DHCP on Cisco IOS

Dynamic Host Configuration Protocol

4.5.c i Client, server, relay

DHCP server

// Graphic missing - Coming soon //

General information on “DHCP server”:

Automatically gives out/assigns IP addresses and optionally other parameters to hosts
Allows the central management and configuration of IP addresses
Clients/relays use udp/68 whereas servers use udp/67 for communication
MAC addresses are used for reservation

How “DHCP server” works:

DHCP DISCOVER: Host sends out an IP request (broadcast).
DHCP OFFER: DHCP server responds with an IP offer (and optionally other parameters) (unicast).
DHCP REQUEST: Host requests the offered IP (and optionally other parameters) to be assigned to him (broadcast).
DHCP ACKNOWLEDGE: DHCP server responds with an acknowledge (unicast).

“DHCP server” CLI configuration commands:

## Configuring a DHCP server address pool
Router(config)# ip dhcp pool <name>
Router(dhcp-config)# network <network>
Router(dhcp-config)# dns-server <ip-addr>
Router(dhcp-config)# default-router <ip-addr>

## Defining IP addresses to be excluded from being leased
Router(config)# ip dhcp excluded-address <ip-addr>

“DHCP server” CLI show commands:

## Showing configured DHCPv4 pools
Router# show ip dhcp pool

## Showing DHCPv4-leased IP addresses
Router# show ip dhcp binding

DHCP relay

General information on “DHCP relay”:

DHCP works with broadcast packets
If a host requests an IP address it sends out a DHCP Discover (L2 broadcast packet)
If a DHCP server is available within the broadcast domain it answers with a DHCP Offer
If the DHCP server is in another broadcast domain then a DHCP relay is needed
This is because broadcasts stay within their broadcast domain/are not routable

How “DHCP relay” works:

An “IP helper address” is needed for this to work
The defined “IP helper address” is the IP address of the DHCP server
With an “IP helper address” the DHCP broadcast messages will be converted into unicast messages
The “IP helper address” is normally defined on the physical/virtual interface of the subnet of which the DHCP broadcast messages need to be relayed from

Duplicate DHCP relay traffic with HSRP:

Problem: When using HSRP and a DHCP relay is configured on each HSRP router, the DHCP traffic will get duplicated. This isn’t a problem under normal circumstances but can lead to unneccessary excessive traffic, etc.
Solution: Using the keyword redundancy <fhrp-group-name> limits the DHCP relay to only be active on the current active FHRP router.

“DHCP relay” CLI configuration commands:

## Configuring a DHCP relay (aka IP helper address) on an interface
Router(config)# interface <if>
Router(config-if)# ip helper-address <ip-addr>

## Avoiding duplicate DHCP relay traffic with HSRP
Router(config)# interface <if>
Router(config-if)# ip helper-address <ip-addr> redundancy <fhrp-group-name>

4.5.c ii Options

General information on “DHCP options”:

Besides IP addresses, DHCP is able to hand out other information
This includes gateway (option 003), DNS servers (option 006), DNS domain (option 015) and others
IPv6 doesn’t support the gateway option since the gateway is given with the RA (= link-local IPv6 address of the router)
Important: Even if an option is configured, it’s up to the client whether he uses it or not!

Useful DHCP options:

003: Router
006: DNS server
015: DNS domain
042: NTP server
043: Vendor specific (useful for CAPWAP APs, DNA Center, …)
069: SMTP server
070: POP3 server
082: DHCP relay agent information
150: TFTP server

4.5.c DHCPv4 address reservation (not on blueprint)

General information on “DHCPv4 address reservation”:

It’s possible to create static DHCPv4 reservations on Cisco IOS, although the configuration is not that trivial (compared to Windows Server DHCP services)
For each reservation a own DHCP pool has to be created
Reservations can be done based on either the MAC address of the client or the client identifier
The client identifier is a Cisco proprietary string in hex (format when converted to ASCII: <cisco>-<macaddress>-<interface>, e.g. cisco-aabb.cc00.0e00-Et0/0)
By default, every interface of a Cisco router/switch/… sends its client identifier instead of the MAC address to a DHCP server when DHCP is enabled on the interface
When using the MAC address as identifier, 01 (value for Ethernet) must be prepended before entering it

“DHCPv4 address reservation” CLI configuration commands:

## Configuring a DHCPv4 address reservation
Router(config)# ip dhcp pool <name>
Router(dhcp-config)# host <ip> <mask>
Router(dhcp-config)# client-identifier <identifier>
Router(dhcp-config)# default-router <ip-addr>

## Configuring a router interface to use the MAC address as identifier
Router(config)# interface <if>
Router(config-if)# ip address dhcp client-id ethernet <if>

4.5.c iii SLAAC/DHCPv6 interaction

General information on “SLAAC/DHCPv6 interaction”:

SLAAC and DHCPv6 can go hand in hand
This is because SLAAC is only responsible for address configuration whereas DHCPv6 can be used for either both (stateful) or only for providing additional information (stateless)
A combination of both can be used
Example: Address configuration on the end hosts is done via SLAAC. Additional parameters like DNS server, domain name, … is provided via DHCPv6.

4.5.c iv Stateful, stateless DHCPv6

Stateful DHCPv6

General information on “Stateful DHCPv6”:

Like the “normal” DHCP server in IPv4
Server provides and retains all host prefixes + addresses and provides additional options
RA Flags are:
- A = 0
- O = 0
- M = 1
Default gateway is learned in using the information included in the RA (= link-local address of the router)
With the rapid-commit argument, only 2 messages (Solicit, Reply) instead of 4 messages (Solicit, Reply, Request, Reply) are used
Rapid-commit must be supported on both sides (server and client) to be working

Configuration steps:

Configure a DHCPv6 pool and options
Apply DHCPv6 pool to an interface

“Stateful DHCPv6” CLI configuration commands:

## Configuring a DHCPv6 address pool
Router(config)# ipv6 dhcp pool <pool-name>
Router(config-dhcpv6)# address prefix <prefix/length> lifetime <valid> <preferred>
Router(config-dhcpv6)# dns-server <ipv6-addr>
Router(config-dhcpv6)# domain-name <domain>

## Attaching DHCPv6 address pool to an interface and make it stateful
Router(config)# interface <if>
Router(config-if)# ipv6 nd managed-config-flag
Router(config-if)# ipv6 nd prefix <prefix/length> no-autoconfig
Router(config-if)# ipv6 dhcp server <pool-name> [rapid-commit]

“Stateful DHCPv6” CLI show commands:

## Showing configured DHCPv6 pools
Router# show ipv6 dhcp pool

## Showing DHCPv6-leased IP addresses and/or prefixes
Router# show ipv6 dhcp binding

Stateless DHCPv6

General information on “Stateless DHCPv6”:

Hosts use SLAAC for address autoconfiguration
Server doesn’t retain or give out any host addresses
Server “only” provides additional options like DNS servers, domain name, …
RA Flags are:
- A = 1
- O = 1
- M = 0
Default gateway is learned in using the information included in the RA (= link-local address of the router)
With the rapid-commit argument, only 2 messages (Solicit, Reply) instead of 4 messages (Solicit, Reply, Request, Reply) are used

Configuration steps:

Configure a DHCPv6 pool and options
Apply DHCPv6 pool to an interface

“Stateless DHCPv6” CLI configuration commands:

## Configuring a stateless DHCPv6 address pool
Router(config)# ipv6 dhcp pool <pool-name>
Router(config-dhcpv6)# dns-server <ipv6-addr>
Router(config-dhcpv6)# domain-name <domain>

## Attaching DHCPv6 address pool to an interface and make it stateless
Router(config)# interface <if>
Router(config-if)# ipv6 nd other-config-flag
Router(config-if)# ipv6 dhcp server <pool-name> [rapid-commit]

“Stateless DHCPv6” CLI show commands:

## Showing configured DHCPv6 pools
Router# show ipv6 dhcp pool

## Showing DHCPv6-leased IP addresses and/or prefixes
Router# show ipv6 dhcp binding

DHCPv6 relay (not on blueprint)

General information on “DHCPv6 relay”:

Feature-wise equal to DHCP relay in IPv4
Possible DHCPv6 relay destination addresses:
- A unicast address
- The well-known link-local multicast address FF02::1:2 (all DHCPv6 servers)
- The site-local multicast address FF05::1:3 (all DHCPv6 servers) (requires IPv6 multicast routing to be enabled)

“DHCPv6 relay” CLI configuration commands:

## Configuring a DHCPv6 relay on an interface (where DHCP REQUESTS are incoming)
Router(config)# interface <if>
Router(config-if)# ipv6 dhcp relay destination <ipv6-addr> <if>

DHCPv6 protocol operations (not on blueprint)

// Graphic missing - Coming soon //

General information about “DHCPv6 protocol operations (not on blueprint)":

Clients/relays use udp/546 whereas servers use udp/547 for communication
DUID instead of MAC addresses are used for reservation
DHCPv6 has different flags (sent in the RA) to tell the host how to configure itself:
- A Flag: Address Autoconfiguration Flag
  - Suggests SLAAC for address configuration
  - Host generates his own IPv6 address with EUI-64 or random 64-bit value (privacy extensions)
- O Flag: Other Configuration Flag
  - Suggests Stateless DHCPv6 server
  - Host generates his own IPv6 address with EUI-64 or random 64-bit value (privacy extensions)
  - Other configuration options are sent from DHCPv6 server to the host
- M Flag: Managed Address Configuration Flag
  - Suggests stateful DHCPv6 server
Other flags sent in the IPv6 RA:
- L Flag: On-Link Flag
  - Used to indicate that the prefix is local on the link and that traffic to its neighbors doesn’t have to traverse the default gateway
DHCPv6 has four commonly used message types (23 overall):
- SOLICIT (1): Message from host sent to FF02::1:2 (all DHCPv6 relays and servers) to locate DHCPv6 servers (multicast).
- ADVERTISE (2): Message one or several DHCPv6 server(s) to tell the host is has DHCPv6 services (unicast).
- REQUEST (3): Message from host to server to request configuration parameters. In case of stateful DHCPv6 it’s a REQUEST, in case of stateless DHCPv6 it’s an INFORMATION-REQUEST (multicast).
- REPLY (7): Message from server to host with address (if stateful DHCPv6 only) and other configuration parameters (unicast).

4.5.c v DHCPv6 Prefix Delegation

General information on “DHCPv6 Prefix Delegation”:

Used to assign IPv6 sub-prefixes (eg. /56) from a global IPv6 prefix pool (eg. /32) to DHCP clients
Commonly used in ISP environments to give out sub-prefixes to customers
Example: An ISP has a global IPv6 prefix of 2001:DB8::/32. The ISP wants to automatically give out /56 sub-prefixes to customers which they can give to their local hosts. This is where DHCPv6 prefix delegation is used.

Configuration steps:

ISP: Define a local IPv6 prefix pool
ISP: Configure a DHCPv6 pool pointing to the local IPv6 prefix pool
ISP: Assign DHCPv6 pool to customer facing interface
Customer: Configure interface towards the ISP w/ PD option
Customer: Configure interface towards the local hosts

“DHCPv6 Prefix Delegation” CLI configuration commands:

## ISP - Defining a local IPv6 prefix pool
Router(config)# ipv6 local pool [NAME] <prefix> <length-to-assign>

## ISP - Configuring a DHCPv6 pool pointing to the local IPv6 prefix pool
Router(config)# ipv6 dhcp pool <pool-name>
Router(config-dhcpv6)# prefix-delegation pool <pool-name>

## ISP - Attaching the DHCPv6 pool to an interface
Router(config)# interface <interface>
Router(config-if)# ipv6 dhcp server <pool-name> [rapid-commit]

## Customer - Configuring interface towards the ISP
Router(config)# interface <interface>
Router(config-if)# ipv6 address autoconfig default
Router(config-if)# ipv6 dhcp client pd [PREFIX_NAME]

## Customer - Configuring interface towards the local hosts
Router(config)# interface <interface>
Router(config-if)# ipv6 address [PREFIX_NAME] <identifier>

“DHCPv6 Prefix Delegation” CLI show commands:

## ISP: Showing local IPv6 pools to be used for Prefix Delegation
Router# show ipv6 local pool

## Showing DHCPv6-leased IP addresses and/or prefixes
Router# show ipv6 dhcp binding

## Customer: Showing IPv6 prefix acquired/assigned from the ISP via Prefix Delegation
Router# show ipv6 general-prefix

## Showing DHCPv6-enabled interfaces
Router# show ipv6 dhcp interface