4.6 Configure and verify DHCP client and relay
How do we set up DHCP or Dynamic Host Configuration Protocol? Remember that if a host connects to our network, it must be assigned an IP address (unless it has a static IP). A DHCP server assigns IP addresses.
There are four messages that are sent from the client to the server
- Discover. This is the first message that the client sends to the server. It is the equivalent of “hey, I’m new here and I need an IP address”.
- Offer. This is a message that the server sends to the client, offering it an IP address. It is the equivalent of “hey, here is an IP address that you can use”.
- Request. This message is sent by the client to the server. In this message, the client asks to lease the IP address that the server offered. It is the equivalent of “I received your offer and I accept”.
- Acknowledgement. This message is sent by the server to the client. The server confirms that it has assigned the address to the client. It also confirms the subnet mask, gateway, and DNS server IP addresses. It is the equivalent of “I confirm that you accepted my IP address and I won’t offer it to anybody else. By the way, our network uses the following settings for the gateway and DNS”.
A host without an IP address uses the IP address 0.0.0.0 until it receives one from the DHCP server. A host that is looking for a DHCP address sends messages to 255.255.255.255, which is the local broadcast IP address that any host can use to send a message to all the other hosts on the same local network. Packets sent to 255.255.255.255 are not forwarded by routers, but they are flooded by switches.
How can we send a broadcast message to all the devices on our local subnet? Normally, we need to know the MAC address of the recipient in order to send it a message. Well, the broadcast IP address 255.255.255.255 translates into the broadcast MAC address of FF:FF:FF:FF:FF:FF. A switch will flood traffic addressed to FF:FF:FF:FF:FF:FF across all of its interfaces (in the same VLAN).
Thus, a host without an IP address uses 0.0.0.0 as its IP address and sends a Discover message to 255.255.255.255. This message travels across the entire LAN, and hopefully to the DHCP server on the LAN.
When the DHCP server receives the Discover message, it sends its Offer reply to 255.255.255.255 as well, because it knows that the client doesn’t have an IP address yet. This message is seen by everybody, but it is encapsulated in the client’s ethernet MAC address. Thus, the requesting client knows that this message was intended for it, and other clients know that the message was not intended for them.
I mentioned earlier that if our DHCP server is far away, we can use the helper address on the router to send requests to it. It is recommended to create a central DHCP server, but it is technically possible to establish a separate DHCP server on each LAN’s router.
On a Cisco router, we type ip helper-address <DHCP server IP address> to configure a helper IP address. Now our router listens for DHCP Discover messages and forwards them to the DHCP server. We must configure this address on any interface connecting to a LAN that doesn’t have a DHCP server and needs it.
The router changes the message’s source IP address to its own IP address and changes the destination IP address from 255.255.255.255 to that of the DHCP server. That way, the DHCP server can reply directly to the router, and the router can forward that reply to the requesting client.
In the example below, our external DHCP server has an address of 10.10.10.10 and our router has an IP address of 10.0.0.0. Computer B sends a Discover message, which the router receives. Since the router has a helper IP address, it changes the source IP address to its own IP address and destination address to the DHCP server’s IP address.
On the way back, the router receives the Offer message, but it doesn’t know who it should go to. The client doesn’t have an IP address anyways. It changes the destination IP address to 255.255.255.255 and broadcasts it all over the local network.
Notice that the Discover message comes from the Router’s LAN IP address 10.0.0.0, so that the DHCP server replies to the Router’s LAN IP address 10.0.0.0. This is important, because if the router has multiple LAN connections, it needs to know to forward the DHCP packet out of the correct interface.
We should configure the DHCP Server with the following information
- Subnet – the range of IP addresses that the DHCP server can issue
- Reserved IP addresses – IP addresses that the DHCP server cannot issue
- Subnet mask – the mask assigned to the network where the IP addresses come from
- Default gateway – the gateway that DHCP clients should use
- DNS Server IP addresses – the DNS Server addresses that the clients should use
- Lease time – the amount of time that a DHCP address is valid after being issued to a client. The client may be able to renew the IP address before it expires.
There are three ways to allocate a DHCP IP address
- Dynamic Allocation. The server picks the first available address from the range and assigns it to the device. If I have a large Wi-Fi network such as in an airport, with thousands of different devices connecting to it each day, I might choose to allocate DHCP addresses dynamically.
- Automatic Allocation. The server remembers which address it assigned to each device in the past. It tries to assign the device the same IP address each time, if available. If I had an office with users who bring their laptops to work, I would try to allocate the same IP address to each device. I wouldn’t make it mandatory because devices are replaced, and new devices are added all the time. I would need the option to allocate IP unused IP addresses to new devices.
- Manual Allocation. The administrator manually programs a relationship between a MAC address and an IP address. If a device with a matching MAC address joins the network, it is automatically assigned the same IP address each time. The network will reserve this IP address and never assign it to any other device. I would use this when I have specific devices like printers and surveillance cameras, which are better off accessible at the same address each time, and I’m not able to program a static IP address into each device.
By default, the Windows Operating System uses DHCP. We can configure DHCP on a Cisco switch by typing ip address dhcp. Now our switch will request an IP address by DHCP. This command must be configured inside each VLAN that requires it.
Once the VLAN is up, we can check that the DHCP is working by checking with show interfaces vlan <VLAN ID>. If the VLAN or interface is down, then the switch obviously won’t obtain an IP address.
We can also type show dhcp lease to see the details about the IP address. What do we see?
- 10.10.1.5 is the IP address we were assigned
- 10.10.10.10 is the DHCP server IP address
- 10.10.1.1 is the default gateway IP address
- 255.255.255.0 is the subnet mask
A router interface will normally be assigned a static IP address, but it is possible to assign it a DHCP address. We use the same command as the switch, but we do so through the physical interface configuration.
We can verify the DHCP IP address on a router by checking show ip route static. When the router learns a DHCP IP address, it adds it to the routing table as a static route with an administrative distance of 254. Remember that DHCP routes have an administrative distance of 254, while normal static routes have an administrative distance of 1.
A host on a network must have the following
- IP address – it needs to know who it is
- Subnet Mask – it needs to know the size of its network
- Gateway – it needs to know which router to send traffic to, when the destination is outside its local network
- DNS Server – it needs to know who to ask when it has a domain name that needs to be translated into an IP address