Chapter 1 DHCP Overview
The fast expansion and growing complexity of
networks result in scarce IP addresses assignable to hosts. Meanwhile, with the
wide application of the wireless network, the frequent movement of laptops
across the network requires that the IP addresses be changed accordingly. Therefore,
related configurations on hosts become more complex. Dynamic host configuration
protocol (DHCP) was introduced to ease network configuration by providing a
framework for passing configuration information to hosts on a TCP/IP network.
DHCP is built on a client-server model, in
which the client sends a configuration request and then the server returns a
reply to send configuration parameters such as an IP address to the client.
A typical DHCP application, as shown in Figure 1-1, includes a DHCP server and multiple clients (PCs and laptops).
Figure 1-1 A typical DHCP application
DHCP supports three mechanisms for IP
address allocation.
l
Manual allocation: The network administrator assigns
an IP address to a client like a WWW server, and DHCP conveys the assigned
address to the client.
l
Automatic allocation: DHCP assigns a permanent
IP address to a client.
l
Dynamic allocation: DHCP assigns an IP address
to a client for a limited period of time, which is called a lease. Most clients
obtain their addresses in this way.
1.2.2 Dynamic IP Address Allocation Procedure
For dynamic allocation, a DHCP client
obtains an IP address from a DHCP server via four steps:
1)
The client broadcasts a DHCP-DISCOVER message to
locate a DHCP server.
2)
A DHCP server offers configuration parameters such
as an IP address to the client in a DHCP-OFFER message.
3)
If several DHCP servers send offers to the
client, the client accepts the first received offer, and broadcasts it in a
DHCP-REQUEST message to formally request the IP address.
4)
All DHCP servers receive the DHCP-REQUEST
message, but only the server to which the client sent a formal request for the
offered IP address returns a DHCP-ACK message to the client confirming that the
IP address has been allocated to the client, or returns a DHCP-NAK unicast message
denying the IP address allocation.
l
If the client receives the DHCP-ACK message, it
will probe the IP address using gratuitous ARP with destination address as the
IP address assigned by the server to check whether the IP address is in use. If
the client receives no response within specified time, the client can use this
IP address.
l
f there are multiple DHCP servers in the
network, the IP addresses offered by other DHCP servers are still assignable to
other clients.
The IP address dynamically allocated by a
DHCP server to a client has a lease. After the lease duration elapses, the IP
address will be reclaimed by the DHCP server. If the client wants to use the IP
address again, it has to extend the lease duration.
After the half lease duration elapses, the
DHCP client will send the DHCP server a DHCP-REQUEST unicast message to extend
the lease duration. Upon availability of the IP address, the DHCP server returns
a DHCP-ACK unicast confirming that the client’s lease duration has been extended,
or a DHCP-NAK unicast denying the request.
If the client receives the DHCP-NAK
message, it will broadcast another DHCP-REQUEST message for lease extension
after 7/8 lease duration elapses. The DHCP server will handle the request as
above mentioned.
The figure below gives the DHCP message format,
which is based on the BOOTP message format and involves eight types. These
types of messages have the same format except that some fields have different
values. The numbers in parentheses indicate the size of each field in octets.
l
op: Message type defined in option field. 1 =
REQUEST, 2 = REPLY
l
htype,hlen: Hardware address type and length of
a DHCP client.
l
hops: Number of relay agents a request message
traveled.
l
xid: Transaction ID, a 32 bit random number
chosen by the client to identify an IP address allocation.
l
secs: Filled in by the client, the number of seconds
elapsed since the client began address acquisition or renewal process. Currently
this field is reserved and set to 0.
l
flags: The leftmost bit is defined as the
BROADCAST (B) flag. If this flag is set to 1, the DHCP server sent a reply back
by broadcast. The remaining bits of the flags field are reserved for future
use. Currently, the BROADCAST flag is always set to 1.
l
ciaddr: Client IP address.
l
yiaddr: 'your' (client) IP address, assigned by
the server.
l
siaddr: Server IP address, from which the
clients obtained configuration parameters.
l
giaddr: The first relay agent IP address a
request message traveled.
l
chaddr: Client hardware address.
l
sname: The server host name, from which the
client obtained configuration parameters.
l
file: Bootfile name and routing information,
defined by the server to the client.
l
options: Optional parameters field that is
variable in length; parameters include the message type, lease, DNS IP address,
WINS IP address and so forth.
l
RFC2131:Dynamic Host Configuration Protocol
l
RFC2132:DHCP Options and BOOTP Vendor Extensions
l
RFC1542:Clarifications and Extensions for the
Bootstrap Protocol
l
RFC 3046: DHCP Relay Agent Information Option
Chapter 2 DHCP Relay Agent Configuration
When configuring the DHCP relay agent, go
to these sections for information you are interested in:
l
Introduction to DHCP Relay
Agent
l
Configuring the DHCP Relay
Agent
l
Displaying and Maintaining
the DHCP Relay Agent Configuration
l
DHCP Relay Agent Configuration
Example
l
Troubleshooting DHCP Relay
Agent Configuration
l
The DHCP relay agent configuration is supported
only on VLAN interfaces.
l
DHCP Snooping must be disabled on the DHCP relay
agent.
2.1 Introduction to DHCP Relay Agent
Since DHCP clients request IP addresses via
broadcast messages, the DHCP sever and clients must be on the same subnet. Therefore,
a DHCP server must be available on each subnet. It is not practical.
DHCP relay agent solves the problem. Via a
relay agent, DHCP clients communicate with a DHCP server on another subnet to
obtain configuration parameters. Thus, DHCP clients on different subnets can
contact the same DHCP server for ease of centralized management and cost
reduction.
A typical application of the DHCP relay
agent is shown below.
Figure 2-1 DHCP relay agent application
No matter whether a relay agent exists or
not, the DHCP server and client interact with each other in a similar way (see 1.2.2 Dynamic IP Address Allocation Procedure). The following describes the forwarding process on the DHCP relay agent.
l
The DHCP client broadcasts the DHCP-DISCOVER or
DHCP-REQUEST packet. After receiving the packet, the DHCP relay-enabled network
device unicasts the packet to a specified DHCP server based on the
configuration.
l
The DHCP server returns an IP address to the
relay agent, which conveys it to the client via broadcast.
2.2 Configuring the DHCP Relay Agent
Complete the following tasks to configure
the DHCP relay agent:
Enable DHCP before performing other DHCP-related configurations.
|
To do…
|
Use the command…
|
Remarks
|
|
Enter
system view
|
system-view
|
—
|
|
Enable
DHCP
|
dhcp
enable
|
Required
Disabled
by default
|
With this
task completed, upon receiving a DHCP request from an enabled interface, the
relay agent will forward the request to an outside DHCP server for address
allocation.
To enable the DHCP relay agent on
interfaces, use the following commands:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enter interface view
|
interface interface-type
interface-number
|
—
|
|
Enable the DHCP relay agent on the
current interface
|
dhcp select relay
|
Required
Disabled by default.
|
2.2.4 Correlating a DHCP Server Group with Relay
Agent Interfaces
To improve reliability, you can specify several
DHCP servers as a group on the DHCP relay agent and correlate a relay agent interface
with the server group. When the interface receives requesting messages from
clients, the relay agent will forward them to all the DHCP servers of the group.
To correlate a DHCP server group with relay
agent interfaces, use the following commands:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Specify a DHCP server group number and servers
in the group
|
dhcp relay server-group group-id ip ip-address
|
Required
Not specified by default
|
|
Enter interface view
|
interface interface-type
interface-number
|
—
|
|
Correlate the DHCP server group with the
Current interface
|
dhcp relay server-select group-id
|
Required
Not correlated by default
|
2.2.5 Configuring the Relay Agent to Forward
a DHCP-Release Request
Sometimes, you need to release a client’s
IP address manually on the DHCP relay agent. With this task completed, the DHCP
relay agent can actively send a DHCP-RELEASE request that contains the client’s
IP address to the DHCP server. The DHCP server then releases the IP address for
the client.
In system view, when you configure to
release a client’s IP address through DHCP relay, if you do not specify
the IP address of the DHCP server, the DHCP relay will send a DHCP-RELEASE
request to the DHCP servers of DHCP server groups that correspond to all
interfaces working in the DHCP relay mode.
Table 2-1 Configure to release a
client’s IP address through the DHCP relay (in system view)
|
To do…
|
Use the command...
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Request DHCP server to release the IP
address applied and used by a client
|
dhcp relay release client-ip client-mac [ server-ip ]
|
Required
|
II. Configure
to release a client’s IP address through the DHCP relay (in interface
view)
In interface view, when you configure to
release a client’s IP address through DHCP relay, if you do not specify a
DHCP server, the DHCP relay will send a DHCP-RELEASE request to all the DHCP servers
of DHCP server group that correspond to the interface. If you specify a DHCP
server, the DHCP relay will send the DHCP-RELEASE request to the specified DHCP
server only.
Table 2-2 Configure to release a
client’s IP address through the DHCP relay (in interface view)
|
To do…
|
Use the command...
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enter interface view
|
interface interface-type interface-number
|
—
|
|
Request DHCP server to release the IP
address applied and used by a client
|
dhcp relay release client-ip client-mac [ server-ip ]
|
Required
|
2.2.6 Configuring the DHCP Relay Agent
Security Functions
I. Creating
static bindings and enabling invalid IP addresses check
The DHCP relay agent can dynamically record
IP-to-MAC bindings after clients got IP addresses. You can also create static
bindings on the DHCP relay agent.
For avoidance of invalid IP address
configuration, you can configure the DHCP relay agent to check whether a requesting
client’s IP and MAC addresses match a binding on it (both dynamic and static
bindings). If not, the client cannot access outside networks via the DHCP relay
agent.
To create a static binding and enable invalid
IP address check, use the following commands:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Create a static binding
|
dhcp relay security static ip-address mac-address
|
Optional
Not created by default
|
|
Enter interface view
|
interface interface-type
interface-number
|
—
|
|
Enable invalid IP address check
|
dhcp relay address-check { disable | enable }
|
Required
Disabled by default
|
l
The dhcp relay address-check command is
independent of other commands of the DHCP relay agent. That is, the invalid
address check takes effect when this command is executed, regardless of whether
other commands are used.
l
Before executing the dhcp relay address-check
enable command on the DHCP relay interface connected to the DHCP server,
you need to configure the static binding between the IP address and MAC address
of the DHCP server. Otherwise, the DHCP client will fail to obtain an IP
address.
II. Configuring
dynamic binding update interval
Via the DHCP relay agent, a DHCP client
sends a DHCP-RELEASE unicast message to the DHCP server to relinquish its IP
address. In this case the DHCP relay agent simply conveys the message to the
DHCP server, thus it does not remove the IP address from its bindings. To solve
this, the system provides the function of updating relay agent binding entries at
a specified interval.
The DHCP relay agent regularly sends a
DHCP-REQUEST message using its own MAC address and a client’s IP address
to the DHCP server. If the server returns a DHCP-ACK message, which means the client’s
IP address is assignable now, the DHCP relay agent will update its bindings by
aging out the binding entry of the client’s IP address. If the server
returns a DHCP-NAK message, which means the IP address is still in use, the
relay agent will not age it out.
To configure dynamic binding update interval,
use the following commands:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Configure binding update interval
|
dhcp relay security tracker { interval | auto }
|
Optional
auto by
default (auto interval is calculated by the relay agent according to
the number of bindings)
|
III. Enabling
pseudo DHCP servers detection
There are invalid DHCP servers on networks,
which reply DHCP clients with wrong IP addresses. These invalid DHCP servers
are pseudo DHCP servers.
With this task completed, upon receiving a
DHCP-REQUEST message from a client, the DHCP relay agent will record from the
message the IP address that the server has ever offered to the client and the
receiving interface address. The administrator can use this information to
check out any DHCP pseudo servers.
To enable pseudo DHCP server detection, use
the following commands:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enable pseudo DHCP server detection
|
dhcp relay server-detect
|
Required
Disabled by default
|
With pseudo DHCP
server detection enabled, the device puts a record once for each DHCP server.
The administrator needs to find pseudo DHCP servers from the records.
2.2.7 Configuring the DHCP Relay Agent to
Support Option 82
I. Introduction
to option 82
Option 82 is the relay agent option in the Options
field of the DHCP message. It involves 255 sub-options. At least one sub-option
must be defined. Now the DHCP relay agent supports two sub-options: sub-option
1 and sub-option 2.
Option 82 has no unified definition. Its
padding formats vary with venders. Currently the device supports two padding
formats: normal and verbose.
The padding contents for sub-options in the
normal padding format are:
sub-option 1: padded with the number of the
port that receives the DHCP client’s request, and the number of the VLAN
that the port belongs to. sub-option 2: padded with the MAC address of the
interface that received the client’s request.
The padding contents for sub-options in the
verbose padding format are:
sub-option 1: padded with specified access
node identifier, the type and number of the port that receives the DHCP client’s
request, and the number of the VLAN that the port belongs to. sub-option 2:
padded with the MAC address of the interface that received the client’s
request.
II. Handling
strategies for option 82 on the relay agent
If the DHCP relay agent supports option 82,
it will handle a client’s requesting message according to the contents
defined in option 82, if any. The handling strategies are described in the
table below.
If a reply returned by the DHCP server
contains option 82, the DHCP relay agent will remove the option 82 before
forwarding the reply to the client.
|
If a client’s requesting
message has…
|
Handling strategy
|
Padding format
|
The DHCP relay agent will…
|
|
Option 82
|
Drop
|
—
|
Drop the message.
|
|
Keep
|
—
|
Forward the message without changing Option
82.
|
|
Replace
|
Normal
|
Forward the message after replacing the
original Option 82 with the Option 82 padded in normal format.
|
|
Verbose
|
Forward the message after replacing the original Option 82 with the Option 82
padded in verbose format.
|
|
no option 82
|
—
|
Normal
|
Forward the message after adding the Option 82 padded in normal format.
|
|
—
|
Verbose
|
Forward the message after adding the Option
82 padded in verbose format.
|
III. Prerequisites
You need to complete the following tasks
before configuring the DHCP relay agent to support option 82
Enabling DHCP
Enabling the DHCP relay agent on the specified
interface
Configure network
parameters for DHCP relay agent to ensure the route between the DHCP relay and
the DHCP server is reachable.
IV. Configuring
the DHCP relay agent to support option 82
Use the following commands for this
configuration:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enter interface view
|
interface interface-type
interface-number
|
—
|
|
Enable the relay agent to support option
82
|
dhcp relay information enable
|
Required
Disabled by default
|
|
Configure the handling strategy for requesting messages containing option
82
|
dhcp relay information strategy { drop | keep | replace }
|
Optional
replace by
default
|
|
Configure the padding format for option
82
|
dhcp relay information format { normal | verbose [ node-identifier { mac
| sysname | user-defined node-identifier } ] }
|
Optional
normal by
default
|
l
To support option 82, it is required to perform related
configuration on both the DHCP server and relay agent. Since the DHCP server
configuration varies with devices, it is not mentioned here.
l
If the handling strategy of the DHCP relay agent
is configured as replace, you need to configure a padding format for option
82. If the handling strategy is keep or drop, you need not
configure any padding format.
2.3 Displaying and Maintaining the DHCP
Relay Agent Configuration
|
To do…
|
Use the command…
|
Remarks
|
|
Display information about DHCP server
groups correlated to a specified or all interfaces
|
display dhcp relay { all | interface interface-type interface-number
}
|
Available in any view
|
|
Display information about bindings of
DHCP relay agents
|
display dhcp relay security [ ip-address | dynamic | static ]
|
Available in any view
|
|
Display statistics information about bindings
of DHCP relay agents
|
display dhcp relay security statistics
|
Available in any view
|
|
Display information about the refreshing
interval for entries of dynamic IP-to-MAC bindings
|
display dhcp relay security tracker
|
Available in any view
|
|
Display information about the configuration
of a specified or all DHCP server groups
|
display dhcp relay server-group { group-id | all }
|
Available in any view
|
|
Display packet statistics on relay agent
|
display dhcp relay statistics [ server-group { group-id | all } ]
|
Available in user view
|
|
Clear packet statistics from relay agent
|
reset dhcp relay statistics [ server-group group-id ]
|
Available in user view
|
2.4 DHCP Relay Agent Configuration Example
I. Network
requirements
Vlan-interface1 on the DHCP relay agent (a
switch) connects to the network where DHCP clients reside. The IP address of Vlan-interface1
is 10.10.1.1/24 and IP address of Vlan-interface2 is 10.1.1.2/24 that
communicates with the DHCP server 10.1.1.1/24. As shown in the figure below,
the DHCP relay agent forwards messages between DHCP clients and the DHCP
server.
II. Network
diagram
Figure 2-2 Network diagram for DHCP
relay agent
III. Configuration
procedure
# Enable DHCP.
<Sysname> system-view
[Sysname] dhcp enable
# Enable the DHCP relay agent on Vlan-interface1.
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] dhcp select
relay
[Sysname-Vlan-interface1] quit
# Configure DHCP server group 1 with the
DHCP server 10.1.1.1, and correlate the DHCP server group 1 with Vlan-interface1.
[Sysname] dhcp relay server-group 1
ip 10.1.1.1
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] dhcp relay
server-select 1
l
Performing the configuration on the DHCP server
is also required to guarantee the client-to-server communication via the relay
agent. Since the DHCP server configuration varies with devices, it is not
mentioned here.
l
In this example, the DHCP relay agent and server
are on the same subnet. If they are on different subnets, the routes in between
must be reachable.
2.5 Troubleshooting DHCP Relay Agent
Configuration
I. Symptom
DHCP clients cannot obtain any
configuration parameters via the DHCP relay agent.
II. Analysis
Some problems may occur with the DHCP relay
agent or server configuration. Enable debugging and execute the display
command on the DHCP relay agent to view the debugging information and interface
state information for locating the problem.
III. Solution
Check that:
l
The DHCP is enabled on the DHCP server and relay
agent.
l
The address pool on the same subnet where DHCP
clients reside is available on the DHCP server.
l
The routes between the DHCP server and DHCP
relay agent are reachable.
l
The relay agent interface connected to DHCP
clients is correlated with correct DHCP server group and IP addresses for the
group members are correct.
