Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > DHCP Configuration - Relay Agent - IP Address Assignment

Reply
Thread Tools

DHCP Configuration - Relay Agent - IP Address Assignment

 
 
dennis
Guest
Posts: n/a
 
      08-12-2007
Hi Group,

I need to design a network for a customer...maybe right I have a
questione regarding how to assign IP addresses and other related
informations to client in different VLANs

The network have a core, a distribution and access layer....there are
several VLANs for the access switches...
The logical interfaces are configured with ip helper command which
addresses the DHCP server...
My question is:
how get the clients the ip address for the assignd vlan ?
Let's say client a is in vlan 5 ..and this vlan should have an range
192.168.1.0/24
The logical interface on the core router is 192.168.1.1/24

For my understand this should be done on the dhcp server....say there
must be for every vlan an ip range defined !?

thx
dennis

 
Reply With Quote
 
 
 
 
Trendkill
Guest
Posts: n/a
 
      08-12-2007
On Aug 12, 8:42 am, dennis <(E-Mail Removed)> wrote:
> Hi Group,
>
> I need to design a network for a customer...maybe right I have a
> questione regarding how to assign IP addresses and other related
> informations to client in different VLANs
>
> The network have a core, a distribution and access layer....there are
> several VLANs for the access switches...
> The logical interfaces are configured with ip helper command which
> addresses the DHCP server...
> My question is:
> how get the clients the ip address for the assignd vlan ?
> Let's say client a is in vlan 5 ..and this vlan should have an range
> 192.168.1.0/24
> The logical interface on the core router is 192.168.1.1/24
>
> For my understand this should be done on the dhcp server....say there
> must be for every vlan an ip range defined !?
>
> thx
> dennis


Yes, you define scopes for each network, and the DHCP server should
assign IP addresses based on the router's source IP in the node'
vlan. In short, the client will broadcast to the router, which then
has an ip-helper command configured. The router will then forward
that request onto the dhcp server which will know the interface of the
router that received the original broadcast. The dhcp server will
then assign an IP based on that source interface, which is sent back
to the client who takes the IP assigned. Since the original requestor
does not have an IP, the router must use his IP as the source else
layer 3 won't work.

Overall, and more importantly, every VLAN MUST have an ip address
range, simply because a vlan is a layer 2 grouping of layer 3
devices. I should also correct myself, there are some instances when
IP addresses are not needed (oracle RAC, etc) but for the most part,
every vlan should have its own IP address range. They should not
overlap (and can't in most routers) else layer 3 will get confused as
to which vlan is the proper, and layer 2 and 3 will get hosed up.

 
Reply With Quote
 
 
 
 
Merv
Guest
Posts: n/a
 
      08-12-2007
Be aware that the ip helper command automatically forwardsa number of
UDP protocols if they have a destination address of broadcast:

.. Trivial File Transfer Protocol (TFTP) (port 69)
.. Domain Naming System (port 53)
..Time service (port 37)
..NetBIOS Name Server (port 137)
..NetBIOS Datagram Server (port 13
..Boot Protocol (BOOTP) client and server packets (ports 67 and 6
..TACACS service (port 49)
..IEN-116 Name Service (port 42)


Typically the forwarding of these other UDP ports should be be
disabled so that only DHCP requests (BOOTP) are forwarded to the DHCP
server:

no ip forward-protocol udp tftp
no ip forward-protocol udp nameserver
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs


No sense flooding the DHCP server with NETBIOS broddcast packets ...



 
Reply With Quote
 
Trendkill
Guest
Posts: n/a
 
      08-12-2007
On Aug 12, 10:15 am, Merv <(E-Mail Removed)> wrote:
> Be aware that the ip helper command automatically forwardsa number of
> UDP protocols if they have a destination address of broadcast:
>
> . Trivial File Transfer Protocol (TFTP) (port 69)
> . Domain Naming System (port 53)
> .Time service (port 37)
> .NetBIOS Name Server (port 137)
> .NetBIOS Datagram Server (port 13
> .Boot Protocol (BOOTP) client and server packets (ports 67 and 6
> .TACACS service (port 49)
> .IEN-116 Name Service (port 42)
>
> Typically the forwarding of these other UDP ports should be be
> disabled so that only DHCP requests (BOOTP) are forwarded to the DHCP
> server:
>
> no ip forward-protocol udp tftp
> no ip forward-protocol udp nameserver
> no ip forward-protocol udp domain
> no ip forward-protocol udp time
> no ip forward-protocol udp netbios-ns
> no ip forward-protocol udp netbios-dgm
> no ip forward-protocol udp tacacs
>
> No sense flooding the DHCP server with NETBIOS broddcast packets ...


Provided you aren't running things like Solaris or AIX that require
jumpstart, NIM, or other boot/loading functions, you are correct.
Always good to lock down everything except for what you explicitly
need, but if you have a large environment, can be pretty tedious going
back and fixing every VLAN you locked down. Just depends on needs and
whether or not you have any kind of infrastructure management software
(ciscoworks).

 
Reply With Quote
 
Merv
Guest
Posts: n/a
 
      08-12-2007
Understood.

I have always wondered why Cisco didn't implement an ehnacement to
have an interface dhcp-relay config command to eliminate this and
severla other related issues.


 
Reply With Quote
 
dennis
Guest
Posts: n/a
 
      08-13-2007
Hi,

thanks a lot for all the answers....
Right now...first I would determine the IP address range for every
vlan, than this should be configured on the dhcp server.
Also I need to disable all other "udp forwards" except bootpc.

greetz

dennis

On 12 Aug., 14:42, dennis <(E-Mail Removed)> wrote:
> Hi Group,
>
> I need to design a network for a customer...maybe right I have a
> questione regarding how to assign IP addresses and other related
> informations to client in different VLANs
>
> The network have a core, a distribution and access layer....there are
> several VLANs for the access switches...
> The logical interfaces are configured with ip helper command which
> addresses the DHCP server...
> My question is:
> how get the clients the ip address for the assignd vlan ?
> Let's say client a is in vlan 5 ..and this vlan should have an range
> 192.168.1.0/24
> The logical interface on the core router is 192.168.1.1/24
>
> For my understand this should be done on the dhcp server....say there
> must be for every vlan an ip range defined !?
>
> thx
> dennis



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
dhcp relay agent madhuuyyala Cisco 0 02-11-2008 06:39 AM
DHCP relay agent versus Option 3; Routers Option lcorrigan Cisco 2 09-27-2006 05:18 PM
Dhcp Relay Agent And Acl On Sw 3750, DHCP Relay Agent and ACL on Sw 3750 Vimokh Cisco 3 09-06-2006 02:16 AM
Cisco DHCP Relay Agent - strange thing.. bjoern.hoefer@gmail.com Cisco 1 01-20-2006 02:38 PM
DHCP Relay Agent cyphus MCSE 19 09-05-2004 10:54 PM



Advertisments