Question

Consider a router with the:

IP address 192.168.1.254/26
Subnet mask: 255.255.255.192
Network Address: 192.168.1.192

Write the relevant DHCP subnet configuration text for this network where the first 50 addresses will be dynamically allocated to hosts.

Answer 1

Cisco devices running Cisco software include Dynamic Host Configuration Protocol (DHCP) server and the relay agent software. The Cisco IOS DHCP server is a full DHCP server implementation that assigns and manages IP addresses from specified address pools within the device to DHCP clients. The DHCP server can be configured to assign additional parameters such as the IP address of the Domain Name System (DNS) server and the default device.

This module describes the concepts and the tasks needed to configure the Cisco IOS DHCP server.

• Finding Feature Information
• Prerequisites for Configuring the DHCP Server
• Information About the Cisco IOS DHCP Server
• How to Configure the Cisco IOS DHCP Server
• Configuration Examples for the Cisco IOS DHCP Server
• Additional References for Cisco IOS DHCP Server
• Feature Information for the Cisco IOS DHCP Server

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Prerequisites for Configuring the DHCP Server

• Before you configure a Cisco Dynamic Host Control Protocol (DHCP) server, you must understand the concepts documented in the “Overview of the DHCP Server” section.

• The Cisco DHCP server and the relay agent services are enabled by default. Use the no service dhcp command to disable the Cisco DHCP server and the relay agent and the service dhcp command to reenable the functionality.

• Port 67 (the DHCP server port) is closed in the Cisco DHCP/BOOTP default configuration. There are two logical parts to the service dhcp command: service enabled and service running. The DHCP service is enabled by default, but port 67 does not open until the DHCP service is running. If the DHCP service is running, the show ip sockets details or the show sockets detail command displays port 67 as open.

• The Cisco DHCP relay agent is enabled on an interface only when you configure the ip helper-address command. This command enables a DHCP broadcast to be forwarded to the configured DHCP server.

Information About the Cisco IOS DHCP Server

• Overview of the DHCP Server
• DHCP Attribute Inheritance
• DHCP Server Address Allocation Using Option 82

Overview of the DHCP Server

The Cisco DHCP server accepts address assignment requests and renewals from the client and assigns the addresses from predefined groups of addresses within DHCP address pools. These address pools can also be configured to supply additional information to the requesting client such as the IP address of the Domain Name System (DNS) server, the default device, and other configuration parameters. The Cisco DHCP server can accept broadcasts from locally attached LAN segments or from DHCP requests that have been forwarded by other DHCP relay agents within the network.

DHCP Attribute Inheritance

The DHCP server database is organized as a tree. The root of the tree is the address pool for natural networks, branches are subnetwork address pools, and leaves are manual bindings to clients. Subnetworks inherit network parameters and clients inherit subnetwork parameters. Therefore, common parameters (for example, the domain name) should be configured at the highest (network or subnetwork) level of the tree.

Inherited parameters can be overridden. For example, if a parameter is defined in both the natural network and a subnetwork, the definition of the subnetwork is used.

Address leases are not inherited. If a lease is not specified for an IP address, by default, the DHCP server assigns a one-day lease for the address.

DHCP Server Address Allocation Using Option 82

The Cisco IOS DHCP server can allocate dynamic IP addresses based on the relay information option (option 82) sent by the relay agent.

DHCP provides a framework for passing configuration information to hosts on a TCP/IP network. Configuration parameters and other control information are carried in tagged data items that are stored in the options field of the DHCP message. The data items are also called options. Option 82 is organized as a single DHCP option that contains information known by the relay agent.

Automatic DHCP address allocation is based on an IP address. This IP address can either be the gateway address (giaddr field of the DHCP packet) or the IP address of an incoming interface. In some networks, it is necessary to use additional information to further determine which IP addresses to allocate. By using option 82, the Cisco IOS DHCP relay agent can include additional information about itself when forwarding client-originated DHCP packets to a DHCP server. The Cisco IOS DHCP server can also use option 82 to provide additional information to properly allocate IP addresses to DHCP clients. The information sent via option 82 is used to identify the port where the DHCP request arrives. Automatic DHCP address allocation does not parse out the individual suboptions contained in option 82. Rather, the address allocation is done by matching a configured pattern byte by byte.

This feature introduces a new DHCP class capability, which is a method to group DHCP clients based on some shared characteristics other than the subnet in which the clients reside.

For example, DHCP clients are connected to two ports of a single switch. Each port can be configured to be a part of two VLANs: VLAN1 and VLAN2. DHCP clients belong to either VLAN1 or VLAN2 and the switch can differentiate the VLAN that a particular DHCP Discover message belongs to (possibly through Layer 2 encapsulation). Each VLAN has its own subnet and all DHCP messages from the same VLAN (same switch) have the giaddr field set to the same value indicating the subnet of the VLAN.

Problems can occur while allocating IP addresses to DHCP clients that are connected to different ports of the same VLAN. These IP addresses must be part of the same subnet but the range of IP addresses must be different. In the preceding example, when a DHCP client that is connected to a port of VLAN1 must be allocated an IP address from a range of IP addresses within the VLAN’s subnet, whereas a DHCP client connecting to port 2 of VLAN1 must be allocated an IP address from another range of IP addresses. The two range of IP addresses are part of the same subnet (and have the same subnet mask). Generally, during DHCP address allocation, the DHCP server refers only to the giaddr field and is unable to differentiate between the two ranges.

To solve this problem, a relay agent residing at the switch inserts the relay information option (option 82), which carries information specific to the port, and the DHCP server inspects both the giaddr field and the inserted option 82 during the address selection process.

When you enable option 82 on a device, the following sequence of events occurs:

1. The host (DHCP client) generates a DHCP request and broadcasts it on the network.
2. When the device receives the DHCP request, it adds the option 82 information in the packet. The option 82 information contains the device MAC address (the remote ID suboption) and the port identifier, vlan-mod-port, from which the packet is received (the circuit ID suboption).
3. The device adds the IP address of the relay agent to the DHCP packet.
4. The device forwards the DHCP request that includes the option 82 field to the DHCP server.
5. The DHCP server receives the packet. If the server is option 82 capable, it uses the remote ID, the circuit ID, or both to assign IP addresses and implement policies, such as restricting the number of IP addresses that can be assigned to a single remote ID or circuit ID. The DHCP server echoes the option 82 field in the DHCP reply.
6. The DHCP server unicasts the reply to the device if the request is relayed to the server by the device. The device verifies that it originally inserted the option 82 data by inspecting remote ID and possibly circuit ID fields. The device removes the option 82 field and forwards the packet to the interface that connects to the DHCP client that sent the DHCP request.

The Cisco software refers to a pool of IP addresses (giaddr or incoming interface IP address) and matches the request to a class or classes configured in the pool in the order the classes are specified in the DHCP pool configuration.

When a DHCP address pool is configured with one or more DHCP classes, the pool becomes a restricted access pool, which means that no addresses are allocated from the pool unless one or more classes in the pool matches. This design allows DHCP classes to be used either for access control (no default class is configured on the pool) or to provide further address range partitions within the subnet of the pool.

Multiple pools can be configured with the same class, eliminating the need to configure the same pattern in multiple pools.

The following capabilities are supported for DHCP class-based address allocation:

• Specifying the full relay agent information option value as a raw hexadecimal string by using the relay-information hex command in new relay agent information configuration mode.

• Support for bit-masking the raw relay information hexadecimal value.

• Support for a wildcard at the end of a hexadecimal string specified by the relay-information hex command.

If the relay agent inserts option 82 but does not set the giaddr field in the DHCP packet, the DHCP server interface must be configured as a trusted interface by using the ip dhcp relay information trusted command. This configuration prevents the server from dropping the DHCP message.

How to Configure the Cisco IOS DHCP Server

• Configuring a DHCP Database Agent or Disabling Conflict Logging
• Excluding IP Addresses
• Configuring DHCP Address Pools
• Configuring Manual Bindings
• Configuring DHCP Static Mapping
• Customizing DHCP Server Operation
• Configuring a Remote Device to Import DHCP Server Options from a Central DHCP Server
• Configuring DHCP Address Allocation Using Option 82
• Configuring a Static Route with the Next-Hop Dynamically Obtained Through DHCP
• Clearing DHCP Server Variables

Configuring a DHCP Database Agent or Disabling Conflict Logging

A DHCP database agent is any host (for example, an FTP, a TFTP, or a remote copy protocol [RCP] server) or storage media on a DHCP server (for example, disk0) that stores the DHCP bindings database. You can configure multiple DHCP database agents, and the interval between database updates and transfers for each agent.

Automatic bindings are IP addresses that are automatically mapped to the MAC addresses of hosts that are found in the DHCP database. Automatic binding information (such as lease expiration date and time, interface index, and VPN routing and forwarding [VRF] name) is stored in a database agent. The bindings are saved as text records for easy maintenance.

An address conflict occurs when two hosts use the same IP address. During address assignment, DHCP checks for conflicts by using ping and gratuitous Address Resolution Protocol (ARP). If a conflict is detected, the address is removed from the pool. The address is not assigned until the administrator resolves the conflict.

Note

We strongly recommend using database agents. However, the Cisco DHCP server can run without database agents. If you choose not to configure a DHCP database agent, disable the recording of DHCP address conflicts on the DHCP server by using the no ip dhcp conflict logging command in global configuration mode. If there is a conflict logging but no database agent is configured, bindings during a switchover are lost when a device reboots. Possible false conflicts can occur causing the address to be removed from the address pool.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    Do one of the following:

• ip dhcp database url [timeout seconds | write-delay seconds]
• no ip dhcp conflict logging

4.    end

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Device> enable	Enables privileged EXEC mode. Enter your password if prompted.
Step 2	configure terminal Example: Device# configure terminal	Enters global configuration mode.
Step 3	Do one of the following: ip dhcp database url [timeout seconds | write-delay seconds] no ip dhcp conflict logging Example: Device(config)# ip dhcp database ftp://user:[email protected]/router-dhcp timeout 80 Example: Device(config)# no ip dhcp conflict logging	Configures a DHCP server to save automatic bindings on a remote host called a database agent. or Disables DHCP address conflict logging.
Step 4	end Example: Device(config)# end	Exits global configuration mode and returns to privileged EXEC mode.

Excluding IP Addresses

The IP address configured on a device interface is automatically excluded from the DHCP address pool. The DHCP server assumes that all other IP addresses in a DHCP address pool subnet are available for assigning to DHCP clients.

You must exclude addresses from the pool if the DHCP server does not allocate those IP addresses to DHCP clients. Consider a scenario where two DHCP servers are set up for the same network segment (subnet) for redundancy. If DHCP servers do not coordinate their services with each other using a protocol such as DHCP failover, each DHCP server must be configured to allocate addresses from a nonoverlapping set of addresses in the shared subnet. See the Example: Configuring Manual Bindings section for a configuration example.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    ip dhcp excluded-address low-address [high-address]

4.    end

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Device> enable	Enables privileged EXEC mode. Enter your password if prompted.
Step 2	configure terminal Example: Device# configure terminal	Enters global configuration mode.
Step 3	ip dhcp excluded-address low-address [high-address] Example: Device(config)# ip dhcp excluded-address 172.16.1.100 172.16.1.103	Specifies IP addresses that the DHCP server should not assign to DHCP clients.
Step 4	end Example: Device(config)# end	Exits global configuration mode and returns to privileged EXEC mode.

Configuring DHCP Address Pools

• Configuring a DHCP Address Pool
• Configuring a DHCP Address Pool with Secondary Subnets
• Troubleshooting Tips
• Verifying the DHCP Address Pool Configuration

Configuring a DHCP Address Pool

On a per-address pool basis, specify DHCP options for the client as necessary.

You can configure a DHCP address pool with a name that is a string (such as “engineering”) or an integer (such as 0). Configuring a DHCP address pool also puts the device into DHCP pool configuration mode—identified by the (dhcp-config)# prompt—from which you can configure pool parameters (for example, the IP subnet number and default device list).

DHCP defines a process by which the DHCP server knows the IP subnet in which the DHCP client resides, and it can assign an IP address from a pool of valid IP addresses in that subnet. The process by which the DHCP server identifies the DHCP address pool to use for a client request is described in the Configuring Manual Bindings section.

The DHCP server identifies and uses DHCP address pools for a client request, in the following manner:

• If the client is not directly connected to the DHCP server (the giaddr field of the DHCPDISCOVER broadcast message is nonzero), the server matches the DHCPDISCOVER with the DHCP pool that has the subnet that contains the IP address in the giaddr field.

• If the client is directly connected to the DHCP server (the giaddr field is zero), the DHCP server matches the DHCPDISCOVER with DHCP pools that contain the subnets configured on the receiving interface. If the interface has secondary IP addresses, subnets associated with the secondary IP addresses are examined for possible allocation only after the subnet associated with the primary IP address (on the interface) is exhausted.

Cisco DHCP server software supports advanced capabilities for IP address allocation. See the Configuring DHCP Address Allocation Using Option 82 section for more information.

Before You Begin

Before you configure the DHCP address pool, you must:

• Identify DHCP options for devices where necessary, including the following:
  • Default boot image name
  • Default devices
  • Domain Name System (DNS) servers
  • Network Basic Input/Output System (NetBIOS) name server
  • Primary subnet
  • Secondary subnets and subnet-specific default device lists (see Configuring a DHCP Address Pool with Secondary Subnets section for information on secondary subnets).

• Decide on a NetBIOS node type (b, p, m, or h).

• Decide on a DNS domain name.

Note	You cannot configure manual bindings within the same pool that is configured with the network DHCP pool configuration command. To configure manual bindings, see the Configuring Manual Bindings section.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    ip dhcp pool name

4.    utilization mark high percentage-number [log]

5.    utilization mark low percentage-number [log]

6.    network network-number [mask | /prefix-length] [secondary]

7.    domain-name domain

8.    dns-server address [address2 ... address8]

9.    bootfile filename

10.    next-server address [address2 ... address8]

11.    netbios-name-server address [address2 ... address8]

12.    netbios-node-type type

13.    default-router address [address2 ... address8]

14.    option code [instance number] {ascii string | hex string | ip-address}

15.    lease {days [hours [minutes]] | infinite}

16.    end

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Device> enable	Enables privileged EXEC mode. Enter your password if prompted.
Step 2	configure terminal Example: Device# configure terminal	Enters global configuration mode.
Step 3	ip dhcp pool name Example: Device(config)# ip dhcp pool 1	Creates a name for the DHCP server address pool and enters DHCP pool configuration mode.
Step 4	utilization mark high percentage-number [log] Example: Device(dhcp-config)# utilization mark high 80 log	(Optional) Configures the high utilization mark of the current address pool size. The log keyword enables the logging of a system message. A system message will be generated for a DHCP pool when the pool utilization exceeds the configured high utilization threshold.
Step 5	utilization mark low percentage-number [log] Example: Device(dhcp-config)# utilization mark low 70 log	(Optional) Configures the low utilization mark of the current address pool size. The log keyword enables the logging of a system message. A system message will be generated for a DHCP pool when the pool utilization falls below the configured low utilization threshold.
Step 6	network network-number [mask | /prefix-length] [secondary] Example: Device(dhcp-config)# network 172.16.0.0 /16	Specifies the subnet network number and mask of the DHCP address pool.
Step 7	domain-name domain Example: Device(dhcp-config)# domain-name cisco.com	Specifies the domain name for the client.
Step 8	dns-server address [address2 ... address8] Example: Device(dhcp-config)# dns server 172.16.1.103 172.16.2.103	Specifies the IP address of a DNS server that is available to a DHCP client. One IP address is required; however, you can specify up to eight IP addresses in one command. Servers should be listed in order of preference.
Step 9	bootfile filename Example: Device(dhcp-config)# bootfile xllboot	(Optional) Specifies the name of the default boot image for a DHCP client. The boot file is used to store the boot image for the client. The boot image is generally the operating system that the client uses to load.
Step 10	next-server address [address2 ... address8] Example: Device(dhcp-config)# next-server 172.17.1.103 172.17.2.103	(Optional) Configures the next server in the boot process of a DHCP client. One address is required; however, you can specify up to eight addresses in one command line. If multiple servers are specified, DHCP assigns them to clients in a round-robin order. The first client gets address 1, the next client gets address 2, and so on. If this command is not configured, DHCP uses the server specified by the ip helper address command as the boot server.
Step 11	netbios-name-server address [address2 ... address8] Example: Device(dhcp-config)# netbios-name-server 172.16.1.103 172.16.2.103	(Optional) Specifies the NetBIOS WINS server that is available to a Microsoft DHCP client. One address is required; however, you can specify up to eight addresses in one command line. Servers should be listed in order of preference.
Step 12	netbios-node-type type Example: Device(dhcp-config)# netbios-node-type h-node	(Optional) Specifies the NetBIOS node type for a Microsoft DHCP client.
Step 13	default-router address [address2 ... address8] Example: Device(dhcp-config)# default-router 172.16.1.100 172.16.1.101	(Optional) Specifies the IP address of the default device for a DHCP client. The IP address should be on the same subnet as the client. One IP address is required; however, you can specify up to eight IP addresses in one command line. These default devices are listed in order of preference; that is, address is the most preferred device, address2 is the next most preferred device, and so on. When a DHCP client requests an IP address, the device—acting as a DHCP server—accesses the default device list to select another device that the DHCP client will use as the first hop for forwarding messages. After a DHCP client has booted, the client begins sending packets to its default device.
Step 14	option code [instance number] {ascii string | hex string | ip-address} Example: Device(dhcp-config)# option 19 hex 01	(Optional) Configures DHCP server options.
Step 15	lease {days [hours [minutes]] | infinite} Example: Device(dhcp-config)# lease 30	(Optional) Specifies the duration of the lease. The default is a one-day lease. The infinite keyword specifies that the duration of the lease is unlimited.
Step 16	end Example: Device(dhcp-config)# end	Returns to privileged EXEC mode.

Configuring a DHCP Address Pool with Secondary Subnets

For any DHCP pool, you can configure a primary subnet and any number of secondary subnets. Each subnet is a range of IP addresses that the device uses to allocate an IP address to a DHCP client. The DHCP server multiple subnet functionality enables a Cisco DHCP server address pool to manage additional IP addresses by adding the addresses to a secondary subnet of an existing DHCP address pool (instead of using a separate address pool).

Configuring a secondary DHCP subnetwork places the device in DHCP pool secondary subnet configuration mode—identified by the (config-dhcp-subnet-secondary)# prompt—where you can configure a default address list that is specific to the secondary subnet. You can also specify the utilization rate of the secondary subnet, which allows pools of IP addresses to dynamically increase or reduce in size depending on the address utilization level. This setting overrides the global utilization rate.

If the DHCP server selects an address pool that contains multiple subnets, the DHCP server allocates an IP address from the subnets as follows:

• When the DHCP server receives an address assignment request, it looks for an available IP address in the primary subnet.

• When the primary subnet is exhausted, the DHCP server automatically looks for an available IP address in any of the secondary subnets maintained by the DHCP server (even though the giaddr does not necessarily match the secondary subnet). The server inspects the subnets for address availability in the order of subnets that were added to the pool.

• If the giaddr matches a secondary subnet in the pool, the DHCP server allocates an IP address from that particular secondary subnet (even if IP addresses are available in the primary subnet and irrespective of the order of secondary subnets that were added).

Note

The secondary subnet in the pool is supported only for directly connected clients. To avoid multiple IP address allocation from multiple subnets, you should configure secondary IP address on the interface connected to clients. Note that the secondary subnets should not be used in pools that are used for servicing requests from DHCP relay.