Contents

Introduction· 1

Prerequisites· 1

Example: Configuring cross-subnet dynamic IP address allocation· 1

Network configuration· 1

Analysis· 2

Applicable hardware and software versions· 2

Restrictions and guidelines· 4

Procedures· 4

Configuring Device A· 4

Configuring Device B· 6

Verifying the configuration· 7

Configuration files· 8

 

Introduction

This document provides examples for configuring cross-subnet dynamic IP address allocation.

Prerequisites

The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.

This document assumes that you have basic knowledge of DHCP.

Example: Configuring cross-subnet dynamic IP address allocation

Network configuration

As shown in Figure 1, a company's branches are on a different subnet from the headquarters. Device A acts as the gateway of the headquarters and Device B acts as the gateway for the branches.

Configure DHCP server on Device A to meet the following requirements:

·     The hosts at the headquarters obtain IP addresses in the range of 10.1.1.2 to 10.1.1.100.

·     The hosts at branch 1 obtain IP addresses in the range of 10.1.3.2 to 10.1.3.48. The hosts at branch 2 obtain IP addresses in the range of 10.1.3.49 to 10.1.3.100.

·     The hosts at the headquarters and branches obtain the DNS server address, the TFTP server address, the domain name suffix, and the gateway address through DHCP.

Configure DHCP relay agent on Device B to meet the following requirements:

·     The hosts at the branches obtain IP addresses and other configuration parameters from the DHCP server.

·     The hosts at the branches cannot access the network by using manually configured IP addresses.

·     The hosts at each branch obtain IP addresses from the address range assigned to the branch.

Figure 1 Network diagram

 

Table 1 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Device A	Vlan-int3	10.1.1.1/24	Device B	Vlan-int3	10.1.3.1/24
	Vlan-int2	10.1.2.1/24		Vlan-int2	10.1.2.2/24

 

Analysis

To meet the network requirements, you must perform the following tasks:

·     Exclude the IP addresses of the DNS server and TFTP server from dynamic address allocation to prevent them from being assigned to hosts.

·     To prevent the hosts at the branches from using manually configured IP addresses to access the network, perform the following tasks:

¡     Enable the DHCP relay agent to record client information in DHCP relay entries.

¡     Enable IP source guard to filter incoming packets based on the DHCP relay entries.

·     To make sure the hosts in each branch obtain IP addresses from the address range assigned to the branch, perform the following tasks:

¡     Configure Option 82 on the DHCP relay agent.

¡     Create DHCP user classes for the branches and configure match rules based on Option 82 to match the branches on the DHCP server.

Applicable hardware and software versions

The following matrix shows the hardware and software versions to which this configuration example is applicable:

 

Hardware	Software version
S6812 switch series S6813 switch series	Release 66xx
S6550XE-HI switch series	Release 6008 and later
S6525XE-HI switch series	Release 6008 and later
S5850 switch series	Release 8005 and later
S5570S-EI switch series	Release 11xx
S5560X-EI switch series	Release 63xx, Release 65xx, Release 66xx
S5560X-HI switch series	Release 63xx, Release 65xx, Release 66xx
S5500V2-EI switch series	Release 63xx, Release 65xx, Release 66xx
MS4520V2-30F switch	Release 63xx, Release 65xx, Release 66xx
MS4520V2-30C switch MS4520V2-54C switch	Release 65xx, Release 66xx
MS4520V2-28S switch MS4520V2-24TP switch	Release 63xx
S6520X-HI switch series S6520X-EI switch series	Release 63xx, Release 65xx, Release 66xx
S6520X-SI switch series S6520-SI switch series	Release 63xx, Release 65xx, Release 66xx
S5000-EI switch series	Release 63xx, Release 65xx, Release 66xx
MS4600 switch series	Release 63xx, Release 65xx, Release 66xx
ES5500 switch series	Release 63xx, Release 65xx, Release 66xx
S5560S-EI switch series S5560S-SI switch series	Release 63xx
S5500V3-24P-SI S5500V3-48P-SI	Release 63xx
S5500V3-SI switch series (except S5500V3-24P-SI and S5500V3-48P-SI)	Release 11xx
S5170-EI switch series	Release 11xx
S5130S-HI switch series S5130S-EI switch series S5130S-SI switch series S5130S-LI switch series	Release 63xx
S5120V2-SI switch series S5120V2-LI switch series	Release 63xx
S5120V3-EI switch series	Release 11xx
S5120V3-36F-SI S5120V3-28P-HPWR-SI S5120V3-54P-PWR-SI	Release 11xx
S5120V3-SI switch series (except S5120V3-36F-SI, S5120V3-28P-HPWR-SI, and S5120V3-54P-PWR-SI)	Release 63xx
S5120V3-LI switch series	Release 63xx
S3600V3-EI switch series	Release 11xx
S3600V3-SI switch series	Release 11xx
S3100V3-EI switch series S3100V3-SI switch series	Release 63xx
S5110V2 switch series	Release 63xx
S5110V2-SI switch series	Not supported
S5000V3-EI switch series S5000V5-EI switch series	Not supported
S5000E-X switch series S5000X-EI switch series	Not supported
E128C switch E152C switch E500C switch series E500D switch series	Release 63xx
MS4320V2 switch series MS4320V3 switch series MS4300V2 switch series MS4320 switch series MS4200 switch series	Release 63xx
WS5850-WiNet switch series	Release 63xx
WS5820-WiNet switch series WS5810-WiNet switch series	Release 63xx
WAS6000 switch series	Not supported
IE4300-12P-AC switch IE4300-12P-PWR switch IE4300-M switch series IE4320 switch series	Release 63xx

 

Restrictions and guidelines

To ensure correct DHCP address allocation by using Option 82, you must perform Option 82 configuration on both the DHCP server and the DHCP relay agent.

Procedures

Configuring Device A

# Assign GigabitEthernet 1/0/2 to VLAN 2.

<DeviceA> system-view

[DeviceA] vlan 2

[DeviceA-vlan2] port gigabitethernet 1/0/2

[DeviceA-vlan2] quit

# Assign an IP address to VLAN-interface 2.

[DeviceA] interface vlan-interface 2

[DeviceA-Vlan-interface2] ip address 10.1.2.1 24

[DeviceA-Vlan-interface2] quit

# Assign GigabitEthernet 1/0/1 to VLAN 3.

[DeviceA] vlan 3

[DeviceA-vlan3] port gigabitethernet 1/0/1

[DeviceA-vlan3] quit

# Assign an IP address to VLAN-interface 3.

[DeviceA] interface vlan-interface 3

[DeviceA-Vlan-interface3] ip address 10.1.1.1 24

[DeviceA-Vlan-interface3] quit

# Enable DHCP.

[DeviceA] dhcp enable

# Enable DHCP server on VLAN-interface 2.

[DeviceA] interface vlan-interface 2

[DeviceA-Vlan-interface2] dhcp select server

[DeviceA-Vlan-interface2] quit

# Enable DHCP server on VLAN-interface 3.

[DeviceA] interface vlan-interface 3

[DeviceA-Vlan-interface3] dhcp select server

[DeviceA-Vlan-interface3] quit

# Create DHCP address pool 1.

[DeviceA] dhcp server ip-pool 1

# Specify the subnet and address range for dynamic address allocation.

[DeviceA-dhcp-pool-1] network 10.1.1.0 mask 255.255.255.0

[DeviceA-dhcp-pool-1] address range 10.1.1.2 10.1.1.100

# Specify the DNS server address, TFTP server address, domain name suffix, and gateway address to be assigned to clients.

[DeviceA-dhcp-pool-1] dns-list 10.1.1.3

[DeviceA-dhcp-pool-1] tftp-server ip-address 10.1.1.4

[DeviceA-dhcp-pool-1] domain-name com

[DeviceA-dhcp-pool-1] gateway-list 10.1.1.1

# Exclude the IP addresses of the DNS server and TFTP server from dynamic address allocation.

[DeviceA-dhcp-pool-1] forbidden-ip 10.1.1.3 10.1.1.4

[DeviceA-dhcp-pool-1] quit

# Apply the DHCP address pool to VLAN-interface 3.

[DeviceA] interface vlan-interface 3

[DeviceA-Vlan-interface3] dhcp server apply ip-pool 1

[DeviceA-Vlan-interface3] quit

# Create DHCP user class aa for the hosts at branch 1. Configure a match rule to match DHCP requests in which the fifth and sixth bytes of Option 82 are 0x0001. The string 0x0001 indicates that the clients are connected to interface GigabitEthernet 1/0/1.

[DeviceA] dhcp class aa

[DeviceA-dhcp-class-aa] if-match option 82 hex 0001 offset 4 length 2

[DeviceA-dhcp-class-aa] quit

# Create DHCP user class bb for the hosts at branch 2. Configure a match rule to match DHCP requests in which the fifth and sixth bytes of Option 82 are 0x0003. The string 0x0003 indicates that the clients are connected to interface GigabitEthernet 1/0/3.

[DeviceA] dhcp class bb

[DeviceA-dhcp-class-bb] if-match option 82 hex 0003 offset 4 length 2

[DeviceA-dhcp-class-bb] quit

# Create DHCP address pool 2.

[DeviceA] dhcp server ip-pool 2

# Specify the subnet for dynamic address allocation.

[DeviceA-dhcp-pool-2] network 10.1.3.0 mask 255.255.255.0

# Specify address range 10.1.3.2 to 10.1.3.48 for DHCP user class aa.

[DeviceA-dhcp-pool-2] class aa range 10.1.3.2 10.1.3.48

# Specify address range 10.1.3.49 to 10.1.3.100 for DHCP user class bb.

[DeviceA-dhcp-pool-2] class bb range 10.1.3.49 10.1.3.100

# Specify the DNS server address, TFTP server address, domain name suffix, and gateway address to be assigned to clients.

[DeviceA-dhcp-pool-2] tftp-server ip-address 10.1.1.4

[DeviceA-dhcp-pool-2] dns-list 10.1.1.3

[DeviceA-dhcp-pool-2] domain-name com

[DeviceA-dhcp-pool-2] gateway-list 10.1.3.1

[DeviceA-dhcp-pool-2] quit

# Apply the DHCP address pool to VLAN-interface 2.

[DeviceA] interface vlan-interface 2

[DeviceA-Vlan-interface2] dhcp server apply ip-pool 2

[DeviceA-Vlan-interface2] quit

# Configure a static route to subnet 10.1.3.0/24.

[DeviceA] ip route-static 10.1.3.0 24 10.1.2.2

Configuring Device B

# Assign GigabitEthernet 1/0/2 to VLAN 2.

<DeviceB> system-view

[DeviceB] vlan 2

[DeviceB-vlan2] port gigabitethernet 1/0/2

[DeviceB-vlan2] quit

# Assign an IP address to VLAN-interface 2.

[DeviceB] interface vlan-interface 2

[DeviceB-Vlan-interface2] ip address 10.1.2.2 24

[DeviceB-Vlan-interface2] quit

# Assign GigabitEthernet 1/0/1 and GigabitEthernet 1/0/3 to VLAN 3.

[DeviceB] vlan 3

[DeviceB-vlan3] port gigabitethernet 1/0/1

[DeviceB-vlan3] port gigabitethernet 1/0/3

[DeviceB-vlan3] quit

# Assign an IP address to VLAN-interface 3.

[DeviceB] interface vlan-interface 3

[DeviceB-Vlan-interface3] ip address 10.1.3.1 24

[DeviceB-Vlan-interface3] quit

# Enable DHCP.

[DeviceB] dhcp enable

# Enable DHCP relay agent on VLAN-interface 3.

[DeviceB] interface vlan-interface 3

[DeviceB-Vlan-interface3] dhcp select relay

# Specify the IP address of the DHCP server.

[DeviceB-Vlan-interface3] dhcp relay server-address 10.1.2.1

# Enable the DHCP relay agent to support Option 82.

[DeviceB-Vlan-interface3] dhcp relay information enable

[DeviceB-Vlan-interface3] quit

# Enable recording of client information in DHCP relay entries.

[DeviceB] dhcp relay client-information record

# Enable IPv4 source guard on VLAN-interface 3 to filter incoming packets by source IPv4 addresses and source MAC addresses.

[DeviceB] interface vlan-interface 3

[DeviceB-Vlan-interface3] ip verify source ip-address mac-address

[DeviceB-Vlan-interface3] quit

# Configure a static route to subnet 10.1.1.0/24.

[DeviceB] ip route-static 10.1.1.0 24 10.1.2.1

Verifying the configuration

# Verify that the IP address 10.1.3.3 has been assigned to a client.

<DeviceA> display dhcp server ip-in-use ip 10.1.3.3

IP address       Client identifier/    Lease expiration      Type

                 Hardware address

10.1.3.3         0033-6365-352e-6136-  Jan  2 00:34:02 2016  Auto(C)

                 6466-2e65-3133-392d-

                 5465-6e2d-4769-6761-

                 6269-7445-7468-6572-

                 6e65-7431-2f30-2f35-

                 31

# Verify that the hosts at each branch can obtain IP addresses from the address range assigned to the branch. This example uses a host at branch 2.

C:\Documents and Settings\aa>ipconfig

 

Windows IP Configuration

 

Ethernet adapter aa:

 

        Connection-specific DNS Suffix  . : domain-name com

        IP Address. . . . . . . . . . . . : 10.1.3.3

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        IPv6 Address. . . . . . . . . . . : fe80::20f:3dff:fe80:2b38%4

        Default Gateway . . . . . . . . . : 10.1.3.1

# Manually assign IP address 10.1.3.87 to a host at branch 2, and verify that the host cannot access the TFTP server. (Details not shown.)

Configuration files

IMPORTANT: Support for the port link-mode bridge command depends on the device model.

 

·     Device A:

#

 dhcp enable

#

vlan 2 to 3

#

dhcp class aa

 if-match option 82 hex 0001 offset 4 length 2

#

dhcp class bb

 if-match option 82 hex 0003 offset 4 length 2

#

dhcp server ip-pool 1

 network 10.1.1.0 mask 255.255.255.0

 address range 10.1.1.2 10.1.1.100

 dns-list 10.1.1.3

 domain-name com

 forbidden-ip 10.1.1.3

 forbidden-ip 10.1.1.4

 gateway-list 10.1.1.1

 tftp-server ip-address 10.1.1.4

#

dhcp server ip-pool 2

 network 10.1.3.0 mask 255.255.255.0

 class aa range 10.1.3.2 10.1.3.48

 class bb range 10.1.3.49 10.1.3.100

 dns-list 10.1.1.3

 domain-name com

 gateway-list 10.1.3.1

 tftp-server ip-address 10.1.1.4

#

interface Vlan-interface2

 ip address 10.1.2.1 255.255.255.0

 dhcp server apply ip-pool 2

#

interface Vlan-interface3

 ip address 10.1.1.1 255.255.255.0

 dhcp server apply ip-pool 1

#

interface GigabitEthernet1/0/1

 port link-mode bridge

 port access vlan 3

#

interface GigabitEthernet1/0/2

 port link-mode bridge

 port access vlan 2

#

ip route-static 10.1.3.0 24 10.1.2.2

#

·     Device B:

#

 dhcp enable

 dhcp relay client-information record

#

vlan 2 to 3

#

interface Vlan-interface2

 ip address 10.1.2.2 255.255.255.0

#

interface Vlan-interface3

 ip address 10.1.3.1 255.255.255.0

 dhcp select relay

 dhcp relay information enable

 dhcp relay server-address 10.1.2.1

 ip verify source ip-address mac-address

#

interface GigabitEthernet1/0/1

 port link-mode bridge

 port access vlan 3

#

interface GigabitEthernet1/0/2

 port link-mode bridge

 port access vlan 2

#

interface GigabitEthernet1/0/3

 port link-mode bridge

 port access vlan 3

#

ip route-static 10.1.1.0 24 10.1.2.1

#