DHCP relay principle and configuration-vro

DHCP relay principle and Configuration

Application scenarios:

When the number of hosts in a network is large, manual IP Address allocation is not only troublesome but also prone to errors. The emergence of the DHCP service greatly facilitates the allocation of Host IP addresses. Vlan division is an essential step in enterprise networking. How to enable a DHCP server to provide services for multiple CIDR blocks at the same time is what we will discuss.

DHCP relay principle:

DHCP users use IP address broadcast to find DHCP servers on the same network segment. When the server and customer segment are in different network segments, that is, they are separated by routers, the routers will not forward such broadcast packets. Therefore, you may need to set up a DHCP server on each network segment. Although DHCP only consumes a small amount of resources, it is inconvenient to manage Multiple DHCP servers. The use of DHCP relay makes it possible for a DHCP server to serve multiple network segments at the same time.

To enable the router to forward broadcast request packets, use the ip help-address command. By using this command, the vro can be configured to Accept Broadcast requests and forward them to a specified IP address in Unicast mode. By default, the ip help-address Forwards the following eight UDP services:

1. Time 2. Tacacs 3.DNS 4. BOOTP/DHCP server

5. BOOTP/DHCP customer 6. TFTP 7. NetBios Name Service 8. NetBios datagram Service

In the case of DHCP broadcast, the customer broadcasts a DHCP discovery group in the guest network segment. The gateway obtains this group. If a help address is configured, the DHCP group is forwarded to a specific address.

DCHP relay Configuration

Step 1: Check whether the device supports the ios dhcp Server function

Generally, Cisco routers or access servers, and a small number of switches installed with the Routing Switching Module or multilayer switching function cards all have the ios dhcp Server function. If you have not confirmed whether your device has this function, you can perform quick detection on the CLI as follows:

Router> enable

Password:

Router # conf t

Router (config) # ip dhcp?

If the following information appears, it is a pity that your device does not support the ios dhcp Server function: % Unrecognized command

Otherwise, congratulations, your settings support DHCP.

Step 2: configure the DHCP server (the vro is used to configure the DHCPserver. PC ):

Route (config) # ip dhcp pool vlan10 // configure an address pool. vlan10 is the name of the address pool,

Route (dhcp-config) # network 192.168.10.0 255.255.255.0 // dynamically allocated address segment

Route (dhcp-config) # default-router 192.168.10.254 // gateway address

Route (dhcp-config) # dns-server x. x // configure the DNS server for the client

Route (dhcp-config) # lease 1 // The address lease period is one day

Route (dhcp-config) # exit

Route (config) # ip dhcp excluded-address 192.168.10.1 // This address is not allocated

Route (config) # ip dhcp excluded-address 192.168.10.254 // This address is not allocated

Route (config) # ip dhcp pool vlan20 // configure address pool vlan20, vlan30 address pool configuration is similar

Route (dhcp-config) # network 192.168.20.0 255.255.255.0 // dynamically allocated address segment

Route (dhcp-config) # default-router 192.168.255.254 // gateway address

Route (dhcp-config) # dns-server x. x // configure the DNS server for the client

Route (dhcp-config) # lease 1 // The address lease period is one day

Route (dhcp-config) # exit

Route (config) # ip dhcp excluded-address 192.168.255.254 // This address is not allocated

Tips: DHCP allocates IP addresses based on the source address segment.

Step 3: Configure DHCP when using router 5300 for single-arm routing:

Int f0

No ip address

No shut

Exit

Int f0.10 // vlan10

Ip address 192.168.10.254 255.255.255.0 // vlan Gateway

Ip help-address 192.168.10.1 // DHCP server address

No shut

Exit

Int f0.20 // vlan20, multiple CIDR blocks are similar

Ip address 192.168.255.254 // vlan Gateway

Ip help-address 192.168.10.1 // send the ip address to the DHCP server in the form of unicast

No shut

Exit

Use multi-layer switch (3550) DHCP Configuration

Int vlan 10

Ip address 192.168.10.254 255.255.255.0 // vlan10 Gateway

Ip help-address 192.168.10.1 // DHCP server address

No shut

Exit

Int vlan 20

Ip address 192.168.255.254 255.255.255.0 // vlan10 Gateway

Ip help-address 192.168.10.1 // DHCP server address

No shut

Exit

Digress:

In addition to the ios dhcp Server, there are many types of DHCP servers. For example, Windows 2000 or linux dhcp server. However, no matter what type of DHCP server you use, the settings on the VLAN are the same. The only difference is that one is set on the router and the other is set on the PC server. Setting up a DHCP server on a PC server is easier. From this point of view, it seems that using a PC server as a DHCP server is more advantageous. However, if we look at the stability and function, these DHCP servers cannot be compared with vrouters. After all, it is important for large networks to ensure stable operation 24 hours a day. Therefore, it is safer to use routers as DHCP servers in large networks.

Cross-subnet DHCP server (PC version)

To improve network security, a larger LAN is usually divided into multiple subnets. However, the DHCP server can only provide services for the machines in this subnet. configuring the DHCP server for each subnet will result in waste. How can I enable a DHCP server to provide TCP/IP configuration services for multiple subnets at the same time?

Taking the two subnets A and B managed as an example, subnet A is configured with a dhcp server, and subnet B does not have a dhcp server. The following configuration operations are performed on subnet B:

1. Configure routes

In subnet B, select A Windows 2003 Server and configure it as A router to connect two subnets, A and B (the server belongs to both subnets at the same time ). Go to "Control Panel> Management Tools", run the "Routing and Remote Access" tool, right-click the local server, and select "configure and enable Routing and Remote Access". The installation wizard dialog box is displayed, select "custom configuration", click "Next", select "LAN routing", and click "finish ".

2. configure a relay proxy

In the Routing and Remote Access Windows, expand "Local Server> IP Route Selection> General", right-click "General", and select "add route protocol ", select "DHCP relay agent" in the new routing protocol window and click "OK.

Right-click the DHCP relay agent and select "properties". The "DHCP relay agent properties" dialog box is displayed, on the "General" tab, enter the IP address of the DHCP server of subnet A in the "server address" column, click "add", and then click "OK.

Right-click the DHCP relay agent and select "New Interface". The dialog box for the new interface of the DHCP relay agent is displayed. In the "interface" box, select the interface that can access subnet, that is, to connect to the NIC of subnet A, click "OK. In the displayed "DHCP relay properties" dialog box, make sure that the "relay DHCP packet" is selected, its relay function is enabled, and then click "OK. After completing the preceding configuration, the client of subnet B can use the DHCP server of subnet.

Tip: the relay proxy is a small program that transfers DHCP/BOOTP messages between DHCP clients and DHCP servers in different subnets. Next we will configure this Windows 2003 Server as a DHCP relay proxy server. In this way, when A client of subnet B sends A request, the relay proxy forwards the request to the DHCP server of subnet, then, the TCP/IP configuration information returned by the DHCP server is forwarded to the client of subnet B.