Using the Cisco IOS DHCP Server on Access Servers

Introduction

This document provides a sample configuration for using the Cisco IOS DHCP Server on Access servers.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

• Cisco IOS® Software Release 12.1(9) on a Cisco 5300 router.

  The Cisco IOS DHCP server feature was introduced in Cisco IOS Software Release 12.0(1)T. Use the Software Advisor to check if your current IOS version and platform support the IOS DHCP server feature.

  Note: You need Cisco IOS Software Release 12.0(2)T or later for use with Cisco 1700 series routers.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

For more information on document conventions, refer to Cisco Technical Tips Conventions.

Background Information

There are several different mechanisms for delivering IP addresses to dialin clients on Access servers. Some possible options for assigning IP addresses to clients include:

• Assigning an address from the local IP pool on the Access server.

• Using an external Dynamic Host Control Protocol (DHCP) server.

• Using RADIUS or TACACS.

This document focusses on how to use the Cisco IOS® server functionality with Access servers to assign IP addresses and other DHCP variables to dialin clients. This avoids using an external DHCP server and, instead, uses the built-in DHCP server functionality from the Cisco IOS itself. DHCP enables you to automatically assign reusable IP addresses to DHCP clients.

The Cisco IOS DHCP server feature is a full DHCP server implementation that assigns and manages IP addresses from specified address pools within the router to DHCP clients. If the Cisco IOS DHCP server cannot satisfy a DHCP request from its own database, it can forward the request to one or more secondary DHCP servers defined by the network administrator.

To learn more about Cisco IOS DHCP functionality, restrictions and supported platforms, please refer to the Cisco IOS DHCP Server document. At this point, it is useful to know which parameters can be passed to the PPP client.

Note: We are unable to use subnet masking to the PPP client. This is due to a limitation with the Request For Comments (RFC). The reason for this is that, when PPP negotiates with the PPP client, the following parameters are negotiated via PPP and IP Control Protocol (IPCP):

• IP address.

• Primary and Secondary Domain Name System (DNS) addresses.

• Primary and Secondary NetBIOS Name Service (NBNS) addresses.

• TCP/IP Header Compression.

The function for passing a subnet mask to the PPP client is not part of the protocol for PPP (RFC 1548) or IPCP (RFC 1332). The async-bootp commands such as async-bootp dns-server and async-bootp nbns-server pass the information to the PPP client because these fields are negotiated via PPP. The async-bootp subnet-mask is not a parameter that is passed through PPP.

The async-bootp global configuration commands enable support for extended Bootstrap Protocol (BOOTP) requests, as defined in RFC 1084, when you configure the router for Serial Line Internet Protocol (SLIP). When the Windows 95 or NT PC that is running dial-up networking dials into your router, it is doing PPP, not BOOTP or SLIP. This means that there is no way to pass the subnet mask to the Windows 95 or NT PPP dial-up client, or the gateway for that matter. When you have a Windows dialin client that gets its IP address dynamically from the Access server, you can see that the subnet mask is set to 255.0.0.0. Since this is a point-to-point connection, the subnet mask is not important, because the dialin client is known to the Access server as a single host route (255.255.255.255 netmask). The Access server has one host route for each of the connected dialin clients.

Check the following RFCs for information on PPP negotiation:

• RFC 1332

• RFC 2484

• RFC 1877

You can access these RFCs from any public RFC repository.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: To find additional information on the commands used in this document, use the Command Lookup Tool (registered customers only) .

Network Diagram

This document uses this network setup:

Configurations

This document uses this configuration:

• Caramel

caramel#show running-config
Building configuration...
Current configuration : 3030 bytes
!
! Last configuration change at 14:02:23 CEST Thu Aug 23 2001
! NVRAM config last updated at 12:25:26 CEST Thu Aug 23 2001
!
version 12.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname caramel
!
boot system flash:
aaa new-model
AAA authentication login default local
AAA authentication ppp default local
AAA authorization network default local
enable password ww
!
username ww password 0 ww
username vpdn password 0 vpdn
username async password 0 async
username test password 0 test
spe 2/0 2/9
firmware location flash:mica-modem-pw.2.7.3.0.bin
!
!
resource-pool disable
!
!
!
!
!
clock timezone CET 2
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
modem country mica belgium
ip subnet-zero
ip host rund 172.17.247.195
ip domain-name nba.cisco.com
ip name-server 10.200.20.134
no ip dhcp conflict logging
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.253
ip dhcp excluded-address 10.10.10.254
ip dhcp excluded-address 10.10.10.252
!
ip dhcp pool 0
network 10.10.10.0 255.255.255.0
dns-server 10.10.10.254
default-router 10.10.10.1
domain-name CISCO.COM
netbios-name-server 10.10.10.253 10.10.10.252
!
ip address-pool dhcp-proxy-client
ip dhcp-server 10.10.10.1
isdn switch-type primary-net5
mta receive maximum-recipients 0
!
controller E1 0
clock source line primary
pri-group timeslots 1-31
!
controller E1 1
clock source line secondary 1
!
controller E1 2
clock source line secondary 2
!
controller E1 3
clock source line secondary 3
!
!
!
!
!
interface Loopback0
ip address 10.10.10.1 255.255.255.0
!
interface Ethernet0
ip address 10.200.20.7 255.255.255.0
no cdp enable
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
no fair-queue
clockrate 2015232
no cdp enable
!
interface Serial2
no ip address
shutdown
no fair-queue
clockrate 2015232
no cdp enable
!
interface Serial3
no ip address
shutdown
no fair-queue
clockrate 2015232
no cdp enable
!
interface Serial0:15
no ip address
encapsulation ppp
dialer rotary-group 1
isdn switch-type primary-net5
isdn incoming-voice modem
no peer default ip address
no cdp enable
ppp authentication chap
!
!
interface Serial1:15
no ip address
encapsulation ppp
dialer rotary-group 1
isdn switch-type primary-net5
isdn incoming-voice modem
no peer default ip address
no cdp enable
ppp authentication chap
!
!
interface Serial2:15
no ip address
encapsulation ppp
dialer rotary-group 1
isdn switch-type primary-net5
isdn incoming-voice modem
no peer default ip address
no cdp enable
ppp authentication chap
!
!
interface Serial3:15
no ip address
encapsulation ppp
dialer rotary-group 1
isdn switch-type primary-net5
isdn incoming-voice modem
no peer default ip address
no cdp enable
ppp authentication chap
!
interface FastEthernet0
no ip address
shutdown
duplex auto
speed auto
no cdp enable
!
interface Group-Async0
ip unnumbered Loopback0
encapsulation ppp
no ip route-cache
no ip mroute-cache
async mode interactive
peer default ip address dhcp
ppp authentication chap
group-range 1 60
!
interface Dialer1
ip unnumbered Loopback0
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer-group 1
peer default ip address dhcp
no cdp enable
ppp authentication chap
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.200.20.1
no ip http server
!
!
!
line con 0
exec-timeout 0 0
line 1 120
no exec
modem InOut
autoselect ppp
line aux 0
line vty 0 4
exec-timeout 0 0
password ww
transport input telnet
!
ntp clock-period 17179736
ntp server 10.200.20.134
end

Verify

This section provides information you can use to confirm your configuration is working properly.

Certain show commands are supported by the Output Interpreter Tool (registered customers only) , which allows you to view an analysis of show command output.

• show caller ip—displays a summary of caller information for the IP address you provide.

• show ip dhcp server statistics—displays DHCP server statistics.

• show ip dhcp binding—displays address bindings on the DHCP server.

• show user—shows whether the console port is active, and lists all active Telnet sessions with the IP address or IP alias of the originating host.

• ping—checks whether a device is operating, and if network connections are intact.

The output of these commands is shown below:

caramel#
Aug 23 11:05:25.553: %LINK-3-UPDOWN: Interface Serial0:12, changed state to up
Aug 23 11:05:25.553: Se0:12 PPP: Treating connection as a callin
Aug 23 11:05:25.553: Se0:12 PPP: Phase is ESTABLISHING, Passive Open
Aug 23 11:05:25.553: Se0:12 LCP: State is Listen
Aug 23 11:05:25.681: Se0:12 LCP: I CONFREQ [Listen] id 1 len 17
Aug 23 11:05:25.681: Se0:12 LCP:    MagicNumber 0x003EDA4F (0x0506003EDA4F)
Aug 23 11:05:25.681: Se0:12 LCP:    PFC (0x0702)
Aug 23 11:05:25.681: Se0:12 LCP:    ACFC (0x0802)
Aug 23 11:05:25.681: Se0:12 LCP:    Callback 6  (0x0D0306)
Aug 23 11:05:25.681: Se0:12 LCP: O CONFREQ [Listen] id 1 len 15
Aug 23 11:05:25.681: Se0:12 LCP:    AuthProto CHAP (0x0305C22305)
Aug 23 11:05:25.681: Se0:12 LCP:    MagicNumber 0x14AAE40E (0x050614AAE40E)
Aug 23 11:05:25.681: Se0:12 LCP: O CONFREJ [Listen] id 1 len 7
Aug 23 11:05:25.681: Se0:12 LCP:    Callback 6  (0x0D0306)
Aug 23 11:05:25.705: Se0:12 LCP: I CONFACK [REQsent] id 1 len 15
Aug 23 11:05:25.705: Se0:12 LCP:    AuthProto CHAP (0x0305C22305)
Aug 23 11:05:25.705: Se0:12 LCP:    MagicNumber 0x14AAE40E (0x050614AAE40E)
Aug 23 11:05:25.709: Se0:12 LCP: I CONFREQ [ACKrcvd] id 2 len 14
Aug 23 11:05:25.709: Se0:12 LCP:    MagicNumber 0x003EDA4F (0x0506003EDA4F)
Aug 23 11:05:25.709: Se0:12 LCP:    PFC (0x0702)
Aug 23 11:05:25.709: Se0:12 LCP:    ACFC (0x0802)
Aug 23 11:05:25.709: Se0:12 LCP: O CONFACK [ACKrcvd] id 2 len 14
Aug 23 11:05:25.709: Se0:12 LCP:    MagicNumber 0x003EDA4F (0x0506003EDA4F)
Aug 23 11:05:25.709: Se0:12 LCP:    PFC (0x0702)
Aug 23 11:05:25.709: Se0:12 LCP:    ACFC (0x0802)
Aug 23 11:05:25.709: Se0:12 LCP: State is Open
Aug 23 11:05:25.709: Se0:12 PPP: Phase is AUTHENTICATING, by this end
Aug 23 11:05:25.709: Se0:12 CHAP: O CHALLENGE id 1 len 28 from "caramel"
Aug 23 11:05:25.733: Se0:12 CHAP: I RESPONSE id 1 len 25 from "test"
Aug 23 11:05:25.733: Se0:12 PPP: Phase is FORWARDING
Aug 23 11:05:25.733: Se0:12 PPP: Phase is AUTHENTICATING
Aug 23 11:05:25.737: Se0:12 CHAP: O SUCCESS id 1 len 4
Aug 23 11:05:25.737: Se0:12 PPP: Phase is UP
Aug 23 11:05:25.737: Se0:12 IPCP: O CONFREQ [Not negotiated] id 1 len 10
Aug 23 11:05:25.737: Se0:12 IPCP:    Address 10.10.10.1 (0x03060A0A0A01)
Aug 23 11:05:25.753: Se0:12 IPCP: I CONFREQ [REQsent] id 1 len 34
Aug 23 11:05:25.753: Se0:12 IPCP:    Address 0.0.0.0 (0x030600000000)
Aug 23 11:05:25.753: Se0:12 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
Aug 23 11:05:25.753: Se0:12 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
Aug 23 11:05:25.753: Se0:12 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
Aug 23 11:05:25.757: Se0:12 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
Aug 23 11:05:25.757: Se0:12 AAA/AUTHOR/IPCP: Start.  
Her address 0.0.0.0, we want 0.0.0.0
Aug 23 11:05:25.757: Se0:12 AAA/AUTHOR/IPCP: Done.  
Her address 0.0.0.0, we want 0.0.0.0
Aug 23 11:05:25.757: Se0:12: Pools to search :
Aug 23 11:05:25.757: DHCPD: DHCPDISCOVER received from client 0074.6573.74 
through relay 10.10.10.1.
Aug 23 11:05:26.737: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0:12, 
changed state to up
Aug 23 11:05:27.756: DHCPD: assigned IP address 10.10.10.9 to client 0074.6573.74.
Aug 23 11:05:27.756: DHCPD: Sending DHCPOFFER to client 0074.6573.74 (10.10.10.9).
Aug 23 11:05:27.756: DHCPD: child  pool: 10.10.10.0 / 255.255.255.0 (0)
Aug 23 11:05:27.756: DHCPD: pool 0 has no parent.
Aug 23 11:05:27.756: DHCPD: child  pool: 10.10.10.0 / 255.255.255.0 (0)
Aug 23 11:05:27.756: DHCPD: pool 0 has no parent.
Aug 23 11:05:27.756: DHCPD: unicasting BOOTREPLY for client 0010.7be6.4498 
to relay 10.10.10.1.
Aug 23 11:05:27.756: DHCPD: DHCPREQUEST received from client 0074.6573.74.
Aug 23 11:05:27.756: DHCPD: Sending DHCPACK to client 0074.6573.74 (10.10.10.9).
Aug 23 11:05:27.756: DHCPD: child  pool: 10.10.10.0 / 255.255.255.0 (0)
Aug 23 11:05:27.756: DHCPD: pool 0 has no parent.
Aug 23 11:05:27.756: DHCPD: child  pool: 10.10.10.0 / 255.255.255.0 (0)
Aug 23 11:05:27.756: DHCPD: pool 0 has no parent.
Aug 23 11:05:27.760: DHCPD: unicasting BOOTREPLY for client 0010.7be6.4498 
to relay 10.10.10.1.
Aug 23 11:05:27.804: Se0:12: Default pool returned address = 10.10.10.9
Aug 23 11:05:27.804: Se0:12 IPCP: Pool returned 10.10.10.9
Aug 23 11:05:27.804: Se0:12 IPCP: O CONFREJ [REQsent] id 1 len 10
Aug 23 11:05:27.804: Se0:12 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
Aug 23 11:05:27.804: Se0:12 IPCP: I CONFACK [REQsent] id 1 len 10
Aug 23 11:05:27.804: Se0:12 IPCP:    Address 10.10.10.1 (0x03060A0A0A01)
Aug 23 11:05:27.804: Se0:12 IPCP: TIMEout: State ACKrcvd
Aug 23 11:05:27.804: Se0:12 IPCP: O CONFREQ [ACKrcvd] id 2 len 10
Aug 23 11:05:27.804: Se0:12 IPCP:    Address 10.10.10.1 (0x03060A0A0A01)
Aug 23 11:05:27.820: Se0:12 IPCP: I CONFREQ [REQsent] id 2 len 28
Aug 23 11:05:27.820: Se0:12 IPCP:    Address 0.0.0.0 (0x030600000000)
Aug 23 11:05:27.820: Se0:12 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
Aug 23 11:05:27.820: Se0:12 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
Aug 23 11:05:27.820: Se0:12 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
Aug 23 11:05:27.820: Se0:12 AAA/AUTHOR/IPCP: Start.  
Her address 0.0.0.0, we want 10.10.10.9
Aug 23 11:05:27.820: Se0:12 AAA/AUTHOR/IPCP: Done.  
Her address 0.0.0.0, we want 10.10.10.9
Aug 23 11:05:27.824: Se0:12 IPCP: O CONFNAK [REQsent] id 2 len 28
Aug 23 11:05:27.824: Se0:12 IPCP:    Address 10.10.10.9 (0x03060A0A0A09)
Aug 23 11:05:27.824: Se0:12 IPCP:    PrimaryDNS 10.10.10.254 (0x81060A0A0AFE)
Aug 23 11:05:27.824: Se0:12 IPCP:    PrimaryWINS 10.10.10.253(0x82060A0A0AFD)
Aug 23 11:05:27.824: Se0:12 IPCP:    SecondaryWINS 10.10.10.252(0x84060A0A0AFC)
Aug 23 11:05:27.824: Se0:12 IPCP: I CONFACK [REQsent] id 2 len 10
Aug 23 11:05:27.824: Se0:12 IPCP:    Address 10.10.10.1 (0x03060A0A0A01)
Aug 23 11:05:27.844: Se0:12 IPCP: I CONFREQ [ACKrcvd] id 3 len 28
Aug 23 11:05:27.844: Se0:12 IPCP:    Address 10.10.10.9 (0x03060A0A0A09)
Aug 23 11:05:27.844: Se0:12 IPCP:    PrimaryDNS 10.10.10.254(0x81060A0A0AFE)
Aug 23 11:05:27.844: Se0:12 IPCP:    PrimaryWINS 10.10.10.253(0x82060A0A0AFD)
Aug 23 11:05:27.844: Se0:12 IPCP:    SecondaryWINS 10.10.10.252(0x84060A0A0AFC)
Aug 23 11:05:27.844: Se0:12 AAA/AUTHOR/IPCP: Start.  
Her address 10.10.10.9, we want 10.10.10.9
Aug 23 11:05:27.848: Se0:12 AAA/AUTHOR/IPCP: Reject 10.10.10.9, using 10.10.10.9
Aug 23 11:05:27.848: Se0:12 AAA/AUTHOR/IPCP: Done.  
Her address 10.10.10.9, we want 10.10.10.9
Aug 23 11:05:27.848: Se0:12 IPCP: O CONFACK [ACKrcvd] id 3 len 28
Aug 23 11:05:27.848: Se0:12 IPCP:    Address 10.10.10.9(0x03060A0A0A09)
Aug 23 11:05:27.848: Se0:12 IPCP:    PrimaryDNS 10.10.10.254(0x81060A0A0AFE)
Aug 23 11:05:27.848: Se0:12 IPCP:    PrimaryWINS 10.10.10.253(0x82060A0A0AFD)
Aug 23 11:05:27.848: Se0:12 IPCP:    SecondaryWINS 10.10.10.252(0x84060A0A0AFC)
Aug 23 11:05:27.848: Se0:12 IPCP: State is Open
Aug 23 11:05:27.848: Di1 IPCP: Install route to 10.10.10.9
Aug 23 11:05:31.552: %ISDN-6-CONNECT: Interface Serial0:12 is now connected 
to 6133 test
Aug 23 11:05:38.688: DHCPD: DHCPINFORM received from 
client 00e0.1e57.6af0(10.200.20.12)

caramel#show ip dhcp binding
IP address       Hardware address        Lease expiration        Type
10.10.10.9       0074.6573.74            Aug 24 2001 02:05 PM    Automatic
caramel#

caramel#show ip dhcp server statistics
Memory usage         13975
Address pools        1
Database agents      0
Automatic bindings   1
Manual bindings      0
Expired bindings     0
Malformed messages   2
Message              Received
BOOTREQUEST          9
DHCPDISCOVER         9
DHCPREQUEST          8
DHCPDECLINE          0
DHCPRELEASE          18
DHCPINFORM           5
Message              Sent
BOOTREPLY            0
DHCPOFFER            8
DHCPACK              8
DHCPNAK              0

caramel#show caller ip
Line           User       IP Address      Local Number    Remote Number
<->
Se0:12         test       10.10.10.9      211             6133
in
caramel#show user
   Line         User       Host(s)                 Idle       Location
*  0 con 0                  idle                 00:00:00
 Interface      User        Mode                   Idle     Peer Address
  Se0:12        test       Sync PPP              00:00:27   PPP: 10.10.10.9

caramel#ping 10.10.10.9
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/56/60 ms
caramel#

 !--- User disconnects now.


caramel#
Aug 23 11:06:11.332: DHCPD: checking for expired leases.
Aug 23 11:07:25.552: %ISDN-6-DISCONNECT: Interface Serial0:12  disconnected
from 6133 test, call lasted 120 seconds
Aug 23 11:07:25.588: %LINK-3-UPDOWN: Interface Serial0:12, changed state to down
Aug 23 11:07:25.592: Se0:12 IPCP: State is Closed
Aug 23 11:07:25.592: Se0:12 set_ip_peer(0): new address
Aug 23 11:07:25.592: ip_free_pool: Se0:12: address = 10.10.10.9 (1)0.0.0.0
Aug 23 11:07:25.592: Se0:12 PPP: Phase is TERMINATING
Aug 23 11:07:25.592: Se0:12 LCP: State is Closed
Aug 23 11:07:25.592: Se0:12 PPP: Phase is DOWN
Aug 23 11:07:25.592: Di1 IPCP: Remove route to 10.10.10.9
Aug 23 11:07:26.588: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0:12, 
changed state to down
Aug 23 11:07:30.592: DHCPD: DHCPRELEASE message received from client 
0074.6573.74 (10.10.10.9).
Aug 23 11:07:30.592: DHCPD: returned 10.10.10.9 to address pool 0.
Aug 23 11:07:31.592: DHCPD: DHCPRELEASE message received from client 
0074.6573.74 (10.10.10.9).
Aug 23 11:07:32.592: DHCPD: DHCPRELEASE message received from client 
0074.6573.74 (10.10.10.9).
Aug 23 11:08:11.332: DHCPD: checking for expired leases.

If you have correctly implemented the IOS DHCP server funtionality, you can look at the IP configuration, Windows IP Configuration program (winipcfg) or appropriate commands on the dialin clients to check the received DHCP parameters. We can get the following parameters from the DHCP server by using winipcfg on the Windows 98 PC we are using for the test:

ip address       10.10.10.9
mask             255.0.0.0 
default gateway  10.10.10.10 
dhcp server      - 
primary wins     10.10.010.253 
secondary wins   10.10.10.252 
lease obtained   - 
lease expires    -

Troubleshoot

This section provides information you can use to troubleshoot your configuration.

Troubleshooting Commands

Note: Before issuing debug commands, refer to Important Information on Debug Commands.

• debug ppp negotiation—causes the debug ppp command to display PPP packets transmitted during PPP startup, where PPP options are negotiated.

• debug ip peer—contains additional output when pool groups are defined.

• debug ip dhcp server linkage—displays database linkage information.

• debug ip dhcp server events—reports server events, like address assignments and database updates.

• debug ip dhcp server packets—decodes DHCP receptions and transmissions.

Related Information

• Cisco IOS DHCP Server
• Autoconfiguring Cisco IOS DHCP Server Options
• Configuring DHCP
• Configuring Media-Independent PPP and Multilink PPP
• Technical Support & Documentation - Cisco Systems