- DHCP Overview
- Configuring the Cisco IOS DHCP Server
- Configuring the DHCP Server On-Demand Address Pool Manager
- Configuring the Cisco IOS DHCP Relay Agent
- Configuring the Cisco IOS DHCP Client
- Configuring DHCP Services for Accounting and Security
- Configuring DHCP Enhancements for Edge-Session Management
- Finding Feature Information
- Restrictions for Configuring the DHCP Client
- Information About the DHCP Client
- How to Configure the DHCP Client
- Enabling FORCERENEW-Message Handling
- Example Configuring the DHCP Client
- Example Customizing the DHCP Client Configuration
- Example Configuring an ATM Primary Interface (Multipoint) Using aal5snap Encapsulation and Inverse ARP
- Example Configuring an ATM Point-to-Point Subinterface Using aa15snap Encapsulation
- Example Configuring an ATM Point-to-Point Subinterface Using aa15nlpid Encapsulation
- Example Configuring an ATM Point-to-Point Subinterface Using aa15mux PPP Encapsulation
- Example Releasing a DHCP Lease
- Example Renewing a DHCP Lease
Configuring the Cisco IOS DHCP Client
Cisco IOS Dynamic Host Configuration Protocol (DHCP) client software provides the flexibility to include various configuration options for the DHCP client. A DHCP client is defined as an Internet host using DHCP to obtain configuration parameters such as an IP address. This module describes the concepts and tasks needed to configure the Cisco IOS DHCP client. It includes information on the Cisco DHCP FORCERENEW feature, which provides entity authentication and message authentication.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Restrictions for Configuring the DHCP Client
The DHCP client can be configured on Ethernet interfaces and on PPP over ATM (PPPoA) and certain ATM interfaces. The DHCP client works with ATM point-to-point interfaces and will accept any encapsulation type. For ATM multipoint interfaces, the DHCP client is supported using only the aal5snap encapsulation type combined with Inverse Address Resolution Protocol (ARP). Inverse ARP, which builds an ATM map entry, is necessary to send unicast packets to the server (or relay agent) on the other end of the connection. Inverse ARP is supported only for the aal5snap encapsulation type.
For multipoint interfaces, an IP address can be acquired using other encapsulation types because broadcast packets are used. However, unicast packets to the other end will fail because there is no ATM map entry and thus DHCP renewals and releases also fail.
Information About the DHCP Client
DHCP Client Operation
DHCP provides a framework for passing configuration information to hosts on a TCP/IP network. A DHCP client is an Internet host using DHCP to obtain configuration parameters such as an IP address. The figure below shows the basic steps that occur when a DHCP client requests an IP address from a DHCP server. The client, Host A, sends a DHCPDISCOVER broadcast message to locate a DHCP server. A DHCP server offers configuration parameters (such as an IP address, a MAC address, a domain name, and a lease for the IP address) to the client in a DHCPOFFER unicast message.
| Figure 1 | DHCP Request for an IP Address from a DHCP Server |
A DHCP client may receive offers from multiple DHCP servers and can accept any one of the offers; however, the client usually accepts the first offer it receives. Additionally, the offer from the DHCP server is not a guarantee that the IP address will be allocated to the client; however, the server usually reserves the address until the client has had a chance to formally request the address.
The client returns a formal request for the offered IP address to the DHCP server in a DHCPREQUEST broadcast message. The DHCP server confirms that the IP address has been allocated to the client by returning a DHCPACK unicast message to the client.
DHCP Client Overview
The configurable DHCP client functionality allows a DHCP client to use a user-specified client identifier, class identifier, or suggested lease time when requesting an address from a DHCP server.
Configuration parameters and other control information are carried in tagged data items that are stored in the options field of the DHCP message. The DHCP client provides flexibility by allowing the following options to be configured for a DHCP client:
- Option 12--This option specifies the name of the client. The name may or may not be qualified with the local domain.
- Option 33--This option is used to configure a list of static routes in the client.
- Option 51--This option is used in a client request (DHCPDISCOVER or DHCPREQUEST) to allow the client to request a lease time for the IP address.
- Option 55--This option allows the DHCP client to request certain options from the DHCP server. The ip dhcp client request command allows the system administrator to turn off some of the requested options, thus removing them from the request list.
- Option 60--This option allows the user to configure the vendor class identifier string to use in the DHCP interaction.
- Option 61--This option is used by DHCP clients to specify their unique identifier. DHCP servers use this value to index their database of address bindings. This value is expected to be unique for all clients in an administrative domain.
- Option 120--This option is used to specify a 32-bit (binary) IPv4 address to be used by the Session Initiation Protocol (SIP) client to locate a SIP server.
- Option 121--This option is used to configure classless static routes by specifying classless network destinations in these routes: that is, each routing table entry includes a subnet mask.
 Note |
If a request includes both static routes and classless static routes, the client uses only the classless static routes. If the DHCP server returns both a classless static route option and a router option, the DHCP client ignores the router option. |
- Option 125--This option is used by DHCP clients and servers to exchange vendor-specific information.
DHCP Client on WAN Interfaces
The DHCP client on WAN interfaces allows a DHCP client to acquire an IP address over PPPoA and certain ATM interfaces. By using DHCP rather than the IP Control Protocol (IPCP), a DHCP client can acquire other useful information such as Domain Name System (DNS) addresses, the DNS default domain name, and the default route.
The configuration of PPPoA and Classical IP and ARP over ATM already allows for a broadcast capability over the interface (using the broadcast keyword on the ATM interface). Most changes in this feature are directed at removing already existing restrictions on what types of interfaces are allowed to send out DHCP packets (previously, dialer interfaces have not been allowed). This feature also ensures that DHCP RELEASE messages are sent out the interface before a connection is allowed to be broken.
DHCP FORCERENEW
The Cisco DHCP FORCERENEW feature provides entity authentication and message authentication, in accordance with RFC 3118, by which DHCP clients and servers authenticate the identity of other DHCP entities and verify that the content of a DHCP message has not been changed during delivery through the network.
The message authentication mechanism allows servers to determine whether a request for DHCP information comes from a client that is authorized to use the network. It also allows clients to verify that a DHCP server can be trusted to provide valid configuration.
The Cisco DHCP FORCERENEW feature requires authentication. All client-server exchanges must be authenticated: The ip dhcp client authentication modeand key chain commands must be configured.
When the client gets a FORCERENEW message, it does the following:
- Authenticates the message according to the authentication mode specified in the ip dhcp client authentication mode command. The Cisco DHCP FORCERENEW feature supports both token-based and Message Digest 5 (MD5)-based authentication.
- Token-based authentication is useful only for basic protection against inadvertently instantiated DHCP servers. Tokens are transmitted in plain text; they provide weak authentication and do not provide message authentication.
- MD5-based authentication provides better message and entity authentication because it contains a single-use value generated by the source as a message authentication code.
- Changes its state to RENEW.
- Tries to renew its lease according to normal DHCP procedures.
The client discards any multicast FORCERENEW message or message that fails authentication.
How to Configure the DHCP Client
- Configuring the DHCP Client
- Forcing a Release or Renewal of a DHCP Lease for a DHCP Client
- Enabling FORCERENEW-Message Handling
Configuring the DHCP Client
DHCP Client Default Behavior
Cisco routers running Cisco IOS software include DHCP server and relay agent software, which are enabled by default. Your router can act as both the DHCP client and DHCP server. Use the ip address dhcp command to obtain IP address information for the configured interface.
You must configure the ip dhcp client commands before entering the ip address dhcp command on an interface to ensure that the DHCPDISCOVER messages that are generated contain the correct option values. The ip dhcp client commands are checked only when an IP address is acquired from DHCP. If any of the ip dhcp client commands are entered after an IP address has been acquired from DHCP, it will not take effect until the next time the router acquires an IP address from DHCP. This means that the new configuration will take effect only after either the ip address dhcp command or the release dhcp and renew dhcpEXECcommandshave been configured.
DETAILED STEPS
Troubleshooting Tips
To verify the configuration, you can use the debug dhcp detail command to display the DHCP packets that were sent and received. To display the server side of the DHCP interaction, use the debug ip dhcp server packets command.
The following are troubleshooting tips for DHCP clients on WAN interfaces:
- An ATM primary interface is always multipoint.
- An ATM subinterface can be multipoint or point-to-point.
- If you are using a point-to-point interface, the routing table determines when to send a packet to the interface and ATM map entries are not needed. Consequently, Inverse ARP, which builds ATM map entries, is not needed.
- If you are using a multipoint interface, you must use Inverse ARP to discover the IP address of the other side of the connection.
- You can specify Inverse ARP through the protocol ip inarpcommand. You must use the aal5snap encapsulation type when using Inverse ARP because it is the only encapsulation type that supports Inverse ARP.
Forcing a Release or Renewal of a DHCP Lease for a DHCP Client
Perform this task to force a release or renewal of a DHCP lease for a DHCP client.
Forcing a release or renewal of a DHCP lease for a DHCP client provides the ability to perform two independent operations from the command-line interface (CLI) in EXEC mode:
- Immediately release a DHCP lease for a DHCP client.
- Force a DHCP renewal of a lease for a DHCP client.
This functionality provides the following benefits:
- Eliminates the need to go into the configuration mode to reconfigure the router to release or renew a DHCP lease.
- Simplifies the release and renewal of a DHCP lease.
- Reduces the amount of time spent performing DHCP IP release and renewal configuration tasks.
DHCP Release and Renew CLI Operation
Release a DHCP Lease
The release dhcp command starts the process to immediately release a DHCP lease for the specified interface. After the lease is released, the interface address is deconfigured. The release dhcp command does not deconfigure the ip address dhcp command specified in the configuration file for the interface. During a write memory or show running configuration file action, or if the router is rebooted, the ip address dhcp command executes to acquire a DHCP address for the interface.
The original IP address for the interface must be assigned by the DHCP server. If the interface is not assigned an IP address by the DHCP server, the release dhcp command fails and displays the following error message:
Interface does not have a DHCP originated address
Renew a DHCP Lease
The renew dhcp command advances the DHCP lease timer to the next stage, at which point one of the following occurs:
- If the lease is currently in a BOUND state, the lease is advanced to the RENEW state and a DHCP RENEW request is sent.
- If the lease is currently in a RENEW state, the timer is advanced to the REBIND state and a DHCP REBIND request is sent.
If there is no response to the RENEW request, the interface remains in the RENEW state. In this case, the lease timer will advance to the REBIND state and subsequently send a REBIND request.
If a NAK response is sent in response to the RENEW request, the interface is deconfigured.
The original IP address for the interface must be assigned by the DHCP server. If the interface is not assigned an IP address by the DHCP server, the renew dhcp command fails and displays the following error message:
Interface does not have a DHCP originated address
Note |
In Cisco IOS Release 15.0(1)M and later releases Cisco IOS DHCP clients do not accept packets with zero lease time or no lease time option. |
The DHCP client must be assigned an IP address by the DHCP server.
Note |
If the DHCP client is not assigned an IP address by the DHCP server, the DHCP release and renew CLI commands will fail. > |
DETAILED STEPS
Enabling FORCERENEW-Message Handling
Perform this task to specify the type of authentication to be used in DHCP messages on the interface, specify the key chain to be used in authenticating a request, and enable FORCERENEW-message handling on the DHCP client when authentication is enabled.
You must configure the same authentication mode, and the same secret ID and secret value that were configured in the key chain command, on both the client and the server.
DETAILED STEPS
| Command or Action | Purpose | |
|---|---|---|
|
|
Example: Router(config)# interface Ethernet 1 |
Configures an interface type and enters interface-configuration mode. |
|
|
Example: Router(config-if)# ip dhcp client authentication key-chain dhcp1 |
Specifies the key chain to be used in authenticating a request. |
|
|
Example: Router(config-if)# ip dhcp client authentication mode md5 |
Specifies the type of authentication to be used in DHCP messages on the interface. |
|
|
Example: Router(config-if)# exit |
Exits interface configuration mode. |
|
|
Example: Router(config-keychain)# key chain dhcp1 Example: key 1234 Example: key-string secret |
Enters key-chain configuration mode and identifies the authentication strings to be used in the named key chain. |
|
|
Example: Router(config-keychain)# exit |
Exits key-chain configuration mode and enters global configuration mode. |
|
|
Example: Router(config)# ip dhcp-client forcerenew |
Enables DHCP FORCERENEW-message handling on the DHCP client. |
|
|
Example: Router(config)# end |
(Optional) Exits global configuration mode and returns to privileged EXEC mode. |
Configuration Examples for the DHCP Client
- Example Configuring the DHCP Client
- Example Customizing the DHCP Client Configuration
- Example Configuring an ATM Primary Interface (Multipoint) Using aal5snap Encapsulation and Inverse ARP
- Example Configuring an ATM Point-to-Point Subinterface Using aa15snap Encapsulation
- Example Configuring an ATM Point-to-Point Subinterface Using aa15nlpid Encapsulation
- Example Configuring an ATM Point-to-Point Subinterface Using aa15mux PPP Encapsulation
- Example Releasing a DHCP Lease
- Example Renewing a DHCP Lease
Example Configuring the DHCP Client
The figure below shows a simple network diagram of a DHCP client on an Ethernet LAN.
| Figure 2 | Topology Showing a DHCP Client with a Ethernet Interface |
On the DHCP server, the configuration is as follows:
ip dhcp pool 1 network 10.1.1.0 255.255.255.0 lease 1 6
On the DHCP client, the configuration is as follows on interface E2:
interface Ethernet2 ip address dhcp
This configuration allows the DHCP client to acquire an IP address from the DHCP server through an Ethernet interface.
Example Customizing the DHCP Client Configuration
The following example shows how to customize the DHCP client configuration with various options on Ethernet interface 1:
interface Ethernet 1 ip dhcp client client-id ascii my-test1 ip dhcp client class-id my-class-id ip dhcp client lease 0 1 0 ip dhcp client hostname host1 no ip dhcp client request tftp-server-address ip address dhcp
Example Configuring an ATM Primary Interface (Multipoint) Using aal5snap Encapsulation and Inverse ARP
In the following example, the protocol ip 255.255.255.255 broadcast configuration is needed because there must be an ATM map entry to recognize the broadcast flag on the permanent virtual circuit (PVC). You can use any ATM map entry. The protocol ip inarp configuration is needed so that the ATM Inverse ARP can operate on the interface such that the system can be pinged once an address is assigned by DHCP.
interface atm0
ip address dhcp
pvc 1/100
encapsulation aal5snap
broadcast
protocol ip 255.255.255.255 broadcast
protocol ip inarp
Example Configuring an ATM Point-to-Point Subinterface Using aa15snap Encapsulation
The following example shows an ATM point-to-point subinterface configuration using aa15snap encapsulation:
interface atm0.1 point-to-point ip address dhcp pvc 1/100 encapsulation aal5snap broadcast
Example Configuring an ATM Point-to-Point Subinterface Using aa15nlpid Encapsulation
The following example shows an ATM point-to-point subinterface configuration using aa15nlpid encapsulation:
interface atm0.1 point-to-point ip address dhcp pvc 1/100 encapsulation aal5nlpid broadcast
Example Configuring an ATM Point-to-Point Subinterface Using aa15mux PPP Encapsulation
The following example shows an ATM point-to-point subinterface configuration using aa15mux PPP encapsulation:
interface atm0.1 point-to-point pvc 1/100 encapsulation aal5mux ppp virtual-template1 broadcast ! interface virtual-template1 ip address dhcp
Example Releasing a DHCP Lease
In the following example, a DHCP release is performed on an interface that was originally assigned an IP address by the DHCP server:
Router# release dhcp ethernet 3/1
In the following example, an attempt is made to release the DHCP lease on an interface that was not originally assigned an IP address by the DHCP server:
Router# release dhcp ethernet 3/1
Interface does not have a DHCP originated address
In the following example, the release dhcp command is executed without specifying the typeand numberarguments:
Router# release dhcp
Incomplete command.
Example Renewing a DHCP Lease
In the following example, the DHCP lease is renewed on an interface that was originally assigned an IP address by the DHCP server:
Router# renew dhcp ethernet 3/1
In the following example, an attempt is made to renew the DHCP lease on an interface that was not originally assigned an IP address by the DHCP server:
Router# renew dhcp ethernet 3/1
Interface does not have a DHCP originated address
In the following example, the renew dhcp command is executed without specifying the typeand numberarguments:
Router# renew dhcp
Incomplete command.
Additional References
The following sections provide references related to the DHCP client.
Related Documents
| Related Topic |
Document Title |
|---|---|
| DHCP commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples. |
Cisco IOS IP Addressing Services Command Reference |
| DHCP conceptual information |
"DHCP Overview" module |
| DHCP server configuration |
"Configuring the Cisco IOS DHCP Server" module |
| DHCP server on-demand address pools |
"Configuring the DHCP Server On-Demand Address Pool Manager" module |
| DHCP relay agent configuration |
"Configuring the Cisco IOS DHCP Relay Agent" module |
| DHCP advanced features |
"Configuring DHCP Services for Accounting and Security" module |
| DHCP enhancements for edge-session management |
"Configuring DHCP Enhancements for Edge-Session Management" module |
Standards
| Standards |
Title |
|---|---|
| No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. |
-- |
MIBs
| MIBs |
MIBs Link |
|---|---|
| No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature. |
To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL: |
RFCs
| RFCs |
Title |
|---|---|
| RFC 2131 |
Dynamic Host Configuration Protocol |
| RFC 2132 |
DHCP Options and BOOTP Vendor Extensions |
| RFC 3118 |
Authentication for DHCP Messages |
| RFC 3203 |
DHCP reconfigure extension |
| RFC 3361 |
DHCP-for-IPv4 Option for SIP Servers |
| RFC 3442 |
Classless Static Route Option for DHCPv4 |
| RFC 3925 |
Vendor-Identifying Vendor Options for DHCPv4 |
Technical Assistance
| Description |
Link |
|---|---|
| The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
Feature Information for the DHCP Client
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
| Table 1 | Feature Information for the Cisco IOS DHCP Client |
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
Feedback