Difference between revisions of "DHCP Cisco IOS"

From Teknologisk videncenter
Jump to: navigation, search
(Configuration of R2)
m (Start DHCP service)
 
(94 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{category:IOS}} {{category:network}} {{Ios info}} __TOC__
+
{{Ios info}}
  
 +
See the  page [[DHCP]] for an explanation of DHCP.
 
== DHCP Server  ==
 
== DHCP Server  ==
  
IOS DHCP Servers service is installed Cisco Router IOS and not on Cisco Switch IOS.
+
IOS DHCP Servers service is installed on Cisco Router IOS and most Cisco Switch IOS.
 
+
__TOC__
  
  
 
=== DHCP Server example with fixed options ===  
 
=== DHCP Server example with fixed options ===  
<pre>
+
<source lang="cli">
!
+
ip dhcp excluded-address 192.168.22.2 192.168.22.99
ip dhcp excluded-address 192.168.22.1 192.168.22.99
 
 
ip dhcp excluded-address 192.168.22.200 192.168.22.255
 
ip dhcp excluded-address 192.168.22.200 192.168.22.255
 
!
 
!
Line 18: Line 18:
 
   default-router 192.168.22.1
 
   default-router 192.168.22.1
 
   dns-server 192.168.22.223  
 
   dns-server 192.168.22.223  
!  
+
</source>
</pre>
+
=== DHCP Server manual options ===
 +
To add options which are not preconfigured, use the ''option'' flag. See example below. Option 150 adds a TFTP server, which for example are often used by IP Phones. The IP address points to the Call Manager (IP PBX).
 +
<source lang="cli">
 +
ip dhcp excluded-address 172.20.0.1 172.20.0.99
 +
!
 +
ip dhcp pool VINKEL20
 +
  network 172.20.0.0 255.255.255.0
 +
  domain-name tekkom.dk
 +
  default-router 172.20.0.1
 +
  dns-server 172.21.0.201
 +
  option 150 ip 172.21.0.201
 +
</source>
 +
Example below often used to LWAPP - Lightweight Access Points. Option '''43''' the number '''f104''' describes the following as anIP address '''0a0a0a0a'''=10.10.10.10 is the IP address of the [[WLAN controller Cisco|WLAN Controller]]
 +
<source lang="cli">
 +
ip dhcp excluded-address 172.20.0.1 172.20.0.99
 +
!
 +
ip dhcp pool VINKEL20
 +
  network 172.20.0.0 255.255.255.0
 +
  domain-name tekkom.dk
 +
  default-router 172.20.0.1
 +
  dns-server 172.21.0.201
 +
  option 43 hex f1040a0a0a0a
 +
</source>
 +
 
 +
=== Lease time ===
 +
*default lease time 1 day
 +
 
 +
To set lease time to 8 hours and 30 minutes, use the command ''lease 0 8 30'' (0 days 8 hours and 30 minuttes)
 +
<source lang="cli">
 +
ip dhcp excluded-address 172.20.0.1 172.20.0.99
 +
!
 +
ip dhcp pool VINKEL20
 +
  network 172.20.0.0 255.255.255.0
 +
  domain-name tekkom.dk
 +
  default-router 172.20.0.1
 +
  dns-server 172.21.0.201
 +
  <notice>lease 0 8 30</notice>
 +
</source>
  
 
=== DHCP Server often used SHOW commands ===
 
=== DHCP Server often used SHOW commands ===
 
==== Show leased addresses ====
 
==== Show leased addresses ====
<pre>
+
<source lang="cli">
Mercantec#show ip dhcp binding
+
Mercantec#<input>show ip dhcp binding</input>
IP address      Client-ID/Hardware address Lease expiration           Type
+
IP address      Client-ID/Hardware address Lease expiration         Type
192.168.22.100  0063.5973.636f.9da6.                   Jan 25 2009 12:30 AM       Automatic
+
192.168.22.100  0063.5972.636f.9da6.           Jan 25 2009 12:30 AM     Automatic
192.168.22.101  0063.6c72.636f.6e38.                   Jan 25 2009 12:53 AM       Automatic
+
192.168.22.101  0063.6c72.636f.6e38.           Jan 25 2009 12:53 AM     Automatic
192.168.22.108  0063.7e7a.636f.247f.                   Jan 25 2009 14:32 AM       Automatic
+
192.168.22.108  0063.7e7a.636f.247f.           Jan 25 2009 14:32 AM     Automatic
</pre>
+
</source>
 +
 
 
==== Show Server statistics ====
 
==== Show Server statistics ====
<pre>
+
<source lang="cli">
Mercantec#show ip dhcp server statistics
+
Mercantec#<input>show ip dhcp server statistics</input>
 
Memory usage        13906
 
Memory usage        13906
 
Address pools        1
 
Address pools        1
Line 54: Line 92:
 
DHCPACK              1
 
DHCPACK              1
 
DHCPNAK              0
 
DHCPNAK              0
</pre>
+
</source>
  
  
 
==== Show imported parameters from DHCP Client ====
 
==== Show imported parameters from DHCP Client ====
This show command is used to see which DHCP server options that are imported from the Client. For example when connecting to an ISP the DHCP Client receives DNS server IP Addresses, that the inside clients need to use. This information is imported into the DHCP server.
+
This show command is used to see which DHCP server options that are imported from the Client. For example when connecting to an [[ISP]] the DHCP Client receives [[DNS]] server IP Addresses, that the inside clients need to use. This information is imported into the DHCP server.
<pre>
+
<source lang="cli">
Mercantec#show ip dhcp import
+
Mercantec#<input>show ip dhcp import</input>
 
Address Pool Name: Client
 
Address Pool Name: Client
 
Domain Name Server(s): 10.0.0.2
 
Domain Name Server(s): 10.0.0.2
 
NetBIOS Name Server(s): 10.0.0.2
 
NetBIOS Name Server(s): 10.0.0.2
Domain Name Option: CRemote#show ip dhcp import
+
Domain Name Option: tekkom.dk
Address Pool Name: Client
+
</source>
Domain Name Server(s): 10.0.0.2
+
==== Showing the pools ====
NetBIOS Name Server(s): 10.0.0.2
+
<source lang="cli">
Domain Name Option: TDC-Internet
+
Mercantec#<input>show ip dhcp pool</input>
</pre>
+
 
 +
Pool VINKELVEJ :
 +
Utilization mark (high/low)   : 100 / 0
 +
Subnet size (first/next)       : 0 / 0
 +
Total addresses                : 65534
 +
Leased addresses              : 0
 +
Pending event                  : none
 +
1 subnet is currently in the pool :
 +
Current index        IP address range                    Leased addresses
 +
172.20.1.12          172.20.0.1      - 172.20.255.254    0
 +
</source>
  
 
=== DHCP Server Debug commands ===
 
=== DHCP Server Debug commands ===
 
====Decode DHCP server receptions and transmissions ====
 
====Decode DHCP server receptions and transmissions ====
<pre>
+
<source lang="cli">
Mercantec#debug ip dhcp server
+
Mercantec#<input>debug ip dhcp server</input>
</pre>
+
</source>
 +
 
 
== DHCP Relay ==
 
== DHCP Relay ==
 +
<span id="IP HELPER"></span>
 +
=== ip helper-address command ===
 +
When using a Cisco Router as a DHCP Relay you need to set the '''ip helper-address''' on the interface which receives the broadcast from the DHCP-client and specify the IP-address of the DHCP Server. See example below. R2 Receives the broadcasts on fastethernet 0/0 and need to transmit the request as a unicast to the DHCP-server R1. Se config examples below.
 +
 
=== DHCP Relay example ===
 
=== DHCP Relay example ===
[[Billede:DHCP_Relay.png|border|Example network DHCP Relay]]
+
[[Image:DHCP_Relay.png|thumb|none|500px|Example network DHCP Relay]]
 
<br>
 
<br>
 
==== Configuration of R1 ====
 
==== Configuration of R1 ====
<pre>
+
<source lang="cli">
 +
hostname R1
 
!  
 
!  
 
ip dhcp excluded-address 192.168.22.1 192.168.22.99
 
ip dhcp excluded-address 192.168.22.1 192.168.22.99
Line 94: Line 148:
 
interface fastethernet 0/0
 
interface fastethernet 0/0
 
   ip address 172.16.10.1 255.255.255.0
 
   ip address 172.16.10.1 255.255.255.0
</pre>
+
</source>
 
<br>
 
<br>
  
 
==== Configuration of R2 ====
 
==== Configuration of R2 ====
<pre>
+
<source lang="cli">
 +
hostname R2
 +
!
 
interface fastethernet 0/0
 
interface fastethernet 0/0
 
   ip address 192.168.22.1 255.255.255.0
 
   ip address 192.168.22.1 255.255.255.0
   '''ip helper-address 172.16.10.1'''      
+
   ip helper-address 172.16.10.1     
 
!
 
!
 
interface fastethernet 0/1
 
interface fastethernet 0/1
 
   ip address 172.16.10.2 255.255.255.0
 
   ip address 172.16.10.2 255.255.255.0
</pre>
+
</source>
 
<br>
 
<br>
 +
 +
=== More than you really want to know about ip helper-addresses ===
 +
The ip helper-address command forwards incoming UDP broadcast packets on the interface where the command is specified. default for the following ports
 +
*Time UDP port 37
 +
*Tacacs UDP port 49
 +
*DNS UDP port 53
 +
*BOOTP server UDP port 67
 +
*BOOTP client UDP port 68
 +
*TFTP UDP port 69
 +
*NetBIOS name service UDP port 137
 +
*NetBIOS Datagram service UDP port 138
 +
 +
==== Altering the default helper-address UDP ports ====
 +
If you want to change the default UDP port forwaring, you can use the ''ip forward-protocol udp'' command. The example below will only allow DHCP clients BOOTP port 68 and SYSLOG port 514 to be forwarded.
 +
<source lang="cli">
 +
Mercantec(config)#<input>no ip forward-protocol udp 37</input>
 +
Mercantec(config)#<input>no ip forward-protocol udp 49</input>
 +
Mercantec(config)#<input>no ip forward-protocol udp 53</input>
 +
Mercantec(config)#<input>no ip forward-protocol udp 67</input>
 +
Mercantec(config)#<input>no ip forward-protocol udp 69</input>
 +
Mercantec(config)#<input>no ip forward-protocol udp 137</input>
 +
Mercantec(config)#<input>no ip forward-protocol udp 138</input>
 +
Mercantec(config)#<input>ip forward-protocol udp 514</input>
 +
</source>
 +
====DHCP Packet types====
 +
{|border=1 ;style="margin: 0 auto; text-align: center;cellpadding="5" cellspacing="0"
 +
|+ DHCP Packets (messages)
 +
|- bgcolor=lightgrey
 +
! Packet type !! Sent by !! From UDP port !! to UDP port !! Description
 +
|-
 +
| DHCP Discover || Client ||style="text-align: center;" | 68 ||style="text-align: center;" | 67 || Client looking for available DHCP Servers. It is a UDP broadcast.
 +
|-
 +
| DHCP offer || Server ||style="text-align: center;" | 67 ||style="text-align: center;" | 68 || This is a response to the Clients DHCP Discover packet. This is also a UDP broadcast.
 +
|-
 +
| DHCP request || Client ||style="text-align: center;" | 68 ||style="text-align: center;" | 67 || This is the clients response to a specific DHCP offer packet.
 +
|-
 +
| DHCP decline || Server ||style="text-align: center;" | 67 || style="text-align: center;" |68 || Server indicating that IP address already in use. (Perhaps client to slow)
 +
|-
 +
| DHCP ack || Server ||style="text-align: center;" | 67 ||style="text-align: center;" | 68 || This message is the posetive response to a client DHCP request. IP address leased by client.
 +
|-
 +
| DCHP nack || Server ||style="text-align: center;" | 67 ||style="text-align: center;" | 68 || This message is the negative response to a client DHCP request. IP address lease rejected.
 +
|-
 +
| DHCP release || Client ||style="text-align: center;" | 68 || style="text-align: center;" |67 || The client relinguishes its IP address and other parameters.
 +
|-
 +
| DHCP inform || Client ||style="text-align: center;" | 68 ||style="text-align: center;" | 67 ||Using this message the client can optain local configuration parameters such as DNS server IP address, but gain its own IP address else where
 +
|}
  
 
== DHCP Client ==
 
== DHCP Client ==
 
=== DHCP Client simple example ===
 
=== DHCP Client simple example ===
<pre>
+
<source lang="cli">
 
!
 
!
 
interface FastEthernet0/1
 
interface FastEthernet0/1
  description Outside: Internet connection to ISP
+
description Outside: Internet connection to ISP
 
  ip address dhcp
 
  ip address dhcp
</pre>
+
</source>
 +
=== Checking the DHCP client ===
 +
To show the leased IP address and the additional options issue the ''show dhcp lease'' command. See example below.
 +
<source lang="cli">
 +
FireWall#<input>show dhcp lease</input>
 +
Temp IP addr: 192.168.22.178  for peer on Interface: FastEthernet0/1
 +
Temp  sub net mask: 255.255.255.0
 +
  DHCP Lease server: 192.168.22.73, state: 5 Bound
 +
  DHCP transaction id: 1075
 +
  Lease: 600 secs,  Renewal: 300 secs,  Rebind: 525 secs
 +
Temp default-gateway addr: 192.168.22.73
 +
  Next timer fires after: 00:04:10
 +
  Retry count: 0  Client-ID: cisco-001b.d40f.d813-Fa0/1
 +
  Client-ID hex dump: 636973636F2D303031622E643430662E
 +
                      643831332D4661302F31
 +
  Hostname: FireWall
 +
</source>
 +
===Releasing a DHCP lease===
 +
To release a lease from a DHCP server
 +
<source lang=cli>
 +
FireWall#<input>release dhcp lease fastethernet0/1</input>
 +
</source>
 +
===Renewing a DHCP lease===
 +
To renew a lease from a DHCP server
 +
<source lang=cli>
 +
FireWall#<input>renew dhcp lease fastethernet0/1</input>
 +
</source>
  
 
== Examples with Server and Client ==
 
== Examples with Server and Client ==
=== DHCP Client and Server with NAT/PAT example ===
+
=== DHCP Client and Server with [[NAT]]/[[PAT]] example ===
<pre>
+
<source lang="cli">
 
ip dhcp excluded-address 192.168.22.1 192.168.22.99
 
ip dhcp excluded-address 192.168.22.1 192.168.22.99
 
ip dhcp excluded-address 192.168.22.200 192.168.22.255
 
ip dhcp excluded-address 192.168.22.200 192.168.22.255
Line 141: Line 269:
 
ip nat inside source list 1 interface FastEthernet0/1 overload
 
ip nat inside source list 1 interface FastEthernet0/1 overload
 
!
 
!
 +
access-list 1 remark Permit traffic from RFC1918 private net
 
access-list 1 permit 10.0.0.0 0.255.255.255
 
access-list 1 permit 10.0.0.0 0.255.255.255
 
access-list 1 permit 172.16.0.0 0.15.255.255
 
access-list 1 permit 172.16.0.0 0.15.255.255
 
access-list 1 permit 192.168.0.0 0.0.255.255
 
access-list 1 permit 192.168.0.0 0.0.255.255
</pre>
+
</source>
  
=== DHCP Client and Server with NAT/PAT example and import ===
+
=== DHCP Client and Server with [[NAT]]/[[PAT]] example and import ===
<pre>
+
This example show a typical configuration of a small [[Internet gateway]], which imports the IP-addresses of for example the [[DNS]] servers from the [[ISP]].
 +
<source lang="cli">
 
ip dhcp excluded-address 192.168.22.1 192.168.22.99
 
ip dhcp excluded-address 192.168.22.1 192.168.22.99
 
ip dhcp excluded-address 192.168.22.200 192.168.22.255
 
ip dhcp excluded-address 192.168.22.200 192.168.22.255
Line 153: Line 283:
 
ip dhcp pool HETH
 
ip dhcp pool HETH
 
   network 192.168.22.0 255.255.255.0
 
   network 192.168.22.0 255.255.255.0
 +
  default-router 192.168.22.1
 
   import all
 
   import all
 
!
 
!
 
interface FastEthernet0/0
 
interface FastEthernet0/0
  description Inside. Internal LAN
+
  description Inside: Internal LAN
 
  ip address 192.168.22.1 255.255.255.0
 
  ip address 192.168.22.1 255.255.255.0
 
  ip nat inside
 
  ip nat inside
Line 167: Line 298:
 
ip nat inside source list 1 interface FastEthernet0/1 overload
 
ip nat inside source list 1 interface FastEthernet0/1 overload
 
!
 
!
 +
access-list 1 remark Permit traffic from RFC1918 private net
 
access-list 1 permit 10.0.0.0 0.255.255.255
 
access-list 1 permit 10.0.0.0 0.255.255.255
 
access-list 1 permit 172.16.0.0 0.15.255.255
 
access-list 1 permit 172.16.0.0 0.15.255.255
 
access-list 1 permit 192.168.0.0 0.0.255.255
 
access-list 1 permit 192.168.0.0 0.0.255.255
</pre>
+
</source>
 +
 
 +
 
 +
 
 +
=Troubleshooting DHCP=
 +
== Is the DHCP server running ==
 +
Show ip socket - shows active UDP sockets on a router. Notice below the Router is listing to UDP port 67.
 +
<source lang=cli>
 +
R1#<input>sh ip socket</input>
 +
Proto    Remote      Port      Local      Port  In Out Stat TTY OutputIF
 +
17 172.16.4.84      162 192.168.159.1  57390  0  0    0  0
 +
17  --listen--          172.16.4.20      1975  0  0  11  0
 +
17 172.16.4.20    54042 172.16.4.20      2228  0  0  211  0
 +
<notice>17</notice> 0.0.0.0            0 172.16.4.20        <notice>67</notice>  0  0 2211  0
 +
17  --listen--          172.16.4.20      123  0  0    1  0
 +
17 172.16.4.88    51407 172.16.4.20      161  0  0    1  0
 +
17  --listen--          172.16.4.20      162  0  0  11  0
 +
17  --listen--          172.16.4.20    54159  0  0  11  0
 +
17  --listen--          224.0.1.40        496  0  0  61  0
 +
</source>
 +
In the example above protocol 17 (UDP) is listening on port 67 (bootp).
 +
=== Start DHCP service ===
 +
<source lang=cli>
 +
R1(config)#<input>service dhcp</input>
 +
R1(config)#<input>^Z</input>
 +
 
 +
R1#<input>sh ip sockets</input>
 +
Proto    Remote      Port      Local      Port  In Out Stat TTY OutputIF
 +
17 0.0.0.0            0 10.10.10.1        67  0  0 2211  0
 +
R1#
 +
</source>
 +
 
 +
{{Source cli}}
 +
 
 +
[[Category:Cisco]][[Category:CCNA]][[Category:CCNP]][[Category:IOS]][[Category:Network]]

Latest revision as of 08:13, 8 February 2017

Comment The information in this article is targeted to Cisco CCNA and CCNP curriculum, and not meant as in-depth information on all IOS

See the page DHCP for an explanation of DHCP.

DHCP Server

IOS DHCP Servers service is installed on Cisco Router IOS and most Cisco Switch IOS.


DHCP Server example with fixed options

ip dhcp excluded-address 192.168.22.2 192.168.22.99
ip dhcp excluded-address 192.168.22.200 192.168.22.255
!
ip dhcp pool STUDENTS
  network 192.168.22.0 255.255.255.0
  domain-name tekkom.dk
  default-router 192.168.22.1
  dns-server 192.168.22.223

DHCP Server manual options

To add options which are not preconfigured, use the option flag. See example below. Option 150 adds a TFTP server, which for example are often used by IP Phones. The IP address points to the Call Manager (IP PBX).

ip dhcp excluded-address 172.20.0.1 172.20.0.99
!
ip dhcp pool VINKEL20
   network 172.20.0.0 255.255.255.0
   domain-name tekkom.dk
   default-router 172.20.0.1
   dns-server 172.21.0.201
   option 150 ip 172.21.0.201

Example below often used to LWAPP - Lightweight Access Points. Option 43 the number f104 describes the following as anIP address 0a0a0a0a=10.10.10.10 is the IP address of the WLAN Controller

ip dhcp excluded-address 172.20.0.1 172.20.0.99
!
ip dhcp pool VINKEL20
   network 172.20.0.0 255.255.255.0
   domain-name tekkom.dk
   default-router 172.20.0.1
   dns-server 172.21.0.201
   option 43 hex f1040a0a0a0a

Lease time

  • default lease time 1 day

To set lease time to 8 hours and 30 minutes, use the command lease 0 8 30 (0 days 8 hours and 30 minuttes)

ip dhcp excluded-address 172.20.0.1 172.20.0.99
!
ip dhcp pool VINKEL20
   network 172.20.0.0 255.255.255.0
   domain-name tekkom.dk
   default-router 172.20.0.1
   dns-server 172.21.0.201
   <notice>lease 0 8 30</notice>

DHCP Server often used SHOW commands

Show leased addresses

Mercantec#<input>show ip dhcp binding</input>
IP address       Client-ID/Hardware address	 Lease expiration          Type
192.168.22.100   0063.5972.636f.9da6.            Jan 25 2009 12:30 AM      Automatic
192.168.22.101   0063.6c72.636f.6e38.            Jan 25 2009 12:53 AM      Automatic
192.168.22.108   0063.7e7a.636f.247f.            Jan 25 2009 14:32 AM      Automatic

Show Server statistics

Mercantec#<input>show ip dhcp server statistics</input>
Memory usage         13906
Address pools        1
Database agents      1
Automatic bindings   1
Manual bindings      0
Expired bindings     0
Malformed messages   0

Message              Received
BOOTREQUEST          0
DHCPDISCOVER         1
DHCPREQUEST          1
DHCPDECLINE          0
DHCPRELEASE          0
DHCPINFORM           0

Message              Sent
BOOTREPLY            0
DHCPOFFER            1
DHCPACK              1
DHCPNAK              0


Show imported parameters from DHCP Client

This show command is used to see which DHCP server options that are imported from the Client. For example when connecting to an ISP the DHCP Client receives DNS server IP Addresses, that the inside clients need to use. This information is imported into the DHCP server.

Mercantec#<input>show ip dhcp import</input>
Address Pool Name: Client
Domain Name Server(s): 10.0.0.2
NetBIOS Name Server(s): 10.0.0.2
Domain Name Option: tekkom.dk

Showing the pools

Mercantec#<input>show ip dhcp pool</input>

Pool VINKELVEJ :
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)       : 0 / 0
 Total addresses                : 65534
 Leased addresses               : 0
 Pending event                  : none
 1 subnet is currently in the pool :
 Current index        IP address range                    Leased addresses
 172.20.1.12          172.20.0.1       - 172.20.255.254    0

DHCP Server Debug commands

Decode DHCP server receptions and transmissions

Mercantec#<input>debug ip dhcp server</input>

DHCP Relay

ip helper-address command

When using a Cisco Router as a DHCP Relay you need to set the ip helper-address on the interface which receives the broadcast from the DHCP-client and specify the IP-address of the DHCP Server. See example below. R2 Receives the broadcasts on fastethernet 0/0 and need to transmit the request as a unicast to the DHCP-server R1. Se config examples below.

DHCP Relay example

Example network DHCP Relay


Configuration of R1

hostname R1
! 
ip dhcp excluded-address 192.168.22.1 192.168.22.99
ip dhcp excluded-address 192.168.22.200 192.168.22.255
!
ip dhcp pool STUDENTS
  network 192.168.22.0 255.255.255.0
  domain-name tekkom.dk
  default-router 192.168.22.1
  dns-server 192.168.22.223 
! 
interface fastethernet 0/0
  ip address 172.16.10.1 255.255.255.0


Configuration of R2

hostname R2
!
interface fastethernet 0/0
  ip address 192.168.22.1 255.255.255.0
  ip helper-address 172.16.10.1     
!
interface fastethernet 0/1
  ip address 172.16.10.2 255.255.255.0


More than you really want to know about ip helper-addresses

The ip helper-address command forwards incoming UDP broadcast packets on the interface where the command is specified. default for the following ports

  • Time UDP port 37
  • Tacacs UDP port 49
  • DNS UDP port 53
  • BOOTP server UDP port 67
  • BOOTP client UDP port 68
  • TFTP UDP port 69
  • NetBIOS name service UDP port 137
  • NetBIOS Datagram service UDP port 138

Altering the default helper-address UDP ports

If you want to change the default UDP port forwaring, you can use the ip forward-protocol udp command. The example below will only allow DHCP clients BOOTP port 68 and SYSLOG port 514 to be forwarded.

Mercantec(config)#<input>no ip forward-protocol udp 37</input>
Mercantec(config)#<input>no ip forward-protocol udp 49</input>
Mercantec(config)#<input>no ip forward-protocol udp 53</input>
Mercantec(config)#<input>no ip forward-protocol udp 67</input>
Mercantec(config)#<input>no ip forward-protocol udp 69</input>
Mercantec(config)#<input>no ip forward-protocol udp 137</input>
Mercantec(config)#<input>no ip forward-protocol udp 138</input>
Mercantec(config)#<input>ip forward-protocol udp 514</input>

DHCP Packet types

DHCP Packets (messages)
Packet type Sent by From UDP port to UDP port Description
DHCP Discover Client 68 67 Client looking for available DHCP Servers. It is a UDP broadcast.
DHCP offer Server 67 68 This is a response to the Clients DHCP Discover packet. This is also a UDP broadcast.
DHCP request Client 68 67 This is the clients response to a specific DHCP offer packet.
DHCP decline Server 67 68 Server indicating that IP address already in use. (Perhaps client to slow)
DHCP ack Server 67 68 This message is the posetive response to a client DHCP request. IP address leased by client.
DCHP nack Server 67 68 This message is the negative response to a client DHCP request. IP address lease rejected.
DHCP release Client 68 67 The client relinguishes its IP address and other parameters.
DHCP inform Client 68 67 Using this message the client can optain local configuration parameters such as DNS server IP address, but gain its own IP address else where

DHCP Client

DHCP Client simple example

!
interface FastEthernet0/1
 description Outside: Internet connection to ISP
 ip address dhcp

Checking the DHCP client

To show the leased IP address and the additional options issue the show dhcp lease command. See example below.

FireWall#<input>show dhcp lease</input>
Temp IP addr: 192.168.22.178  for peer on Interface: FastEthernet0/1
Temp  sub net mask: 255.255.255.0
   DHCP Lease server: 192.168.22.73, state: 5 Bound
   DHCP transaction id: 1075
   Lease: 600 secs,  Renewal: 300 secs,  Rebind: 525 secs
Temp default-gateway addr: 192.168.22.73
   Next timer fires after: 00:04:10
   Retry count: 0   Client-ID: cisco-001b.d40f.d813-Fa0/1
   Client-ID hex dump: 636973636F2D303031622E643430662E
                       643831332D4661302F31
   Hostname: FireWall

Releasing a DHCP lease

To release a lease from a DHCP server

FireWall#<input>release dhcp lease fastethernet0/1</input>

Renewing a DHCP lease

To renew a lease from a DHCP server

FireWall#<input>renew dhcp lease fastethernet0/1</input>

Examples with Server and Client

DHCP Client and Server with NAT/PAT example

ip dhcp excluded-address 192.168.22.1 192.168.22.99
ip dhcp excluded-address 192.168.22.200 192.168.22.255
!
ip dhcp pool HETH
   network 192.168.22.0 255.255.255.0
   domain-name tekkom.dk
   default-router 192.168.22.1
   dns-server 192.168.22.223
!
interface FastEthernet0/0
 description Inside. Internal LAN
 ip address 192.168.22.1 255.255.255.0
 ip nat inside
!
interface FastEthernet0/1
  description Outside: Internet connection to ISP
 ip address dhcp
 ip nat outside
!
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 remark Permit traffic from RFC1918 private net
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 172.16.0.0 0.15.255.255
access-list 1 permit 192.168.0.0 0.0.255.255

DHCP Client and Server with NAT/PAT example and import

This example show a typical configuration of a small Internet gateway, which imports the IP-addresses of for example the DNS servers from the ISP.

ip dhcp excluded-address 192.168.22.1 192.168.22.99
ip dhcp excluded-address 192.168.22.200 192.168.22.255
!
ip dhcp pool HETH
   network 192.168.22.0 255.255.255.0
   default-router 192.168.22.1
   import all
!
interface FastEthernet0/0
 description Inside: Internal LAN
 ip address 192.168.22.1 255.255.255.0
 ip nat inside
!
interface FastEthernet0/1
  description Outside: Internet connection to ISP
 ip address dhcp
 ip nat outside
!
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 remark Permit traffic from RFC1918 private net
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 172.16.0.0 0.15.255.255
access-list 1 permit 192.168.0.0 0.0.255.255


Troubleshooting DHCP

Is the DHCP server running

Show ip socket - shows active UDP sockets on a router. Notice below the Router is listing to UDP port 67.

R1#<input>sh ip socket</input>
Proto    Remote      Port      Local       Port  In Out Stat TTY OutputIF
 17 172.16.4.84       162 192.168.159.1   57390   0   0    0   0
 17   --listen--          172.16.4.20      1975   0   0   11   0
 17 172.16.4.20     54042 172.16.4.20      2228   0   0  211   0
 <notice>17</notice> 0.0.0.0             0 172.16.4.20        <notice>67</notice>   0   0 2211   0
 17   --listen--          172.16.4.20       123   0   0    1   0
 17 172.16.4.88     51407 172.16.4.20       161   0   0    1   0
 17   --listen--          172.16.4.20       162   0   0   11   0
 17   --listen--          172.16.4.20     54159   0   0   11   0
 17   --listen--          224.0.1.40        496   0   0   61   0

In the example above protocol 17 (UDP) is listening on port 67 (bootp).

Start DHCP service

R1(config)#<input>service dhcp</input>
R1(config)#<input>^Z</input>

R1#<input>sh ip sockets</input>
Proto    Remote      Port      Local       Port  In Out Stat TTY OutputIF
 17 0.0.0.0             0 10.10.10.1         67   0   0 2211   0
R1#