Powered by Zoomin Software. For more details please contact Show
Technical Content Portal Search
Facebook Flickr Instagram LinkedIn Search Twitter User icon More Sites icon YouTube Configuring the Cisco IOS DHCP Relay AgentAll Cisco routers that run Cisco software include a DHCP server and the relay agent software. A DHCP relay agent is any host or IP router that forwards DHCP packets between clients and servers. This module describes the concepts and tasks needed to configure the Cisco IOS DHCP relay agent.
Finding Feature InformationYour software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required. Prerequisites for Configuring the Cisco IOS DHCP Relay Agent
Information About the DHCP Relay Agent
DHCP Relay Agent OverviewA DHCP relay agent is any host that forwards DHCP packets between clients and servers. Relay agents are used to forward requests and replies between clients and servers when they are not on the same physical subnet. Relay agent forwarding is distinct from the normal forwarding of an IP router, where IP datagrams are switched between networks somewhat transparently. By contrast, relay agents receive DHCP messages and then generate a new DHCP message to send out on another interface. The relay agent sets the gateway IP address (giaddr field of the DHCP packet) and, if configured, adds the relay agent information option (option82) in the packet and forwards it to the DHCP server. The reply from the server is forwarded back to the client after removing option 82. The Cisco IOS XE DHCP relay agent supports the use of unnumbered interfaces. An unnumbered interface can “borrow” the IP address of another interface already configured on the router, which conserves network and address space. For DHCP clients connected though the unnumbered interfaces, the DHCP relay agent automatically adds a static host route once the DHCP client obtains an address, specifying the unnumbered interface as the outbound interface. The route is automatically removed once the lease time expires or when the client releases the address. How to Configure the DHCP Relay Agent
Specifying the Packet Forwarding AddressPerform this task to configure the DHCP relay agent to forward packets to a DHCP server. 1. enable 2. configure terminal 3.
interface type number 4. ip helper-address address DETAILED STEPS
Configuring Support for the Relay Agent Information OptionAutomatic DHCP address allocation is typically based on an IP address, which may be either the gateway IP address (giaddr field of the DHCP packet) or the incoming interface IP address. In some networks, additional information may be required to further determine the IP addresses that need to be allocated. By using the relay agent information option (option 82), the Cisco IOS relay agent can include additional information about itself when forwarding client-originated DHCP packets to a DHCP server. Cisco software supports this functionality by using the ip dhcp relay information option command. The relay agent will automatically add the circuit identifier suboption and the remote ID suboption to the relay agent information option and forward them to the DHCP server. The DHCP server can use this information to assign IP addresses, perform access control, and set quality of service (QoS) and security policies (or other parameter-assignment policies) for each subscriber of a service provider network. The figure below shows how the relay agent information option is inserted into the DHCP packet as follows:
A DHCP relay agent may receive a message from another DHCP relay agent that already contains relay information. By default, the relay information from the previous relay agent is replaced. If this behavior is not suitable for your network, you can use the ip dhcp relay information policy {drop | keep | replace} global configuration command to change it. To ensure the correct operation of the reforwarding policy, disable the relay agent information check by using the no ip dhcp relay information check global configuration command. It is important to understand how DHCP options work. See the “DHCP Overview” module for more information.
1. enable 2. configure terminal 3. ip dhcp relay information
option 4. ip dhcp relay information check 5. ip dhcp relay information policy{drop| keep | replace} 6.
ip dhcp relay information trust-all 7. end 8. show ip dhcp relay information trusted-sources DETAILED STEPS
Configuring Per-Interface Support for the Relay Agent Information OptionThe interface configuration allows a Cisco router to reach subscribers with different DHCP option 82 requirements on different interfaces. It is important to understand how DHCP options work. See the “DHCP Overview” module for more information.
1. enable 2. configure terminal 3. interface type number
4. ip dhcp relay information option-insert[none] 5. ip dhcp relay information check-reply[none] 6. ip dhcp
relay information policy-action{drop | keep | replace} 7. exit 8. Repeat Steps 3 through 7 to configure relay agent information settings on different interfaces. DETAILED STEPS
Configuring the Subscriber Identifier Suboption of the Relay Agent Information OptionPerform this task to enable an Internet service provider (ISP) to add a unique identifier to the subscriber-identifier suboption of the relay agent information option. The unique identifier enables an ISP to identify a subscriber, to assign specific actions to that subscriber (for example, assignment of host IP address, subnet mask, and domain name system DNS), and to trigger accounting. Before the introduction of this feature, if a subscriber moved, each ISP had to be informed of the change and all ISPs had to reconfigure the DHCP settings for the affected customers at the same time. Even if the service was not changed, every move involved administrative changes in the ISP environment. With the introduction of this feature, if a subscriber moves from one Network Access Server to another, there is no need for a change in the configuration on the part of the DHCP server or ISP. You should configure the unique identifier for each subscriber. The new configurable subscriber-identifier option should be configured on the interface connected to the client. When a subscriber moves from one interface to the other, the interface configuration should also be changed. The server should be able to recognize the new suboption. 1. enable 2. configure terminal 3. ip dhcp relay information option 4. interface type number 5. ip
dhcp relay information option subscriber-id string DETAILED STEPS
Configuring DHCP Relay Class Support for Client IdentificationDHCP relay class support for client identification allows the Cisco relay agent to forward client-generated DHCP messages to different DHCP servers based on the content of the following four options:
Each option identifies the type of client that is sending the DHCP message. Relay pools provide a method to define DHCP pools that are not used for address allocation. These relay pools can specify that DHCP messages from clients on a specific subnet should be forwarded to a specific DHCP server. These relay pools can be configured with relay classes inside the pool that help determine the forwarding behavior. For example, after receiving the option in a DHCP DISCOVER message, the relay agent will match and identify the relay class from the relay pool and then direct the DHCP DISCOVER message to the DHCP server associated with that identified relay class. In an example application, a Cisco router acting as a DHCP relay agent receives DHCP requests from two VoIP services (H.323 and the Session Initiation Protocol [SIP]). The requesting devices are identified by option 60. Both VoIP services have a different back-office infrastructure, so they cannot be serviced by the same DHCP server. Requests for H.323 devices must be forwarded to the H.323 server, and requests from SIP devices must be forwarded to the SIP server. The solution is to configure the relay agent with relay classes that are configured to match option 60 values sent by the client devices. Based on the option value, the relay agent will match and identify the relay class, and forward the DHCP DISCOVER message to the DHCP server associated with the identified relay class. The Cisco IOS DHCP server examines the relay classes that are applicable to a pool and then uses the exact match class regardless of the configuration order. If the exact match is not found, the DHCP server uses the first default match found. It is important to understand how DHCP options work. See the “DHCP Overview” module for more information. You must know the hexadecimal value of each byte location in the options to be able to configure the option hex command. The format may vary from product to product. Contact the relay agent vendor for this information. 1. enable 2. configure terminal 3. ip dhcp class class-name
4. option code hex hex-pattern[*][mask bit-mask-pattern] 5. exit 6. Repeat Steps 3 through 5 for each DHCP class that you need to configure. 7. ip dhcp pool name 8. relay source ip-address subnet-mask 9. class class-name 10.
relay target [vrf vrf-name | global] ip-address 11. exit 12. Repeat Steps 9 through 11 for each DHCP class that you need to configure. DETAILED STEPS
Configuring DHCP Relay Agent Support for MPLS VPNsPerform this task to configure DHCP relay agent support for MPLS VPNs. Before configuring DHCP relay support for MPLS VPNs, you must configure standard MPLS VPNs. 1. enable 2. configure terminal 3.
ip dhcp relay information option vpn 4. interface type number 5. ip helper-address vrf name [global]
address DETAILED STEPS
Configuring Support for Relay Agent Information Option EncapsulationWhen two relay agents are relaying messages between the DHCP client and the DHCP server, the relay agent closer to the server, by default, replaces the first option 82 information with its own option 82. The remote ID and circuit ID information from the first relay agent is lost. In some deployment scenarios, it is necessary to maintain the initial option 82 from the first relay agent, in addition to the option 82 from the second relay agent, for example, in a situation where an Intelligent Services Gateway (ISG) acting as a second relay agent is connected to a Layer 2 device. The Layer 2 device connects to the household and identifies the household with its own option 82. The DHCP Relay Option 82 Encapsulation feature allows the second relay agent to encapsulate option 82 information in a received message from the first relay agent if the second relay agent is configured to add its own option 82 information. This configuration allows the DHCP server to use option 82 information from both relay agents. The DHCP server can use the VPN information from the second relay agent, along with the option 82 information from the first relay agent, to send correct address assignments and other configuration parameters for the client devices based on the VRF, option 60, and encapsulated option 82. The reply message from the DHCP server to the DHCP client traverses the same path as the request messages through the two relay agents to the DHCP client. The figure below shows the processing that occurs on the two relay agents and the DHCP server when this feature is configured:
1.
enable 2. configure terminal 3. ip dhcp relay information option 4. ip dhcp relay information option vpn
5. ip dhcp relay information policy encapsulate 6. interface type number 7. ip dhcp relay information
policy-action encapsulate 8. end DETAILED STEPS
Setting the Gateway Address of the DHCP Broadcast to a Secondary Address Using Smart Relay Agent ForwardingYou only need to configure helper addresses on the interface where the UDP broadcasts that you want to forward to the DHCP server are being received. You only need to configure the ip dhcp smart-relay command if you have secondary addresses on that interface and you want the router to step through each IP network when forwarding DHCP requests. If smart relay agent forwarding is not configured, all requests are forwarded using the primary IP address on the interface. If the ip dhcp smart-relay command is configured, the relay agent counts the number of times that the client retries sending a request to the DHCP server when there is no DHCPOFFER message from the DHCP server. After three retries, the relay agent sets the gateway address to the secondary address. If the DHCP server still does not respond after three more retries, then the next secondary address is used as the gateway address. This functionality is useful when the DHCP server cannot be configured to use secondary pools. 1. enable 2. configure terminal 3. ip dhcp smart-relay 4.
exit DETAILED STEPS
Configuring Support for Private and Standard Suboption NumbersSome features that are not standardized will use the private Cisco relay agent suboption numbers. After the features are standardized, the relay agent suboptions are assigned the Internet Assigned Numbers Authority (IANA) numbers. Cisco software supports both private and IANA numbers for these suboptions. Perform this task to configure the DHCP client to use private or IANA standard relay agent suboption numbers. 1. enable 2.
configure terminal 3. ip dhcp compatibility suboption link-selection {cisco | standard} 4. exit DETAILED STEPS
Troubleshooting the DHCP Relay AgentPerform this task to troubleshoot the DHCP relay agent. The show ip route dhcp command is useful to help you understand any problems with the DHCP relay agent adding routes to clients from unnumbered interfaces. All routes added to the routing table by the DHCP server and relay agent are displayed. 1. enable 2. show ip route
dhcp 3. show ip route dhcp ip-address 4. show ip route vrf vrf-name dhcp 5. clear ip
route [vrf vrf-name] dhcp [ip-address] DETAILED STEPS
Configuring Route Addition for Relay and ServerTo enable route addition by DHCPv6 relay and server for the delegated prefix, use the ipv6 dhcp iapd-route-add command in global configuration mode. To add routes for individually assigned IPv6 addresses on the relay or server, use the ipv6 dhcp iana-route-add command in global configuration mode. Configuration Examples for the Cisco IOS DHCP Relay Agent
Example: Configuring Support for the Relay Agent Information OptionThe following example shows how to enable the DHCP server, the relay agent, and the insertion and removal of the DHCP relay information option (option 82). Note that the Cisco IOS DHCP server is enabled by default. In this example, the DHCP server is disabled: ! Reenables the DHCP server. service dhcp ip dhcp relay information option ! interface ethernet0/0 ip address 192.168.100.1 255.255.255.0 ip helper-address 10.55.11.3 Example: Configuring Per-Interface Support for the Relay Agent Information OptionThe following example shows that for subscribers who are being serviced by the same aggregation router, the relay agent information option for ATM subscribers must be processed differently from that for Ethernet digital subscribers. For ATM subscribers, the relay agent information option is configured to be removed from the packet by the relay agent before forwarding the packet to the client. For Ethernet subscribers, the connected device provides the relay agent information option, and the option is configured to remain in the packet and be forwarded to the client. ip dhcp relay information trust-all interface Loopback0 ip address 10.16.0.1 255.255.255.0 ! interface ATM3/0 no ip address ! interface ATM3/0.1 ip helper-address 10.16.1.2 ip unnumbered loopback0 ip dhcp relay information option-insert ! interface Loopback1 ip address 10.18.0.1 255.255.255.0 ! interface Ethernet4 no ip address ! interface Ethernet4/0.1 encapsulation dot1q 123 ip unnumbered loopback1 ip helper-address 10.18.1.2 ip dhcp relay information policy-action keep Example: Configuring the Subscriber Identifier Suboption of the Relay Agent Information OptionThe following example shows how to add a unique identifier to the subscriber-identifier suboption of the relay agent information option: ip dhcp relay information option ! interface Loopback0 ip address 10.1.1.129 255.255.255.192 ! interface ATM4/0 no ip address ! interface ATM4/0.1 point-to-point ip helper-address 10.16.1.2 ip unnumbered Loopback0 ip dhcp relay information option subscriber-id newperson123 atm route-bridged ip pvc 88/800 encapsulation aal5snap Example: Configuring DHCP Relay Class Support for Client IdentificationIn the following example, DHCP messages are received from DHCP clients on subnet 10.2.2.0. The relay agent will match and identify the relay class from the relay pool and forward the DHCP message to the appropriate DHCP server identified by the relay target command. ! ip dhcp class H323 option 60 hex 010203 ! ip dhcp class SIP option 60 hex 040506 ! ! The following is the relay pool: ip dhcp pool pool1 relay source 10.2.2.0 255.255.255.0 class H323 relay target 192.168.2.1 relay target 192.168.3.1 ! class SIP relay target 192.168.4.1 Example: Configuring DHCP Relay Agent Support for MPLS VPNsIn the following example, the DHCP relay agent receives a DHCP request on Ethernet interface 0/1 and sends the request to the DHCP server located at IP helper address 10.44.23.7, which is associated with the VRF named vrf1: ip dhcp relay information option vpn ! interface ethernet 0/1 ip helper-address vrf vrf1 10.44.23.7 ! Example: Configuring Support for Relay Agent Information Option EncapsulationIn the following example, DHCP relay agent 1 is configured globally to insert the relay agent information option into the DHCP packet. DHCP relay agent 2 is configured to add its own relay agent information option, including the VPN information, and to encapsulate the relay agent information option received from DHCP relay agent 1. The DHCP server receives the relay agent information options from both the relay agents, uses this information to assign IP addresses and other configuration parameters, and forwards them back to the client. DHCP Relay Agent 1ip dhcp relay information option DHCP Relay Agent 2ip dhcp relay information option ip dhcp relay information option vpn ip dhcp relay information option encapsulation Example: Setting the Gateway Address of the DHCP Broadcast to a Secondary Address Using Smart Relay Agent ForwardingIn the following example, the router will forward the DHCP broadcast received on Ethernet interface 0/0 to the DHCP server (10.55.11.3), by inserting 192.168.100.1 in the giaddr field of the DHCP packet. If the DHCP server has a scope or pool configured for the 192.168.100.0/24 network, the server will respond; otherwise, it will not respond. Because the ip dhcp smart-relay global configuration command is configured, if the router sends three requests using 192.168.100.1 in the giaddr field and does not get a response, the router will move on and start using 172.16.31.254 in the giaddr field instead. Without the smart relay functionality, the router uses only 192.168.100.1 in the giaddr field. ip dhcp smart-relay ! interface ethernet0/0 ip address 192.168.100.1 255.255.255.0 ip address 172.16.31.254 255.255.255.0 ip helper-address 10.55.11.3 ! Additional ReferencesRelated Documents
Standards and RFCs
Technical Assistance
Technical Assistance
Feature Information for the Cisco IOS DHCP Relay AgentThe following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Glossaryclient--A host trying to configure its interface (obtain an IP address) using DHCP or BOOTP protocols. DHCP--Dynamic Host Configuration Protocol. giaddr--Gateway IP address. The giaddr field of the DHCP message provides the DHCP server with information about the IP address subnet on which the client is to reside. It also provides the DHCP server with an IP address where the response messages are to be sent. MPLS--Multiprotocol Label Switching. Emerging industry standard upon which tag switching is based. relay agent--A router that forwards DHCP and BOOTP messages between a server and a client on different subnets. server--DHCP or BOOTP server. VPN--Virtual Private Network. Enables IP traffic to use tunneling to travel securely over a public TCP/IP network. VRF--VPN routing and forwarding instance. A VRF consists of an IP routing table, a derived forwarding table, a set of interfaces that use the forwarding table, and a set of rules and routing protocols that determine what goes into the forwarding table. In general, a VRF includes the routing information that defines a customer VPN site that is attached to a PE router. Each VPN instantiated on the PE router has its own VRF. What port does DHCP relay use?The default port is 67. Select the network interfaces that are used by the DHCP relay agent to connect to the DHCP server and client networks.
How does DHCP work with relay agent?A DHCP relay agent is any host that forwards DHCP packets between clients and servers. Relay agents are used to forward requests and replies between clients and servers when they are not on the same physical subnet.
Which of the following does the DHCP relay agent use to tell the DHCP?A DHCP relay agent uses "ip helper-address" command to indicate the DHCP server's IP address. It will insert the IP address of the interface which has that command configured into the gateway IP address field of DHCP packet to let DHCP server know which IP address range should be used to allocate.
Which port is a DHCP Discover packet sent out?The DHCP server is listening on port 67 and receives the discover request. The discover request contains the client MAC (or “hardware”) address and UDP source port 68. This enables the DHCP server to respond with a DHCP Offer to the sending client.
|