在接入服务器上使用 Cisco IOS DHCP 服务器

简介

本文档提供在接入服务器上使用Cisco IOS DHCP服务器的配置示例。

先决条件

要求

本文档没有任何特定的要求。

使用的组件

本文档中的信息基于以下软件和硬件版本：

• Cisco 5300路由器上的Cisco IOS®软件版本12.1(9)。

  思科IOS软件版本12.0(1)T中引入了思科IOS DHCP服务器功能。使用Software Advisor检查您当前的IOS版本和平台是否支持IOS DHCP服务器功能。

  注意：您需要Cisco IOS软件版本12.0(2)T或更高版本才能与Cisco 1700系列路由器配合使用。

本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始（默认）配置。如果您使用的是真实网络，请确保您已经了解所有命令的潜在影响。

规则

有关文档规则的详细信息，请参阅 Cisco 技术提示规则。

背景信息

在接入服务器上为拨入客户端提供IP地址有几种不同的机制。用于向客户端分配 IP 地址的部分可能选项包括：

• 从接入服务器上的 IP 池分配地址。

• 使用外部动态主机控制协议 (DHCP) 服务器。

• 使用RADIUS或TACACS。

本文档重点介绍如何将Cisco IOS®服务器功能与接入服务器配合使用，为拨入客户端分配IP地址和其他DHCP变量。这可避免使用外部DHCP服务器，而是使用Cisco IOS本身的内置DHCP服务器功能。您可通过 DHCP 自动将可重复使用的 IP 地址分配给 DHCP 客户端。

Cisco IOS DHCP 服务器功能是一种完整的 DHCP 服务器实施，它从路由器内指定的地址池中将 IP 地址分配给 DHCP 客户端并对其进行管理。如果Cisco IOS DHCP服务器无法满足来自其自己数据库的DHCP请求，它可以将该请求转发给网络管理员定义的一个或多个辅助DHCP服务器。

要了解有关Cisco IOS DHCP功能、限制和支持平台的详细信息，请参阅Cisco IOS DHCP服务器文档。此时，了解哪些参数可以传递到PPP客户端很有用。

注意：我们无法对PPP客户端使用子网掩码。这是由于请求注解(RFC)的限制。 原因是，当PPP与PPP客户端协商时，以下参数通过PPP和IP控制协议(IPCP)协商：

• IP 地址。

• 主域名系统(DNS)地址和辅助域名系统(DNS)地址。

• 主要和辅助NetBIOS名称服务(NBNS)地址。

• TCP/IP报头压缩。

向PPP客户端传递子网掩码的功能不是PPP(RFC 1548)或IPCP(RFC 1332)协议的一部分。 async-bootp 命令(如async-bootp dns-server和async-bootp nbns-server)将信息传递到PPP客户端，因为这些字段是通过PPP协商的。async-bootp subnet-mask不是通过PPP传递的参数。

如RFC 1084中所定义，async-bootp全局配置命令可在为串行线路互联网协议(SLIP)配置路由器时，为扩展引导协议(BOOTP)请求提供支持。 当运行拨号网络的Windows 95或NT PC拨入您的路由器时，它会执行PPP，而不是BOOTP或SLIP。这意味着无法将子网掩码传递到Windows 95或NT PPP拨号客户端或网关。如果Windows拨入客户端从接入服务器动态获取其IP地址，则可以看到子网掩码设置为255.0.0。由于这是点对点连接，因此子网掩码并不重要，因为接入服务器知道拨入客户端是单主机路由(255.255.255)。255子网掩码)。 接入服务器为连接的拨入客户端提供一条主机路由。

有关PPP协商的信息，请检查以下RFC:

• RFC 1332

• RFC 2484

• RFC 1877

您可以从任何公共RFC存储库访问这些RFC。

配置

本部分提供有关如何配置本文档所述功能的信息。

注：要查找有关本文档中使用的命令的其他信息，请使用命令查找工具(仅注册客户)。

网络图

本文档使用以下网络设置：

配置

本文档使用以下配置：

• 焦糖

caramel#show running-config
Building configuration...
Current configuration : 3030 bytes
!
! Last configuration change at 14:02:23 CEST Thu Aug 23 2001
! NVRAM config last updated at 12:25:26 CEST Thu Aug 23 2001
!
version 12.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname caramel
!
boot system flash:
aaa new-model
AAA authentication login default local
AAA authentication ppp default local
AAA authorization network default local
enable password ww
!
username ww password 0 ww
username vpdn password 0 vpdn
username async password 0 async
username test password 0 test
spe 2/0 2/9
firmware location flash:mica-modem-pw.2.7.3.0.bin
!
!
resource-pool disable
!
!
!
!
!
clock timezone CET 2
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
modem country mica belgium
ip subnet-zero
ip host rund 172.17.247.195
ip domain-name nba.cisco.com
ip name-server 10.200.20.134
no ip dhcp conflict logging
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.253
ip dhcp excluded-address 10.10.10.254
ip dhcp excluded-address 10.10.10.252
!
ip dhcp pool 0
network 10.10.10.0 255.255.255.0
dns-server 10.10.10.254
default-router 10.10.10.1
domain-name CISCO.COM
netbios-name-server 10.10.10.253 10.10.10.252
!
ip address-pool dhcp-proxy-client
ip dhcp-server 10.10.10.1
isdn switch-type primary-net5
mta receive maximum-recipients 0
!
controller E1 0
clock source line primary
pri-group timeslots 1-31
!
controller E1 1
clock source line secondary 1
!
controller E1 2
clock source line secondary 2
!
controller E1 3
clock source line secondary 3
!
!
!
!
!
interface Loopback0
ip address 10.10.10.1 255.255.255.0
!
interface Ethernet0
ip address 10.200.20.7 255.255.255.0
no cdp enable
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
no fair-queue
clockrate 2015232
no cdp enable
!
interface Serial2
no ip address
shutdown
no fair-queue
clockrate 2015232
no cdp enable
!
interface Serial3
no ip address
shutdown
no fair-queue
clockrate 2015232
no cdp enable
!
interface Serial0:15
no ip address
encapsulation ppp
dialer rotary-group 1
isdn switch-type primary-net5
isdn incoming-voice modem
no peer default ip address
no cdp enable
ppp authentication chap
!
!
interface Serial1:15
no ip address
encapsulation ppp
dialer rotary-group 1
isdn switch-type primary-net5
isdn incoming-voice modem
no peer default ip address
no cdp enable
ppp authentication chap
!
!
interface Serial2:15
no ip address
encapsulation ppp
dialer rotary-group 1
isdn switch-type primary-net5
isdn incoming-voice modem
no peer default ip address
no cdp enable
ppp authentication chap
!
!
interface Serial3:15
no ip address
encapsulation ppp
dialer rotary-group 1
isdn switch-type primary-net5
isdn incoming-voice modem
no peer default ip address
no cdp enable
ppp authentication chap
!
interface FastEthernet0
no ip address
shutdown
duplex auto
speed auto
no cdp enable
!
interface Group-Async0
ip unnumbered Loopback0
encapsulation ppp
no ip route-cache
no ip mroute-cache
async mode interactive
peer default ip address dhcp
ppp authentication chap
group-range 1 60
!
interface Dialer1
ip unnumbered Loopback0
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer-group 1
peer default ip address dhcp
no cdp enable
ppp authentication chap
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.200.20.1
no ip http server
!
!
!
line con 0
exec-timeout 0 0
line 1 120
no exec
modem InOut
autoselect ppp
line aux 0
line vty 0 4
exec-timeout 0 0
password ww
transport input telnet
!
ntp clock-period 17179736
ntp server 10.200.20.134
end

验证

本部分所提供的信息可用于确认您的配置是否正常工作。

命令输出解释程序工具（仅限注册用户）支持某些 show 命令，使用此工具可以查看对 show 命令输出的分析。

• show caller ip - 显示您提供的 IP 地址的呼叫方信息概要。

• show ip dhcp server statistics - 显示 DHCP 服务器统计信息。

• show ip dhcp binding — 显示DHCP服务器上的地址绑定。

• show user — 显示控制台端口是否处于活动状态，并列出所有活动的Telnet会话，其中包含源主机的IP地址或IP别名。

• ping — 检查设备是否运行，以及网络连接是否完好。

这些命令的输出如下所示：

caramel#
Aug 23 11:05:25.553: %LINK-3-UPDOWN: Interface Serial0:12, changed state to up
Aug 23 11:05:25.553: Se0:12 PPP: Treating connection as a callin
Aug 23 11:05:25.553: Se0:12 PPP: Phase is ESTABLISHING, Passive Open
Aug 23 11:05:25.553: Se0:12 LCP: State is Listen
Aug 23 11:05:25.681: Se0:12 LCP: I CONFREQ [Listen] id 1 len 17
Aug 23 11:05:25.681: Se0:12 LCP:    MagicNumber 0x003EDA4F (0x0506003EDA4F)
Aug 23 11:05:25.681: Se0:12 LCP:    PFC (0x0702)
Aug 23 11:05:25.681: Se0:12 LCP:    ACFC (0x0802)
Aug 23 11:05:25.681: Se0:12 LCP:    Callback 6  (0x0D0306)
Aug 23 11:05:25.681: Se0:12 LCP: O CONFREQ [Listen] id 1 len 15
Aug 23 11:05:25.681: Se0:12 LCP:    AuthProto CHAP (0x0305C22305)
Aug 23 11:05:25.681: Se0:12 LCP:    MagicNumber 0x14AAE40E (0x050614AAE40E)
Aug 23 11:05:25.681: Se0:12 LCP: O CONFREJ [Listen] id 1 len 7
Aug 23 11:05:25.681: Se0:12 LCP:    Callback 6  (0x0D0306)
Aug 23 11:05:25.705: Se0:12 LCP: I CONFACK [REQsent] id 1 len 15
Aug 23 11:05:25.705: Se0:12 LCP:    AuthProto CHAP (0x0305C22305)
Aug 23 11:05:25.705: Se0:12 LCP:    MagicNumber 0x14AAE40E (0x050614AAE40E)
Aug 23 11:05:25.709: Se0:12 LCP: I CONFREQ [ACKrcvd] id 2 len 14
Aug 23 11:05:25.709: Se0:12 LCP:    MagicNumber 0x003EDA4F (0x0506003EDA4F)
Aug 23 11:05:25.709: Se0:12 LCP:    PFC (0x0702)
Aug 23 11:05:25.709: Se0:12 LCP:    ACFC (0x0802)
Aug 23 11:05:25.709: Se0:12 LCP: O CONFACK [ACKrcvd] id 2 len 14
Aug 23 11:05:25.709: Se0:12 LCP:    MagicNumber 0x003EDA4F (0x0506003EDA4F)
Aug 23 11:05:25.709: Se0:12 LCP:    PFC (0x0702)
Aug 23 11:05:25.709: Se0:12 LCP:    ACFC (0x0802)
Aug 23 11:05:25.709: Se0:12 LCP: State is Open
Aug 23 11:05:25.709: Se0:12 PPP: Phase is AUTHENTICATING, by this end
Aug 23 11:05:25.709: Se0:12 CHAP: O CHALLENGE id 1 len 28 from "caramel"
Aug 23 11:05:25.733: Se0:12 CHAP: I RESPONSE id 1 len 25 from "test"
Aug 23 11:05:25.733: Se0:12 PPP: Phase is FORWARDING
Aug 23 11:05:25.733: Se0:12 PPP: Phase is AUTHENTICATING
Aug 23 11:05:25.737: Se0:12 CHAP: O SUCCESS id 1 len 4
Aug 23 11:05:25.737: Se0:12 PPP: Phase is UP
Aug 23 11:05:25.737: Se0:12 IPCP: O CONFREQ [Not negotiated] id 1 len 10
Aug 23 11:05:25.737: Se0:12 IPCP:    Address 10.10.10.1 (0x03060A0A0A01)
Aug 23 11:05:25.753: Se0:12 IPCP: I CONFREQ [REQsent] id 1 len 34
Aug 23 11:05:25.753: Se0:12 IPCP:    Address 0.0.0.0 (0x030600000000)
Aug 23 11:05:25.753: Se0:12 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
Aug 23 11:05:25.753: Se0:12 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
Aug 23 11:05:25.753: Se0:12 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
Aug 23 11:05:25.757: Se0:12 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
Aug 23 11:05:25.757: Se0:12 AAA/AUTHOR/IPCP: Start.  
Her address 0.0.0.0, we want 0.0.0.0
Aug 23 11:05:25.757: Se0:12 AAA/AUTHOR/IPCP: Done.  
Her address 0.0.0.0, we want 0.0.0.0
Aug 23 11:05:25.757: Se0:12: Pools to search :
Aug 23 11:05:25.757: DHCPD: DHCPDISCOVER received from client 0074.6573.74 
through relay 10.10.10.1.
Aug 23 11:05:26.737: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0:12, 
changed state to up
Aug 23 11:05:27.756: DHCPD: assigned IP address 10.10.10.9 to client 0074.6573.74.
Aug 23 11:05:27.756: DHCPD: Sending DHCPOFFER to client 0074.6573.74 (10.10.10.9).
Aug 23 11:05:27.756: DHCPD: child  pool: 10.10.10.0 / 255.255.255.0 (0)
Aug 23 11:05:27.756: DHCPD: pool 0 has no parent.
Aug 23 11:05:27.756: DHCPD: child  pool: 10.10.10.0 / 255.255.255.0 (0)
Aug 23 11:05:27.756: DHCPD: pool 0 has no parent.
Aug 23 11:05:27.756: DHCPD: unicasting BOOTREPLY for client 0010.7be6.4498 
to relay 10.10.10.1.
Aug 23 11:05:27.756: DHCPD: DHCPREQUEST received from client 0074.6573.74.
Aug 23 11:05:27.756: DHCPD: Sending DHCPACK to client 0074.6573.74 (10.10.10.9).
Aug 23 11:05:27.756: DHCPD: child  pool: 10.10.10.0 / 255.255.255.0 (0)
Aug 23 11:05:27.756: DHCPD: pool 0 has no parent.
Aug 23 11:05:27.756: DHCPD: child  pool: 10.10.10.0 / 255.255.255.0 (0)
Aug 23 11:05:27.756: DHCPD: pool 0 has no parent.
Aug 23 11:05:27.760: DHCPD: unicasting BOOTREPLY for client 0010.7be6.4498 
to relay 10.10.10.1.
Aug 23 11:05:27.804: Se0:12: Default pool returned address = 10.10.10.9
Aug 23 11:05:27.804: Se0:12 IPCP: Pool returned 10.10.10.9
Aug 23 11:05:27.804: Se0:12 IPCP: O CONFREJ [REQsent] id 1 len 10
Aug 23 11:05:27.804: Se0:12 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
Aug 23 11:05:27.804: Se0:12 IPCP: I CONFACK [REQsent] id 1 len 10
Aug 23 11:05:27.804: Se0:12 IPCP:    Address 10.10.10.1 (0x03060A0A0A01)
Aug 23 11:05:27.804: Se0:12 IPCP: TIMEout: State ACKrcvd
Aug 23 11:05:27.804: Se0:12 IPCP: O CONFREQ [ACKrcvd] id 2 len 10
Aug 23 11:05:27.804: Se0:12 IPCP:    Address 10.10.10.1 (0x03060A0A0A01)
Aug 23 11:05:27.820: Se0:12 IPCP: I CONFREQ [REQsent] id 2 len 28
Aug 23 11:05:27.820: Se0:12 IPCP:    Address 0.0.0.0 (0x030600000000)
Aug 23 11:05:27.820: Se0:12 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
Aug 23 11:05:27.820: Se0:12 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
Aug 23 11:05:27.820: Se0:12 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
Aug 23 11:05:27.820: Se0:12 AAA/AUTHOR/IPCP: Start.  
Her address 0.0.0.0, we want 10.10.10.9
Aug 23 11:05:27.820: Se0:12 AAA/AUTHOR/IPCP: Done.  
Her address 0.0.0.0, we want 10.10.10.9
Aug 23 11:05:27.824: Se0:12 IPCP: O CONFNAK [REQsent] id 2 len 28
Aug 23 11:05:27.824: Se0:12 IPCP:    Address 10.10.10.9 (0x03060A0A0A09)
Aug 23 11:05:27.824: Se0:12 IPCP:    PrimaryDNS 10.10.10.254 (0x81060A0A0AFE)
Aug 23 11:05:27.824: Se0:12 IPCP:    PrimaryWINS 10.10.10.253(0x82060A0A0AFD)
Aug 23 11:05:27.824: Se0:12 IPCP:    SecondaryWINS 10.10.10.252(0x84060A0A0AFC)
Aug 23 11:05:27.824: Se0:12 IPCP: I CONFACK [REQsent] id 2 len 10
Aug 23 11:05:27.824: Se0:12 IPCP:    Address 10.10.10.1 (0x03060A0A0A01)
Aug 23 11:05:27.844: Se0:12 IPCP: I CONFREQ [ACKrcvd] id 3 len 28
Aug 23 11:05:27.844: Se0:12 IPCP:    Address 10.10.10.9 (0x03060A0A0A09)
Aug 23 11:05:27.844: Se0:12 IPCP:    PrimaryDNS 10.10.10.254(0x81060A0A0AFE)
Aug 23 11:05:27.844: Se0:12 IPCP:    PrimaryWINS 10.10.10.253(0x82060A0A0AFD)
Aug 23 11:05:27.844: Se0:12 IPCP:    SecondaryWINS 10.10.10.252(0x84060A0A0AFC)
Aug 23 11:05:27.844: Se0:12 AAA/AUTHOR/IPCP: Start.  
Her address 10.10.10.9, we want 10.10.10.9
Aug 23 11:05:27.848: Se0:12 AAA/AUTHOR/IPCP: Reject 10.10.10.9, using 10.10.10.9
Aug 23 11:05:27.848: Se0:12 AAA/AUTHOR/IPCP: Done.  
Her address 10.10.10.9, we want 10.10.10.9
Aug 23 11:05:27.848: Se0:12 IPCP: O CONFACK [ACKrcvd] id 3 len 28
Aug 23 11:05:27.848: Se0:12 IPCP:    Address 10.10.10.9(0x03060A0A0A09)
Aug 23 11:05:27.848: Se0:12 IPCP:    PrimaryDNS 10.10.10.254(0x81060A0A0AFE)
Aug 23 11:05:27.848: Se0:12 IPCP:    PrimaryWINS 10.10.10.253(0x82060A0A0AFD)
Aug 23 11:05:27.848: Se0:12 IPCP:    SecondaryWINS 10.10.10.252(0x84060A0A0AFC)
Aug 23 11:05:27.848: Se0:12 IPCP: State is Open
Aug 23 11:05:27.848: Di1 IPCP: Install route to 10.10.10.9
Aug 23 11:05:31.552: %ISDN-6-CONNECT: Interface Serial0:12 is now connected 
to 6133 test
Aug 23 11:05:38.688: DHCPD: DHCPINFORM received from 
client 00e0.1e57.6af0(10.200.20.12)

caramel#show ip dhcp binding
IP address       Hardware address        Lease expiration        Type
10.10.10.9       0074.6573.74            Aug 24 2001 02:05 PM    Automatic
caramel#

caramel#show ip dhcp server statistics
Memory usage         13975
Address pools        1
Database agents      0
Automatic bindings   1
Manual bindings      0
Expired bindings     0
Malformed messages   2
Message              Received
BOOTREQUEST          9
DHCPDISCOVER         9
DHCPREQUEST          8
DHCPDECLINE          0
DHCPRELEASE          18
DHCPINFORM           5
Message              Sent
BOOTREPLY            0
DHCPOFFER            8
DHCPACK              8
DHCPNAK              0

caramel#show caller ip
Line           User       IP Address      Local Number    Remote Number
<->
Se0:12         test       10.10.10.9      211             6133
in
caramel#show user
   Line         User       Host(s)                 Idle       Location
*  0 con 0                  idle                 00:00:00
 Interface      User        Mode                   Idle     Peer Address
  Se0:12        test       Sync PPP              00:00:27   PPP: 10.10.10.9

caramel#ping 10.10.10.9
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/56/60 ms
caramel#

 !--- User disconnects now.


caramel#
Aug 23 11:06:11.332: DHCPD: checking for expired leases.
Aug 23 11:07:25.552: %ISDN-6-DISCONNECT: Interface Serial0:12  disconnected
from 6133 test, call lasted 120 seconds
Aug 23 11:07:25.588: %LINK-3-UPDOWN: Interface Serial0:12, changed state to down
Aug 23 11:07:25.592: Se0:12 IPCP: State is Closed
Aug 23 11:07:25.592: Se0:12 set_ip_peer(0): new address
Aug 23 11:07:25.592: ip_free_pool: Se0:12: address = 10.10.10.9 (1)0.0.0.0
Aug 23 11:07:25.592: Se0:12 PPP: Phase is TERMINATING
Aug 23 11:07:25.592: Se0:12 LCP: State is Closed
Aug 23 11:07:25.592: Se0:12 PPP: Phase is DOWN
Aug 23 11:07:25.592: Di1 IPCP: Remove route to 10.10.10.9
Aug 23 11:07:26.588: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0:12, 
changed state to down
Aug 23 11:07:30.592: DHCPD: DHCPRELEASE message received from client 
0074.6573.74 (10.10.10.9).
Aug 23 11:07:30.592: DHCPD: returned 10.10.10.9 to address pool 0.
Aug 23 11:07:31.592: DHCPD: DHCPRELEASE message received from client 
0074.6573.74 (10.10.10.9).
Aug 23 11:07:32.592: DHCPD: DHCPRELEASE message received from client 
0074.6573.74 (10.10.10.9).
Aug 23 11:08:11.332: DHCPD: checking for expired leases.

如果已正确实施IOS DHCP服务器功能，则可以查看IP配置、Windows IP配置程序(winipcfg)或拨入客户端上的相应命令，以检查收到的DHCP参数。我们可以在用于测试的Windows 98 PC上使用winipcfg从DHCP服务器获取以下参数：

ip address       10.10.10.9
mask             255.0.0.0 
default gateway  10.10.10.10 
dhcp server      - 
primary wins     10.10.010.253 
secondary wins   10.10.10.252 
lease obtained   - 
lease expires    -

故障排除

本部分提供的信息可用于对配置进行故障排除。

故障排除命令

注意：在发出debug命令之前，请参阅有关Debug命令的重要信息。

• debug ppp negotiation — 使debug ppp命令显示在PPP启动期间传输的PPP数据包，在此期间协商PPP选项。

• debug ip peer — 在定义池组时包含其他输出。

• debug ip dhcp server linkage — 显示数据库链接信息。

• debug ip dhcp server events — 报告服务器事件，如地址分配和数据库更新。

• debug ip dhcp server packets — 解码DHCP接收和传输。

相关信息

• Cisco IOS DHCP 服务器
• 自动配置Cisco IOS DHCP服务器选项
• 配置 DHCP
• 配置与介质无关的PPP和多链路PPP
• 技术支持和文档 - Cisco Systems