DHCP Configuration - Relay Agent - IP Address Assignment

Discussion in 'Cisco' started by dennis, Aug 12, 2007.

  1. dennis

    dennis Guest

    Hi Group,

    I need to design a network for a customer...maybe right I have a
    questione regarding how to assign IP addresses and other related
    informations to client in different VLANs

    The network have a core, a distribution and access layer....there are
    several VLANs for the access switches...
    The logical interfaces are configured with ip helper command which
    addresses the DHCP server...
    My question is:
    how get the clients the ip address for the assignd vlan ?
    Let's say client a is in vlan 5 ..and this vlan should have an range
    The logical interface on the core router is

    For my understand this should be done on the dhcp server....say there
    must be for every vlan an ip range defined !?

    dennis, Aug 12, 2007
    1. Advertisements

  2. dennis

    Trendkill Guest

    Yes, you define scopes for each network, and the DHCP server should
    assign IP addresses based on the router's source IP in the node'
    vlan. In short, the client will broadcast to the router, which then
    has an ip-helper command configured. The router will then forward
    that request onto the dhcp server which will know the interface of the
    router that received the original broadcast. The dhcp server will
    then assign an IP based on that source interface, which is sent back
    to the client who takes the IP assigned. Since the original requestor
    does not have an IP, the router must use his IP as the source else
    layer 3 won't work.

    Overall, and more importantly, every VLAN MUST have an ip address
    range, simply because a vlan is a layer 2 grouping of layer 3
    devices. I should also correct myself, there are some instances when
    IP addresses are not needed (oracle RAC, etc) but for the most part,
    every vlan should have its own IP address range. They should not
    overlap (and can't in most routers) else layer 3 will get confused as
    to which vlan is the proper, and layer 2 and 3 will get hosed up.
    Trendkill, Aug 12, 2007
    1. Advertisements

  3. dennis

    Merv Guest

    Be aware that the ip helper command automatically forwardsa number of
    UDP protocols if they have a destination address of broadcast:

    .. Trivial File Transfer Protocol (TFTP) (port 69)
    .. Domain Naming System (port 53)
    ..Time service (port 37)
    ..NetBIOS Name Server (port 137)
    ..NetBIOS Datagram Server (port 138)
    ..Boot Protocol (BOOTP) client and server packets (ports 67 and 68)
    ..TACACS service (port 49)
    ..IEN-116 Name Service (port 42)

    Typically the forwarding of these other UDP ports should be be
    disabled so that only DHCP requests (BOOTP) are forwarded to the DHCP

    no ip forward-protocol udp tftp
    no ip forward-protocol udp nameserver
    no ip forward-protocol udp domain
    no ip forward-protocol udp time
    no ip forward-protocol udp netbios-ns
    no ip forward-protocol udp netbios-dgm
    no ip forward-protocol udp tacacs

    No sense flooding the DHCP server with NETBIOS broddcast packets ...
    Merv, Aug 12, 2007
  4. dennis

    Trendkill Guest

    Provided you aren't running things like Solaris or AIX that require
    jumpstart, NIM, or other boot/loading functions, you are correct.
    Always good to lock down everything except for what you explicitly
    need, but if you have a large environment, can be pretty tedious going
    back and fixing every VLAN you locked down. Just depends on needs and
    whether or not you have any kind of infrastructure management software
    Trendkill, Aug 12, 2007
  5. dennis

    Merv Guest


    I have always wondered why Cisco didn't implement an ehnacement to
    have an interface dhcp-relay config command to eliminate this and
    severla other related issues.
    Merv, Aug 12, 2007
  6. dennis

    dennis Guest


    thanks a lot for all the answers....
    Right now...first I would determine the IP address range for every
    vlan, than this should be configured on the dhcp server.
    Also I need to disable all other "udp forwards" except bootpc.


    dennis, Aug 13, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.