DHCP Configuration - Relay Agent - IP Address Assignment

Discussion in 'Cisco' started by dennis, Aug 12, 2007.

  1. dennis

    dennis Guest

    Hi Group,

    I need to design a network for a customer...maybe right I have a
    questione regarding how to assign IP addresses and other related
    informations to client in different VLANs

    The network have a core, a distribution and access layer....there are
    several VLANs for the access switches...
    The logical interfaces are configured with ip helper command which
    addresses the DHCP server...
    My question is:
    how get the clients the ip address for the assignd vlan ?
    Let's say client a is in vlan 5 ..and this vlan should have an range
    192.168.1.0/24
    The logical interface on the core router is 192.168.1.1/24

    For my understand this should be done on the dhcp server....say there
    must be for every vlan an ip range defined !?

    thx
    dennis
    dennis, Aug 12, 2007
    #1
    1. Advertising

  2. dennis

    Trendkill Guest

    On Aug 12, 8:42 am, dennis <> wrote:
    > Hi Group,
    >
    > I need to design a network for a customer...maybe right I have a
    > questione regarding how to assign IP addresses and other related
    > informations to client in different VLANs
    >
    > The network have a core, a distribution and access layer....there are
    > several VLANs for the access switches...
    > The logical interfaces are configured with ip helper command which
    > addresses the DHCP server...
    > My question is:
    > how get the clients the ip address for the assignd vlan ?
    > Let's say client a is in vlan 5 ..and this vlan should have an range
    > 192.168.1.0/24
    > The logical interface on the core router is 192.168.1.1/24
    >
    > For my understand this should be done on the dhcp server....say there
    > must be for every vlan an ip range defined !?
    >
    > thx
    > dennis


    Yes, you define scopes for each network, and the DHCP server should
    assign IP addresses based on the router's source IP in the node'
    vlan. In short, the client will broadcast to the router, which then
    has an ip-helper command configured. The router will then forward
    that request onto the dhcp server which will know the interface of the
    router that received the original broadcast. The dhcp server will
    then assign an IP based on that source interface, which is sent back
    to the client who takes the IP assigned. Since the original requestor
    does not have an IP, the router must use his IP as the source else
    layer 3 won't work.

    Overall, and more importantly, every VLAN MUST have an ip address
    range, simply because a vlan is a layer 2 grouping of layer 3
    devices. I should also correct myself, there are some instances when
    IP addresses are not needed (oracle RAC, etc) but for the most part,
    every vlan should have its own IP address range. They should not
    overlap (and can't in most routers) else layer 3 will get confused as
    to which vlan is the proper, and layer 2 and 3 will get hosed up.
    Trendkill, Aug 12, 2007
    #2
    1. Advertising

  3. dennis

    Merv Guest

    Be aware that the ip helper command automatically forwardsa number of
    UDP protocols if they have a destination address of broadcast:

    .. Trivial File Transfer Protocol (TFTP) (port 69)
    .. Domain Naming System (port 53)
    ..Time service (port 37)
    ..NetBIOS Name Server (port 137)
    ..NetBIOS Datagram Server (port 138)
    ..Boot Protocol (BOOTP) client and server packets (ports 67 and 68)
    ..TACACS service (port 49)
    ..IEN-116 Name Service (port 42)


    Typically the forwarding of these other UDP ports should be be
    disabled so that only DHCP requests (BOOTP) are forwarded to the DHCP
    server:

    no ip forward-protocol udp tftp
    no ip forward-protocol udp nameserver
    no ip forward-protocol udp domain
    no ip forward-protocol udp time
    no ip forward-protocol udp netbios-ns
    no ip forward-protocol udp netbios-dgm
    no ip forward-protocol udp tacacs


    No sense flooding the DHCP server with NETBIOS broddcast packets ...
    Merv, Aug 12, 2007
    #3
  4. dennis

    Trendkill Guest

    On Aug 12, 10:15 am, Merv <> wrote:
    > Be aware that the ip helper command automatically forwardsa number of
    > UDP protocols if they have a destination address of broadcast:
    >
    > . Trivial File Transfer Protocol (TFTP) (port 69)
    > . Domain Naming System (port 53)
    > .Time service (port 37)
    > .NetBIOS Name Server (port 137)
    > .NetBIOS Datagram Server (port 138)
    > .Boot Protocol (BOOTP) client and server packets (ports 67 and 68)
    > .TACACS service (port 49)
    > .IEN-116 Name Service (port 42)
    >
    > Typically the forwarding of these other UDP ports should be be
    > disabled so that only DHCP requests (BOOTP) are forwarded to the DHCP
    > server:
    >
    > no ip forward-protocol udp tftp
    > no ip forward-protocol udp nameserver
    > no ip forward-protocol udp domain
    > no ip forward-protocol udp time
    > no ip forward-protocol udp netbios-ns
    > no ip forward-protocol udp netbios-dgm
    > no ip forward-protocol udp tacacs
    >
    > No sense flooding the DHCP server with NETBIOS broddcast packets ...


    Provided you aren't running things like Solaris or AIX that require
    jumpstart, NIM, or other boot/loading functions, you are correct.
    Always good to lock down everything except for what you explicitly
    need, but if you have a large environment, can be pretty tedious going
    back and fixing every VLAN you locked down. Just depends on needs and
    whether or not you have any kind of infrastructure management software
    (ciscoworks).
    Trendkill, Aug 12, 2007
    #4
  5. dennis

    Merv Guest

    Understood.

    I have always wondered why Cisco didn't implement an ehnacement to
    have an interface dhcp-relay config command to eliminate this and
    severla other related issues.
    Merv, Aug 12, 2007
    #5
  6. dennis

    dennis Guest

    Hi,

    thanks a lot for all the answers....
    Right now...first I would determine the IP address range for every
    vlan, than this should be configured on the dhcp server.
    Also I need to disable all other "udp forwards" except bootpc.

    greetz

    dennis

    On 12 Aug., 14:42, dennis <> wrote:
    > Hi Group,
    >
    > I need to design a network for a customer...maybe right I have a
    > questione regarding how to assign IP addresses and other related
    > informations to client in different VLANs
    >
    > The network have a core, a distribution and access layer....there are
    > several VLANs for the access switches...
    > The logical interfaces are configured with ip helper command which
    > addresses the DHCP server...
    > My question is:
    > how get the clients the ip address for the assignd vlan ?
    > Let's say client a is in vlan 5 ..and this vlan should have an range
    > 192.168.1.0/24
    > The logical interface on the core router is 192.168.1.1/24
    >
    > For my understand this should be done on the dhcp server....say there
    > must be for every vlan an ip range defined !?
    >
    > thx
    > dennis
    dennis, Aug 13, 2007
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. cyphus

    DHCP Relay Agent

    cyphus, Aug 24, 2004, in forum: MCSE
    Replies:
    19
    Views:
    3,315
    Laura A. Robinson
    Sep 5, 2004
  2. Replies:
    1
    Views:
    6,957
  3. Vimokh
    Replies:
    3
    Views:
    5,659
    Vimokh
    Sep 6, 2006
  4. lcorrigan
    Replies:
    2
    Views:
    1,284
    lcorrigan
    Sep 27, 2006
  5. madhuuyyala

    dhcp relay agent

    madhuuyyala, Feb 11, 2008, in forum: Cisco
    Replies:
    0
    Views:
    500
    madhuuyyala
    Feb 11, 2008
Loading...

Share This Page