Strategy Partner :
24-DHCP Operation
When configuring DHCP, go to these sections
for information you are interested in:
l
Introduction
to DHCP
l
DHCP
IP Address Assignment
l
DHCP
Packet Format
l
Protocol
Specification
With networks getting larger in size and
more complicated in structure, lack of available IP addresses becomes the
common situation the network administrators have to face, and network
configuration becomes a tough task for the network administrators. With the
emerging of wireless networks and the using of laptops, the position change of
hosts and frequent change of IP addresses also require new technology. Dynamic Host
Configuration Protocol (DHCP) is developed to solve these issues.
DHCP adopts a client/server model, where the
DHCP clients send requests to DHCP servers for configuration parameters; and
the DHCP servers return the corresponding configuration information such as IP
addresses to implement dynamic allocation of network resources.
A typical DHCP application includes one
DHCP server and multiple clients (such as PCs and laptops), as shown in Figure 1-1.
Figure 1-1
Typical DHCP application
Currently, DHCP provides the following
three IP address assignment policies to meet the requirements of different
clients:
l
Manual assignment. The administrator configures
static IP-to-MAC bindings for some special clients, such as a WWW server. Then
the DHCP server assigns these fixed IP addresses to the clients.
l
Automatic assignment. The DHCP server assigns IP
addresses to DHCP clients. The IP addresses will be occupied by the DHCP
clients permanently.
l
Dynamic assignment. The DHCP server assigns IP
addresses to DHCP clients for predetermined period of time. In this case, a
DHCP client must apply for an IP address again at the expiration of the period.
This policy applies to most clients.
A DHCP client undergoes the following four
phases to dynamically obtain an IP address from a DHCP server:
1)
Discover: In this phase, the DHCP client tries
to find a DHCP server by broadcasting a DHCP-DISCOVER packet.
2)
Offer: In this phase, the DHCP server offers an
IP address. After the DHCP server receives the DHCP-DISCOVER packet from the
DHCP client, it chooses an unassigned IP address from the address pool according
to the priority order of IP address assignment and then sends the IP address
and other configuration information together in a DHCP-OFFER packet to the DHCP
client. The sending mode is decided by the flag filed in the DHCP-DISCOVER
packet, refer to section DHCP
Packet Format for details.
3)
Select: In this phase, the DHCP client selects
an IP address. If more than one DHCP server sends DHCP-OFFER packets to the
DHCP client, the DHCP client only accepts the DHCP-OFFER packet that first
arrives, and then broadcasts a DHCP-REQUEST packet containing the assigned IP
address carried in the DHCP-OFFER packet.
4)
Acknowledge: In this phase, the DHCP servers
acknowledge the IP address. Upon receiving the DHCP-REQUEST packet, only the selected
DHCP server returns a DHCP-ACK packet to the DHCP client to confirm the
assignment of the IP address to the client, or returns a DHCP-NAK packet to
refuse the assignment of the IP address to the client. When the client receives
the DHCP-ACK packet, it broadcasts an ARP packet with the assigned IP address
as the destination address to detect the assigned IP address, and uses the IP
address only if it does not receive any response within a specified period.
l
After the client receives the DHCP-ACK message,
it will probe whether the IP address assigned by the server is in use by
broadcasting a gratuitous ARP packet. If the client receives no response within
specified time, the client can use this IP address. Otherwise, the client sends
a DHCP-DECLINE message to the server and requests an IP address again.
l
If there are multiple DHCP servers, IP addresses
offered by other DHCP servers are assignable to other clients.
After a DHCP server dynamically assigns an
IP address to a DHCP client, the IP address keeps valid only within a specified
lease time and will be reclaimed by the DHCP server when the lease expires. If
the DHCP client wants to use the IP address for a longer time, it must update the
IP lease.
By default, a DHCP client updates its IP
address lease automatically by unicasting a DHCP-REQUEST packet to the DHCP
server when half of the lease time elapses. The DHCP server responds with a
DHCP-ACK packet to notify the DHCP client of a new IP lease if the server can
assign the same IP address to the client. Otherwise, the DHCP server responds
with a DHCP-NAK packet to notify the DHCP client that the IP address will be
reclaimed when the lease time expires.
If the DHCP client fails to update its IP address lease when half of
the lease time elapses, it will update its IP address lease by broadcasting a
DHCP-REQUEST packet to the DHCP servers again when seven-eighths of the lease
time elapses. The DHCP server performs the same operations as those described
above.
DHCP has eight types of packets. They have
the same format, but the values of some fields in the packets are different.
The DHCP packet format is based on that of the BOOTP packets. The following
figure describes the packet format (the number in the brackets indicates the
field length, in bytes):
Figure
1-2 DHCP packet format
The fields are described as follows:
l
op: Operation types of DHCP packets, 1 for
request packets and 2 for response packets.
l
htype, hlen: Hardware address type and length of
the DHCP client.
l
hops: Number of DHCP relay agents which a DHCP
packet passes. For each DHCP relay agent that the DHCP request packet passes,
the field value increases by 1.
l
xid: Random number that the client selects when
it initiates a request. The number is used to identify an address-requesting
process.
l
secs: Elapsed time after the DHCP client
initiates a DHCP request.
l
flags: The first bit is the broadcast response
flag bit, used to identify that the DHCP response packet is a unicast (set to
0) or broadcast (set to 1). Other bits are reserved.
l
ciaddr: IP address of a DHCP client.
l
yiaddr: IP address that the DHCP server assigns
to a client.
l
siaddr: IP address of the DHCP server.
l
giaddr: IP address of the first DHCP relay agent
that the DHCP client passes after it sent the request packet.
l
chaddr: Hardware address of the DHCP client.
l
sname: Name of the DHCP server.
l
file: Path and name of the boot configuration
file that the DHCP server specifies for the DHCP client.
l
option: Optional variable-length fields,
including packet type, valid lease time, IP address of a DNS server, and IP
address of the WINS server.
Protocol specifications related to DHCP
include:
l
RFC2131: Dynamic Host Configuration Protocol
l
RFC2132: DHCP Options and BOOTP Vendor
Extensions
l
RFC1542: Clarifications and Extensions for the
Bootstrap Protocol
l
RFC3046: DHCP Relay Agent Information option
When configuring the DHCP server, go to
these sections for information you are interested in:
l
Introduction
to DHCP Server
l
DHCP
Server Configuration Task List
l
Enabling
DHCP
l
Configuring
the Global Address Pool Based DHCP Server
l
Configuring
the Interface Address Pool Based DHCP Server
l
Configuring
DHCP Server Security Functions
l
Configuring
DHCP Accounting Functions
l
Enabling
the DHCP Server to Process Option 82
l
Displaying
and Maintaining the DHCP Server
l
DHCP
Server Configuration Examples
l
Troubleshooting
a DHCP Server
Currently, the
interface-related DHCP server configurations can only be made on VLAN interfaces.
Generally, DHCP servers are used in the
following networks to assign IP addresses:
l
Large-sized networks, where manual configuration
method bears heavy load and is difficult to manage the whole network in
centralized way.
l
Networks where the number of available IP
addresses is less than that of the hosts. In this type of networks, IP
addresses are not enough for all the hosts to obtain a fixed IP address, and
the number of on-line users is limited (such is the case in an ISP network). In
these networks, a great number of hosts must dynamically obtain IP addresses
through DHCP.
l
Networks where only a few hosts need fixed IP
addresses and most hosts do not need fixed IP addresses.
A DHCP address pool holds the IP addresses
to be assigned to DHCP clients. When a DHCP server receives a DHCP request from
a DHCP client, it selects an address pool depending on the configuration, picks
an IP address from the pool and sends the IP address and other related
parameters (such as the IP address of the DNS server, and the lease time of the
IP address) to the DHCP client.
I. Types of address pool
The address pools of a DHCP server fall
into two types: global address pool and interface address pool.
l
A global address pool is created by executing
the dhcp server ip-pool command in system view. It is valid on the
current device.
l
If an interface is configured with a valid
unicast IP address, you can create an interface-based address pool for the
interface by executing the dhcp select interface command in interface
view. The IP addresses an interface address pool holds belong to the network
segment the interface resides in and are available to the interface only.
II. Structure of an address pool
The address pools of a DHCP server are
hierarchically organized in a tree-like structure. The root holds the IP
address of the natural network segment, the branches hold the subnet IP
addresses, and the leaves holds the IP addresses that are manually bound to
specific clients. The address pools that are of the same level are sorted by
their configuration precedence order. Such a structure enables configurations
to be inherited. That is, the configurations of the natural network segment can
be inherited by its subnets, whose configurations in turn can be inherited by
their client address. So, for the parameters that are common to the whole
network segment or some subnets (such as domain name), you just need to
configure them on the network segment or the corresponding subnets. The following
is the details of configuration inheritance.
1)
A newly created child address pool inherits the
configurations of its parent address pool.
2)
For an existing parent-child address pool pair,
when you performs a new configuration on the parent address pool:
l
The child address pool inherits the new
configuration if there is no corresponding configuration on the child address
pool.
l
The child address pool does not inherit the new
configuration if there is already a corresponding configuration on the child
address pool.
The IP address
lease does not enjoy the inheritance attribute.
III. Principles of address pool
selection
The DHCP server observes the following
principles to select an address pool to assign an IP address to a client:
1)
If the receiving interface works in the global
address pool mode, the DHCP server assigns an IP address from the global
address pool to the DHCP client.
2)
If the receiving interface works in the
interface address pool mode, the DHCP server assigns an IP address from the
interface address pool to the DHCP client directly connected to the interface.
If there is no available IP address in the interface address pool, the DHCP
server selects an IP address from the global address pool that contains the
interface address pool’s network segment for the client.
The DHCP server assigns an IP address to
the client in the following order from an interface address pool or a global
address pool:
1)
If there is an address pool where an IP address is
statically bound to the MAC address or ID of the client, the DHCP server will
select this address pool and assign the statically bound IP address to the client.
2)
Otherwise, the DHCP server observes the
following principles to select a dynamic address pool.
l
If the client and the server reside in the same
network segment, the smallest address pool that contains the IP address of the
receiving interface will be selected.
l
If the client and the server do not reside in
the same network segment (that is, a DHCP relay agent is in-between), the
smallest address pool that contains the IP address specified in the giaddr
field of the client’s request will be selected.
l
If no assignable IP address is available in the selected
address pool, the DHCP server will not assign any IP address to the client
because it cannot assign an IP address from the parent address pool to the client.
A DHCP server assigns IP addresses in
interface address pools or global address pools to DHCP clients in the
following sequence:
1)
IP addresses that are statically bound to the
MAC addresses of DHCP clients or client IDs.
2)
The IP address that was ever assigned to the
client
3)
The IP address designated by the Option 50 field
in a DHCP-DISCOVER message
4)
The first assignable IP address found in a
proper DHCP address pool
5)
If no IP address is available, the DHCP server
queries lease-expired and conflicted IP addresses. If the DHCP server finds
such IP addresses, it assigns them; otherwise the DHCP server does not assign an
IP address.
In an IRF (intelligent resilient framework)
system, DHCP servers operate in a centralized way to fit the IRF environment.
l
DHCP servers run (as tasks) on all the units
(including the master unit and the slave units) in a Fabric system. But only
the one running on the master unit receives/sends packets and carries out all
functions of a DHCP server. Those running on the slave units only operate as
the backup tasks of the one running on the master unit.
l
When a slave unit receives a DHCP-REQUEST
packet, it redirects the packet to the DHCP server on the master unit, which
returns a DHCP-ACK or DHCP-NAK packet to the DHCP client and at the same time
backs up the related information to the slave units. In this way, when the
current master unit fails, one of the slaves can change to the master and operates
as the DHCP server immediately.
l
DHCP is an UDP-based protocol operating at the
application layer. When a DHCP server in a fabric system runs on a Layer 2
network device, DHCP packets are directly forwarded by hardware instead of
being delivered to the DHCP server, or being redirected to the master unit by
UDP HELPER. This idles the DHCP server. DHCP packets can be redirected to the
DHCP server on the master unit by UDP HELPER only when the Layer 2 device is
upgraded to a Layer 3 device.
Caution:
l
When you merge two or more IRF systems into one
IRF system, a new master unit is elected, and the new IRF system adopts new
configurations accordingly. This may result in the existing system
configurations (including the address pools configured for the DHCP servers)
being lost. As the new IRF system cannot inherit the original DHCP server
configurations, you need to perform DHCP server configurations for it.
l
When an IRF system is split into multiple new
IRF systems, some of the new IRF systems may be degraded to Layer 2 devices.
For a new IRF system degraded to Layer 2 device, although the original DHCP
server still exists in the new system, it runs idle for being unable to receive
any packets. When the IRF system restores to a Layer 3 device due to being merged
into a new IRF system, it adopts the configurations on the new IRF system. And
you need to perform DHCP server configurations if the new IRF system does not
have DHCP server-related configurations.
l
In an IRF system, the UDP HELPER function must
be enabled on the DHCP servers that are in fabric state.
Complete the following tasks to configure
the DHCP server:
You need to enable DHCP to make other
related configurations take effect.
Follow these steps to enable DHCP:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enable DHCP
|
dhcp enable
|
Optional
By default, DHCP is enabled.
|
To improve security and avoid malicious attacks to unused sockets, S5600
Ethernet switches provide the following functions:
l
UDP port 67 and UDP port 68 ports used by DHCP
are enabled only when DHCP is enabled.
l
UDP port 67 and UDP port 68 ports are disabled
when DHCP is disabled.
The corresponding implementation is as follows:
l
After DHCP is enabled with the dhcp enable
command, if the DHCP server and DHCP relay agent functions are not configured,
UDP port 67 and UDP port 68 ports are kept disabled; if the DHCP server or DHCP
relay agent function is configured, UDP port 67 and UDP port 68 ports are
enabled.
l
After DHCP is disabled with the undo dhcp
enable command, even if the DHCP server or DHCP relay function is configured,
UDP port 67 and UDP port 68 ports will be disabled.
Complete the following tasks to configure the global address pool based DHCP server:
You can configure
the global address pool mode on the specified or all interfaces of a DHCP
server. After that, when the DHCP server receives DHCP packets from DHCP
clients through these interfaces, it assigns IP addresses in the global address
pool to the DHCP clients.
Follow these steps to configure the global address pool mode on
interface(s):
