1. Home
  2. Cisco Systems
  3. DHCP Configuration - Relay Agent - IP Address Assignment

DHCP Configuration - Relay Agent - IP Address Assignment

Hi Group,

I need to design a network for a customer...maybe right I have a questione regarding how to assign IP addresses and other related informations to client in different VLANs

The network have a core, a distribution and access layer....there are several VLANs for the access switches... The logical interfaces are configured with ip helper command which addresses the DHCP server... My question is: how get the clients the ip address for the assignd vlan ? Let's say client a is in vlan 5 ..and this vlan should have an range

192.168.1.0/24 The logical interface on the core router is 192.168.1.1/24

For my understand this should be done on the dhcp server....say there must be for every vlan an ip range defined !?

thx dennis

Reply to
dennis
Loading thread data ...

Yes, you define scopes for each network, and the DHCP server should assign IP addresses based on the router's source IP in the node' vlan. In short, the client will broadcast to the router, which then has an ip-helper command configured. The router will then forward that request onto the dhcp server which will know the interface of the router that received the original broadcast. The dhcp server will then assign an IP based on that source interface, which is sent back to the client who takes the IP assigned. Since the original requestor does not have an IP, the router must use his IP as the source else layer 3 won't work.

Overall, and more importantly, every VLAN MUST have an ip address range, simply because a vlan is a layer 2 grouping of layer 3 devices. I should also correct myself, there are some instances when IP addresses are not needed (oracle RAC, etc) but for the most part, every vlan should have its own IP address range. They should not overlap (and can't in most routers) else layer 3 will get confused as to which vlan is the proper, and layer 2 and 3 will get hosed up.

Reply to
Trendkill

Be aware that the ip helper command automatically forwardsa number of UDP protocols if they have a destination address of broadcast:

. Trivial File Transfer Protocol (TFTP) (port 69) . Domain Naming System (port 53) .Time service (port 37) .NetBIOS Name Server (port 137) .NetBIOS Datagram Server (port 138) .Boot Protocol (BOOTP) client and server packets (ports 67 and 68) .TACACS service (port 49) .IEN-116 Name Service (port 42)

Typically the forwarding of these other UDP ports should be be disabled so that only DHCP requests (BOOTP) are forwarded to the DHCP server:

no ip forward-protocol udp tftp no ip forward-protocol udp nameserver no ip forward-protocol udp domain no ip forward-protocol udp time no ip forward-protocol udp netbios-ns no ip forward-protocol udp netbios-dgm no ip forward-protocol udp tacacs

No sense flooding the DHCP server with NETBIOS broddcast packets ...

Reply to
Merv

Provided you aren't running things like Solaris or AIX that require jumpstart, NIM, or other boot/loading functions, you are correct. Always good to lock down everything except for what you explicitly need, but if you have a large environment, can be pretty tedious going back and fixing every VLAN you locked down. Just depends on needs and whether or not you have any kind of infrastructure management software (ciscoworks).

Reply to
Trendkill

Understood.

I have always wondered why Cisco didn't implement an ehnacement to have an interface dhcp-relay config command to eliminate this and severla other related issues.

Reply to
Merv

Hi,

thanks a lot for all the answers.... Right now...first I would determine the IP address range for every vlan, than this should be configured on the dhcp server. Also I need to disable all other "udp forwards" except bootpc.

greetz

dennis

Reply to
dennis

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.