DHCP Configuration - Relay Agent - IP Address Assignment|
|
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||
|
Posted by dennis on August 12, 2007, 8:42 am
Please log in for more thread options
I need to design a network for a customer...maybe right I have a questione regarding how to assign IP addresses and other related informations to client in different VLANs The network have a core, a distribution and access layer....there are several VLANs for the access switches... The logical interfaces are configured with ip helper command which addresses the DHCP server... My question is: how get the clients the ip address for the assignd vlan ? Let's say client a is in vlan 5 ..and this vlan should have an range 192.168.1.0/24 The logical interface on the core router is 192.168.1.1/24 For my understand this should be done on the dhcp server....say there must be for every vlan an ip range defined !? thx dennis | ||||||||||
|
Posted by Trendkill on August 12, 2007, 8:55 am
Please log in for more thread options Yes, you define scopes for each network, and the DHCP server should assign IP addresses based on the router's source IP in the node' vlan. In short, the client will broadcast to the router, which then has an ip-helper command configured. The router will then forward that request onto the dhcp server which will know the interface of the router that received the original broadcast. The dhcp server will then assign an IP based on that source interface, which is sent back to the client who takes the IP assigned. Since the original requestor does not have an IP, the router must use his IP as the source else layer 3 won't work. Overall, and more importantly, every VLAN MUST have an ip address range, simply because a vlan is a layer 2 grouping of layer 3 devices. I should also correct myself, there are some instances when IP addresses are not needed (oracle RAC, etc) but for the most part, every vlan should have its own IP address range. They should not overlap (and can't in most routers) else layer 3 will get confused as to which vlan is the proper, and layer 2 and 3 will get hosed up. | ||||||||||
|
Posted by Merv on August 12, 2007, 10:15 am
Please log in for more thread options Be aware that the ip helper command automatically forwardsa number of
UDP protocols if they have a destination address of broadcast: . Trivial File Transfer Protocol (TFTP) (port 69) . Domain Naming System (port 53) .Time service (port 37) .NetBIOS Name Server (port 137) .NetBIOS Datagram Server (port 138) .Boot Protocol (BOOTP) client and server packets (ports 67 and 68) .TACACS service (port 49) .IEN-116 Name Service (port 42) Typically the forwarding of these other UDP ports should be be disabled so that only DHCP requests (BOOTP) are forwarded to the DHCP server: no ip forward-protocol udp tftp no ip forward-protocol udp nameserver no ip forward-protocol udp domain no ip forward-protocol udp time no ip forward-protocol udp netbios-ns no ip forward-protocol udp netbios-dgm no ip forward-protocol udp tacacs No sense flooding the DHCP server with NETBIOS broddcast packets ... | ||||||||||
|
Posted by Trendkill on August 12, 2007, 2:29 pm
Please log in for more thread options > Be aware that the ip helper command automatically forwardsa number of
> UDP protocols if they have a destination address of broadcast: > > . Trivial File Transfer Protocol (TFTP) (port 69) > . Domain Naming System (port 53) > .Time service (port 37) > .NetBIOS Name Server (port 137) > .NetBIOS Datagram Server (port 138) > .Boot Protocol (BOOTP) client and server packets (ports 67 and 68) > .TACACS service (port 49) > .IEN-116 Name Service (port 42) > > Typically the forwarding of these other UDP ports should be be > disabled so that only DHCP requests (BOOTP) are forwarded to the DHCP > server: > > no ip forward-protocol udp tftp > no ip forward-protocol udp nameserver > no ip forward-protocol udp domain > no ip forward-protocol udp time > no ip forward-protocol udp netbios-ns > no ip forward-protocol udp netbios-dgm > no ip forward-protocol udp tacacs > > No sense flooding the DHCP server with NETBIOS broddcast packets ... Provided you aren't running things like Solaris or AIX that require jumpstart, NIM, or other boot/loading functions, you are correct. Always good to lock down everything except for what you explicitly need, but if you have a large environment, can be pretty tedious going back and fixing every VLAN you locked down. Just depends on needs and whether or not you have any kind of infrastructure management software (ciscoworks). | ||||||||||
|
Posted by Merv on August 12, 2007, 6:03 pm
Please log in for more thread options Understood.
I have always wondered why Cisco didn't implement an ehnacement to have an interface dhcp-relay config command to eliminate this and severla other related issues. | ||||||||||
| Similar Threads | Posted |
| DHCP Configuration - Relay Agent - IP Address Assignment | August 12, 2007, 8:42 am |
| Dhcp Relay Agent And Acl On Sw 3750, DHCP Relay Agent and ACL on Sw 3750 | September 4, 2006, 9:50 pm |
| Cisco DHCP Relay Agent - strange thing.. | January 20, 2006, 8:26 am |
| DHCP relay agent versus Option 3; Routers Option | September 25, 2006, 10:20 am |
| DNS server assignment through DHCP | March 22, 2006, 11:02 pm |
| IP Address Block Assignment | February 1, 2006, 10:15 am |
| IP address assignment to the interfaces | September 12, 2006, 10:35 am |
| Question about 3750 Stack and IP address Assignment | January 17, 2007, 2:11 pm |
| dns relay(through dhcp)... | July 26, 2006, 6:07 pm |
| DHCP Relay through VPN | September 27, 2006, 12:18 pm |
| DHCP Relay with Pix 501 | October 12, 2006, 8:52 pm |
| DHCP relay and VPN | December 8, 2006, 6:22 pm |
| DHCP relay problem | February 10, 2005, 9:27 pm |
| Frame relay configuration | September 10, 2006, 8:54 am |
| frame relay switch configuration issue | April 9, 2007, 7:12 am |
|
Home Cabling GuideFinally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Learn More |
>
> I need to design a network for a customer...maybe right I have a
> questione regarding how to assign IP addresses and other related
> informations to client in different VLANs
>
> The network have a core, a distribution and access layer....there are
> several VLANs for the access switches...
> The logical interfaces are configured with ip helper command which
> addresses the DHCP server...
> My question is:
> how get the clients the ip address for the assignd vlan ?
> Let's say client a is in vlan 5 ..and this vlan should have an range
> 192.168.1.0/24
> The logical interface on the core router is 192.168.1.1/24
>
> For my understand this should be done on the dhcp server....say there
> must be for every vlan an ip range defined !?
>
> thx
> dennis