Implementing the Dynamic Host Configuration Protocol

This module describes the concepts and tasks you will use to configure Dynamic Host Configuration Protocol (DHCP).

Feature History for Implementing the Dynamic Host Configuration Protocol

Release

Modification

Release 2.0

This feature was introduced.

Release 3.4.0

The DHCP IPv6 Information Pool configuration procedure was added and DCHP relay information description was updated.

Release 3.7.0

The DHCP CLI was modified.

Prerequisites for Configuring DHCP Relay Agent

The following prerequisites are required to configure a DHCP relay agent:

  • You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

  • A configured and running DHCP client and DHCP server

  • Connectivity between the relay agent and DHCP server

Information About DHCP Relay Agent

A DHCP relay agent is a host that forwards DHCP packets between clients and servers that do not reside on a shared physical subnet. Relay agent forwarding is distinct from the normal forwarding of an IP router where IP datagrams are switched between networks transparently.

DHCP clients use User Datagram Protocol (UDP) broadcasts to send DHCPDISCOVER messages when they lack information about the network to which they belong.

If a client is on a network segment that does not include a server, a relay agent is needed on that network segment to ensure that DHCP packets reach the servers on another network segment. UDP broadcast packets are not forwarded, because most routers are not configured to forward broadcast traffic. You can configure a DHCP relay profile and configure one or more helper addresses in it. You can assign the profile to an interface or a VRF.

Forwarding UDP Broadcasts to a DHCP Server Using a Helper Address demonstrates the process. The DHCP client broadcasts a request for an IP address and additional configuration parameters on its local LAN. Acting as a DHCP relay agent, Router B picks up the broadcast, changes the destination address to the DHCP server's address and sends the message out on another interface. The relay agent inserts the IP address of the interface, on which the relay profile into the gateway address (giaddr) field of the DHCP packet, which enables the DHCP server to determine which subnet should receive the offer and identify the appropriate IP address range. The relay agent unicasts the messages to the server address, in this case 172.16.1.2 (which is specified by the helper address in the relay profile).

Figure 1. Forwarding UDP Broadcasts to a DHCP Server Using a Helper Address

Secure ARP

In standalone DHCP sessions, the DHCP server adds an ARP entry when it assigns an IP address to a client. However, in IP subscriber sessions, DHCP server does not add an ARP entry. Although ARP establishes correspondences between network addresses, an untrusted device can spoof IP an address not assigned to it posing a security threat for IP subscriber sessions. You can enable the secure ARP feature and allow DHCP to add an ARP cache entry when DHCP assigns an IP address to a client. Secure ARP is disabled by default.

How to Configure and Enable DHCP Relay Agent

This section contains the following tasks:

Configuring and Enabling DHCP Relay Agent with DHCP MAC Address Verification

This section discusses how to configure and enable DHCP Relay Agent with DHCP MAC address verification.

Configuration Example 

Router# configure

Router(config)# dhcp ipv4
/* Configures DHCP for IPv4 and enters the DHCPv4 configuration submode. */

Router(config-dhcpv4)# profile client relay
/* Enables DHCP relay profile */

Router(config-dhcpv4)# client-mac-mismatch action drop
/* Enables MAC address verification. If MAC address in the DHCPv4 protocol header does not match the L2 header source MAC address in the DHCPv4 relay profile,
 the frame is dropped  */

Router(config-dhcpv4-relay-profile)# relay information option
/* Inserts the DHCP relay agent information option (option-82 field) in forwarded 
BOOTREQUEST messages to a DHCP server. */

Router(config-dhcpv4-relay-profile)# relay information check
/* (Optional) Configures DHCP to check the validity of the relay agent information 
option in forwarded BOOTREPLY messages. */

Router(config-dhcpv4-relay-profile)# relay information policy drop
/* (Optional) Configures the reforwarding policy for a DHCP relay agent; 
that is, whether the relay agent will drop or keep (using the 'keep' keyword)
 the relay information. */

Router(config-dhcpv4-relay-profile)# relay information option allow-untrusted
/* (Optional) Configures the DHCP IPv4 Relay not to discard BOOTREQUEST packets that have an existing 
relay information option and the giaddr set to zero. */

Router(config-dhcpv4-relay-profile)# giaddr policy drop
/* Drops the packet that has an existing nonzero giaddr value. Use the 'replace' keyword
 to replace the existing giaddr value with a value that it generates (the default behavior).  */

Router(config-dhcpv4-relay-profile)# helper-address vrf vrf1 10.1.1.1
/* Forwards UDP broadcasts, including DHCP. */

Router(config-dhcpv4-relay-profile)# commit

Router(config-dhcpv4-relay-profile)# exit
Router(config-dhcpv4)# vrf vrf1 relay profile client
Router(config-dhcpv4)# commit
/* Configures DHCP Relay on a VRF and commits the entire configuration. */

Running Configuration

Confirm your configuration.

Router# show run
Thu May 11 09:00:57.839 IST
Building configuration...
!! IOS XR Configuration 0.0.0
!! Last configuration change at Thu May 11 09:00:54 2017 by annseque
!
dhcp ipv4
vrf vrf1 relay profile client
profile client relay
client-mac-match action drop
helper-address vrf vrf1 10.1.1.1
giaddr policy drop
relay information check
relay information option
relay information policy drop
relay information option allow-untrusted
!
!

DHCP MAC Address Verification

Use the following show command to check if DHCP MAC address is being verified on the router.

Router# show dhcp ipv4 relay statistics raw all
packet_drop_mac_mismatch                      :         0

The output validates that the DHCP MAC address of the packets is verified.

Configuring the DHCPv6 (Stateless) Relay Agent

Perform this task to specify a destination address to which client messages are forwarded and to enable Dynamic Host Configuration Protocol (DHCP) for IPv6 relay service on the interface.

Configuration Example

To configure the DHCPv6 (stateless) relay agent, you must complete the following configurations:

  1. Enable the DHCP IPv6 configuration mode.

  2. Configure the DHCPv6 relay profile.

  3. Configure helper addresses.

  4. Specify the interface for the relay profile.

Configuration


/* Enter the global configuration mode, and then enter the DHCP IPv6 configuration mode */
Router# configure terminal
Router(config)# dhcp ipv6
Router(config-dhcpv6)# profile test relay
Router(config-dhcpv6-relay-profile)# helper-address vrf default 2001:1::1
Router(config-dhcpv6-relay-profile)# !
Router(config-dhcpv6-relay-profile)# interface TenGigE0/0/0/0 relay profile test
Router(config-dhcpv6)# !

Enabling DHCP Relay Agent on an Interface

This task describes how to enable the Cisco IOS XR DHCP relay agent on an interface.


Note

On Cisco IOS XR software, the DHCP relay agent is disabled by default.

SUMMARY STEPS

  1. configure
  2. dhcp ipv4
  3. interface type name relay profile profile-name
  4. commit

DETAILED STEPS

  Command or Action Purpose
Step 1

configure

Step 2

dhcp ipv4

Example:


RP/0/RP0/CPU0:router(config-if)# dhcp ipv4

Enters DHCP IPv4 configuration submode.

Step 3

interface type name relay profile profile-name

Example:


RP/0/RP0/CPU0:router(config-dhcpv4)# interface 
FastEthernet0/0 relay profile client

Attaches a relay profile to an interface.

Step 4

commit

Disabling DHCP Relay on an Interface

This task describes how to disable the DHCP relay on an interface by assigning the none profile to the interface.

SUMMARY STEPS

  1. configure
  2. dhcp ipv4
  3. interface type name none
  4. commit

DETAILED STEPS

  Command or Action Purpose
Step 1

configure

Step 2

dhcp ipv4

Example:


RP/0/RP0/CPU0:router(config)# dhcp ipv4

Enters DHCP IPv4 configuration submode.

Step 3

interface type name none

Example:


RP/0/RP0/CPU0:router(config-dhcpv4-relay-profile)# interface 
pos 0/1/4/1 none

Disables the DHCP relay on the interface.

Step 4

commit

Enabling DHCP Relay on a VRF

This task describes how to enable DHCP relay on a VRF.

SUMMARY STEPS

  1. configure
  2. dhcp ipv4
  3. vrf vrf-name relay profile profile-name
  4. commit

DETAILED STEPS

  Command or Action Purpose
Step 1

configure

Step 2

dhcp ipv4

Example:


RP/0/RP0/CPU0:router(config)# dhcp ipv4

Enters DHCP IPv4 configuration submode.
Step 3

vrf vrf-name relay profile profile-name

Example:


RP/0/RP0/CPU0:router(config-dhcpv4)
#vrf default relay profile client

Enables DHCP relay on a VRF.
Step 4

commit

Configuring the Relay Agent Information Feature

This task describes how to configure the DHCP relay agent information option processing capabilities.

A DHCP relay agent may receive a message from another DHCP relay agent that already contains relay information. By default, the relay information from the previous relay agent is replaced (using the replace option).

SUMMARY STEPS

  1. configure
  2. dhcp ipv4
  3. profile profile-name relay
  4. relay information option
  5. relay information check
  6. relay information policy {drop | keep}
  7. relay information option allow-untrusted
  8. commit

DETAILED STEPS

  Command or Action Purpose
Step 1

configure

Step 2

dhcp ipv4

Example:


RP/0/RP0/CPU0:router(config)# dhcp ipv4

Enters DHCP IPv4 configuration mode.

Step 3

profile profile-name relay

Example:


RP/0/RP0/CPU0:router(config-dhcpv4)# profile client relay

Enters DHCP IPv4 profile relay mode.

Step 4

relay information option

Example:


RP/0/RP0/CPU0:router(config-dhcpv4-relay-profile)# relay information option

Enables the system to insert the DHCP relay agent information option (option-82 field) in forwarded BOOTREQUEST messages to a DHCP server.

  • This option is injected by the relay agent while forwarding client-originated DHCP packets to the server. Servers recognizing this option can use the information to implement IP address or other parameter assignment policies. When replying, the DHCP server echoes the option back to the relay agent. The relay agent removes the option before forwarding the reply to the client.

  • The relay agent information is organized as a single DHCP option that contains one or more suboptions. These options contain the information known by the relay agent.

    The supported suboptions are:

    • Remote ID

    • Circuit ID

Note 

This function is disabled by default.
Step 5

relay information check

Example:


RP/0/RP0/CPU0:router(config-dhcpv4-relay-profile)# relay information check

(Optional) Configures DHCP to check that the relay agent information option in forwarded BOOTREPLY messages is valid.

  • By default, DHCP checks that the option-82 field in DHCP reply packets, received from the DHCP server, is valid. If an invalid message is received, the relay agent drops the message. If a valid message is received, the relay agent removes the option-82 field and forwards the packet.

Note 

Use the relay information check command to reenable this functionality if the functionality has been disabled.

Step 6

relay information policy {drop | keep}

Example:


RP/0/RP0/CPU0:router(config)# dhcp relay information policy drop

(Optional) Configures the reforwarding policy for a DHCP relay agent; that is, whether the relay agent will drop or keep the relay information.

Step 7

relay information option allow-untrusted

Example:


RP/0/RP0/CPU0:router(config-dhcpv4-relay-profile)# relay information check

(Optional) Configures the DHCP IPv4 Relay not to discard BOOTPREQUEST packets that have an existing relay information option and the giaddr set to zero.

Step 8

commit

Configuring Relay Agent Giaddr Policy

This task describes how to configure BOOTPREQUEST packets for Dynamic Host Configuration Protocol (DHCP) IPv4 Relay processes, that already contain a nonzero giaddr attribute.

SUMMARY STEPS

  1. configure
  2. dhcp ipv4
  3. profile profile-name relay
  4. giaddr policy {replace | drop}
  5. commit

DETAILED STEPS

  Command or Action Purpose
Step 1

configure

Step 2

dhcp ipv4

Example:


RP/0/RP0/CPU0:router(config)# dhcp ipv4

Enables the DHCP IPv4 configuration submode.

Step 3

profile profile-name relay

Example:


RP/0/RP0/CPU0:router(config-dhcpv4)# profile client relay

Enables profile relay submode.

Step 4

giaddr policy {replace | drop}

Example:


RP/0/RP0/CPU0:router(config-dhcpv4-relay-profile)# giaddr policy drop

Specifies the giaddr policy.

  • replaceReplaces the existing giaddr value with a value that it generates.

  • dropDrops the packet that has an existing nonzero giaddr value.

Step 5

commit

DHCPv4 Client

The Dynamic Host Configuration Protocol (DHCP) client functionality enables the router interfaces to dynamically acquire the IPv4 address using DHCP.

The DHCP provides configuration parameters to Internet hosts. DHCP consists of two components:
  • a protocol to deliver host-specific configuration parameters from a DHCP server to a host.
  • a mechanism to allocate network addresses to hosts.

DHCP is built on a client-server model, where designated DHCP server hosts allocate network addresses, and deliver configuration parameters to dynamically configured hosts.

A relay agent is required if the client and server are not on the same Layer 2 network. The relay agent usually runs on the router, and is required because the client device does not know its own IP address initially. The agent sends out a Layer 2 broadcast to find a server that has this information. The router relays these broadcasts to the DHCP server, and forwards the responses back to the correct Layer 2 address so that the correct device gets the correct configuration information.

DHCP has the ability to allocate IP addresses only for a configurable period of time, called the lease period. If the client is required to retain this IP address for a longer period beyond the lease period, the lease period must be renewed before the IP address expires. The client renews the lease based on configuration that was sent from the server. The client unicasts a REQUEST message using the IP address of the server. When a server receives the REQUEST message and responds with an ACK message. The lease period of the client is extended by the lease time configured in the ACK message.

Restrictions and Limitations

  • DHCP client can be enabled only on management interfaces.
  • Either DHCP or static IP can be configured on an interface.

Enabling DHCP Client on an Interface

The DHCPv4 or DHCPv6 client can be enabled at an interface level. The DHCP component receives a notification when DHCPv4 or DHCPv6 is enabled or disabled on an interface. 

Router# configure
Router(config)# interface MgmtEth rack/slot/CPU0/port
Router(config)# interface interface_name ipv6 address dhcp

Information About Configuring DHCP IPv6 Information Pools

A DHCP IPv6 configuration information pool is a named entity that includes information about available configuration parameters and policies that control assignment of the parameters to clients from the pool. A pool is configured independently of the DHCP service and is associated with the DHCP service through the command line interface.

Each configuration pool can contain the following configuration parameters and operational information:

  • Prefix delegation information, which could include a list of available prefixes for a particular client and associated preferred and valid lifetimes

  • Domain name service (DNS) servers—List of IPv6 addresses of DNS servers

  • Domain search list—String containing domain names for DNS resolution

  • SIP server address—List of IPv6 addresses of SIP server

  • SIP server domain list—String containing domain names for SIP server

How to Configure DHCP IPv6 Information Pools

This section contains the following task:

Configuring Cisco IOS XR DHCP IPv6 Information Pool Option

This task describes how to enable support for the DHCP IPv6 information pool option with the name pool1.

SUMMARY STEPS

  1. configure
  2. dhcp ipv6
  3. pool pool-name
  4. commit
  5. show dhcp ipv6 pool [ pool-name ]

DETAILED STEPS

  Command or Action Purpose
Step 1

configure

Step 2

dhcp ipv6

Example:


RP/0/RP0/CPU0:router (config)# dhcp ipv6

Enables the DHCP IPv6 configuration mode.

Step 3

pool pool-name

Example:


RP/0/RP0/CPU0:router (config-dhcp ipv6)# pool pool1

Creates a DHCP pool specified by the pool-name argument for the prefix delegation and the other configurations on the interface.

Step 4

commit

Step 5

show dhcp ipv6 pool [ pool-name ]

Example:


RP/0/RP0/CPU0:router# show dhcp ipv6 pool pool1

(Optional) Displays the DHCP IPv6 pool name.

Enabling Secure ARP

Secure ARP is disabled by default; this task describes how to enable secure ARP.

SUMMARY STEPS

  1. configure
  2. dhcp ipv4
  3. Do one of the following:
    • profile profile-name proxy
    • profile profile-name server
  4. secure-arp
  5. commit

DETAILED STEPS

  Command or Action Purpose
Step 1

configure

Step 2

dhcp ipv4

Example:


RP/0/RP0/CPU0:router(config)# dhcp ipv4

Enters DHCP IPv4 configuration mode.

Step 3

Do one of the following:

  • profile profile-name proxy
  • profile profile-name server

Example:


RP/0/RP0/CPU0:router(config-dhcpv4)# profile profile1 server

Enters DHCP IPv4 profile proxy or server submode.

Step 4

secure-arp

Example:


RP/0/RP0/CPU0:router(config-dhcpv4-server-profile)# secure-arp

Enables secure ARP.

Step 5

commit

Configuration Examples for the DHCP Relay Agent

This section provides the following configuration examples:

DHCP Relay Profile: Example

The following example shows how to configure the Cisco IOS XR relay profile: 


dhcp ipv4 
 profile client relay
  helper-address vrf foo 10.10.1.1
 !        
! ...

DHCP Relay on an Interface: Example

The following example shows how to enable the DHCP relay agent on an interface: 


dhcp ipv4
 interface GigabitEthernet 0/1/1/0 relay profile client
!

DHCP Relay on a VRF: Example

The following example shows how to enable the DHCP relay agent on a VRF:


dhcp ipv4
 vrf default relay profile client
!

Relay Agent Information Option Support: Example

The following example shows how to enable the relay agent and the insertion and removal of the DHCP relay information option: 


dhcp ipv4
 profile client relay
relay information 
check
 !
!

Relay Agent Giaddr Policy: Example

The following example shows how to configure relay agent giaddr policy:


dhcp ipv4
 profile client relay
  giaddr policy drop
 !
!

Cisco IOS XR Broadcast Flag Policy: Example

This task describes how to configure DHCP IPv4 Relay to broadcast BOOTPREPLY packets only if the DHCP IPv4 broadcast flag is set in the DHCP IPv4 header.


Note

By default, the DHCP IPv4 Relay always broadcasts BOOTPREPLY packets.

SUMMARY STEPS

  1. configure
  2. dhcp ipv4
  3. profile profile name relay
  4. broadcast-flag policy check
  5. commit

DETAILED STEPS

  Command or Action Purpose
Step 1

configure

Step 2

dhcp ipv4

Example:


RP/0/RP0/CPU0:router(config)# dhcp ipv4

Configures DHCP IPv4 mode.
Step 3

profile profile name relay

Example:


RP/0/RP0/CPU0:router(config-dhcpv4)# profile client relay

Enables profile relay mode.
Step 4

broadcast-flag policy check

Example:


RP/0/RP0/CPU0:router(config-dhcpv4-relay-profile)# broadcast-flag policy check

Enables checking of the broadcast flag in packets.
Step 5

commit

Additional References

The following sections provide references related to implementing the Cisco IOS XR DHCP relay agent.

Related Documents

Related Topic

Document Title

Cisco IOS XR

DHCP commands

DHCP Commands module in the IP Addresses and Services Command Reference for Cisco CRS Routers

Getting started material

Cisco IOS XR Getting Started Guide for the Cisco CRS Router

Information about user groups and task IDs

Configuring AAA Services module in the System Security Configuration Guide for Cisco CRS Routers

Standards

Standards

Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

MIBs

MIBs

MIBs Link

To locate and download MIBs, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: https://mibs.cloudapps.cisco.com/ITDIT/MIBS/servlet/index

RFCs

RFC

Title

RFC 2131

RFC 3315

Dynamic Host Configuration Protocol

Dynamic Host Configuration Protocol for IPv6 (DHCPv6)

Technical Assistance

Description

Link

The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/techsupport