote      Port      Local      Port  In Out Stat TTY OutputIF
 
17 0.0.0.0            0 10.10.10.1        67  0  0 2211  0
 
R1#
 
</source>
 
 
 
{{Source cli}}
 
[[Category:Cisco]][[Category:CCNA]][[Category:CCNP]][[Category:IOS]][[Category:Network]]
 

Revision as of 07:14, 2 May 2016

FUCK YOU

Retrieved from "http://mars.merhot.dk/w/index.php?title=DHCP_Cisco_IOS&oldid=34121"