Please Whitelist This Site? I know everyone hates ads. But please understand that I am providing premium content for free that takes hundreds of hours of time to research and write. I don't want to go to a pay-only model like some sites, but when more and more people block ads, I end up working for free. And I have a family to support, just like you. :) If you like The TCP/IP Guide, please consider the download version . It's priced very economically and you can read all of it in a convenient format without ads. If you want to use this site for free, I'd be grateful if you could add the site to the whitelist for Adblock. To do so, just open the Adblock menu and select "Disable on tcpipguide.com". Or go to the Tools menu and select "Adblock Plus Preferences...". Then click "Add Filter..." at the bottom, and add this string: "@@||tcpipguide.com^$document". Then just click OK. Thanks for your understanding! Sincerely, Charles Kozierok Author and Publisher, The TCP/IP Guide
The two main functions of the Dynamic Host Configuration Protocol are to provide a mechanism for assigning addresses to hosts, and a method by which clients can request addresses and other configuration data from servers. Both functions are based on the ones implemented in DHCP's predecessor, BOOTP, but the changes are much more significant in the area of address assignment than they are in communication. It makes sense to start our look at DHCP here, since this will naturally lead us into a detailed discussion of defining characteristic of DHCP: dynamic addressing .
Providing an IP address to a client is the most fundamental configuration task performed by a host configuration protocol. To provide flexibility for configuring addresses on different types of clients, the DHCP standard includes three different address allocation mechanisms:
I don't really care for the names “automatic” and “dynamic” allocation, because they don't do a good job of clearly conveying the differences between these methods. Both can be considered “automatic” because in each the DHCP server assigns an address with no administrator intervention required. The real difference between them is only in how long the IP address is retained, and therefore, whether a host's address varies over time. I think better names would be “static/permanent automatic allocation” and “dynamic/temporary automatic allocation”. But then, nobody really cares much what I think. J
Regardless of what you call them, all three of these methods exist for configuring IP hosts using DHCP. It is not necessary for an administrator to choose one over the others. Instead, he or she will normally combine the methods, using each for the devices where it makes the most sense.
Glossary: What is DHCP?
What is DHCP? It assigns IP addresses dynamically
The answer to “What is DHCP?” is that it’s the standard mechanism to dynamically assign IP addresses within a network. It stands for Dynamic Host Configuration Protocol.
IP, or Internet Protocol, addressing is a logical means of assigning addresses to devices on a network. Each device connected to a network requires a unique IP address.
At home, dynamic host configuration protocol (DHCP) assigns IP addresses to your smartphones, laptops, tablets, and devices like doorbell cameras. When you use wifi on your home network, typically your router is a DHCP server.
In a large enterprise setting, a DHCP server is usually a dedicated computer. By simplifying IP address management, it saves money, is more secure, and doesn’t eat up valuable admin time.
In this glossary entry, we’ll explore the fundamentals of how DHCP works. Then, we’ll take a deeper look at two aspects: dynamic addressing and the communications protocol.
How does DHCP work?
DHCP is a network management protocol. A client device (or DHCP client), such as a laptop, joins a network and requests an IP address. The request is made to a DHCP server.
These servers are often configured with redundancy—often called DHCP failover —or clustering among other network servers. Servers can run on both IPv4 and IPv6 networks.
The server will quickly and automatically assign an IP address and some related network configuration parameters. Once the device has accepted the assignment, it can communicate with both the internal network and the public internet.
Relevant parameters
In addition to assigning IP addresses, these servers also provide relevant parameters, known as DHCP options. The Internet Assigned Numbers Authority (IANA), the global coordinator of IP addresses, defines available DHCP parameters .
Options number in the hundreds. Key among them is how long the IP address can be used—known as the lease time. They also include the default gateway, its subnet mask, and its DNS server.
Some additional definitions
To clarify, let’s quickly define some of these terms we just mentioned:
- A default gateway transfers data back and forth between the local network and the internet, or between local subnets.
- IP networking uses a subnet mask to separate the host address and the network address portions of an IP address.
- A DNS server resolves names to IP addresses, translating domain names that we easily remember, like bluecatnetworks.com, into IP addresses like 104.239.197.100.
Dynamic IP addressing with DHCP
The assignment of IP addresses happens dynamically within a given address range. As a result, a device connected to the network doesn’t have a forever address. The IP address can periodically change as its lease time expires unless the lease is successfully renewed.
For services that always need to be on, a static IP address is often a better option. Corporate enterprises commonly use static IP addresses for hardware like mail servers. Certainly, a DHCP server should have a static IP address.
However, there are drawbacks to dedicating a specific IP address to a device or service. A network administrator must manually assign, configure, and track the IP address. It’s a time-consuming task. Oftentimes, it requires the admin to physically be with the device.
Meanwhile, dynamic IP addresses are usually the preferred choice because they:
- Cost less to manage than static IP addresses;
- May offer more privacy and security with a constantly changing IP address; and
- Don’t require manual administration when a device roams from one subnet to another.
DHCP communications protocol
Communications to fulfill a DHCP request involves both the server and client. Furthermore, a relay agent or IP helper often facilitates communication between the two. Relay agents receive broadcast DHCP messages from clients and then re-send those messages with configuration information to servers.
Communication happens via small units of data, called packets, that are routed through a network. Networking protocols like IP govern all its rules.
Most of the time, communication occurs in four steps. Briefly, they are:
- A discover packet is sent from the client to the server.
- The server replies to the client with a DHCP offer packet containing an IP address.
- The client receives and validates the offer, then sends a request packet back to the server to accept the address.
- The server sends an acknowledgement packet back to the client to confirm the chosen IP address.
With this in mind, one final point: DHCP alongside DNS and IP address management ( IPAM ) are together known as DDI. Want to know how to define DDI or how it works to form a complete management solution? The BlueCat platform is the place to start.
Related content
Automating DHCP reservations at a U.S. government agency
BlueCat worked with a large U.S. government agency to bring automation to a task they perform over and over, all day long: DHCP reservations.
eBook: Network Rising
The gap between what the network team can deliver and what end-users need continues to widen. You need back-end DNS that supports all of your initiatives.
Technical Know-How: Deploying DDNS with BlueCat
Dynamic DNS automatically updates DNS records when an IP address changes. Learn how to deploy DDNS on the BlueCat Address Manager and DNS/DHCP server.
eBook: The Cost of Free
This eBook outlines the journey from the functional to the inevitable, when you realize your free DNS is anything but. See how both tactical and strategic…
- Privacy Overview
- 3rd Party Cookies
- Additional Cookies
- Cookie Policy
Cookies are good for you. Not the eatable kind. (We wish.) The type of cookie we use on this website to improve your experience. This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
To consent, just click on the 'Accept' button.
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
This website uses additional cookies
You can find more information about our Cookie Policy on our privacy policy page.
The Dynamic Host Configuration Protocol (DHCP) and Windows NT
Gary c. kessler carol a. monaghan december 1998.
An edited version of this paper appeared with the title "Windows NT & DHCP" in the May 1999 issue of Windows NT Magazine .
The DHCP service is administered using the DHCP Manager (located in the Administrative Tools group on the server system). The DHCP Manager can be used only to manage Windows NT-based DHCP servers within a Windows NT domain (Figure 3). Selections under the Server pulldown menu allow the manager to add or remove DHCP servers to be managed, or to display the properties of a particular server.
The first order of business after installing the DHCP Server service is to define one or more scopes. A scope is a range of IP addresses that the server can assign to client systems. Creation, deletion, configuration, and activation/deactivation of individual scopes is accomplished via the Scope pulldown menu in the DHCP Manager. When a scope is created, a dialog box such as the one in Figure 4 will appear. The information to be supplied here is rather straight forward: Start Address and End Address: Required fields, used to specify the first and last IP addresses in the address pool that are to be assigned to clients by this server. Subnet Mask: Required field, specifying the subnet mask to be assigned to all clients in this DHCP scope. Exclusion Range Start Address/End Address: Optional fields, used to specify a range of IP addresses that should be removed from the address pool of assignable addresses. This is important in cases where some addresses in a range have already been assigned on a static basis. Lease Duration: Required to specify the duration for which address assignments are good. If the Unlimited box is checked, then address assignments never expire; otherwise, specify the lease duration in number of days, hours, and minutes in the Limited To section. Name: A required field in which to place the name of the scope for administrative purposes. Comment: An optional field to provide additional comments to describe the scope. Once the scope has been defined, it must be activated before it can be used by the DHCP service. A scope can be activated when created or via the DHCP Manager. When selecting the range of addresses in the assignment pool, do not include addresses for the router (gateway); DHCP, Web, FTP, e-mail, DNS, SNMP, and other servers; SNMP-managed devices; printers; and other devices where addresses are statically assigned and managed. Addresses for these devices should be excluded from the DHCP address pool. Finally, determining the lease duration may be the hardest task for the DHCP administrator. A number of factors have to be considered in determining the best lease times, including the number of available IP addresses versus the number of potential clients, as well as the frequency of DHCP option and network changes, and the frequency of client additions and removals from the network. If leases are too short, traffic on the network increases and additional time is spent exchanging DHCP renewal messages; if leases are too long (and clients do not employ graceful shutdown), addresses may stay allocated even though the client is no longer on the system. It is a good idea, however, never to assign an infinite-time lease; although that might sound like a way to permanently assign an IP address, it can actually cause problems over time as the client and server go up and down. Administrators need to understand their network environment and the patterns of usage to best choose a lease duration, and lease durations can vary from as short as a few hours or days (e.g., for a very dynamic network with frequent changes) to several months (e.g., for a relatively stable network). The most efficient address assignments, of course, are when the clients relinquish addresses when they disconnect from the network. The Scope pulldown menu is also used by a network manager to examine the currently active leases within a scope and to reserve a specific address for a specific host. As mentioned above, DHCP can be used to do much more than assign addresses, although that is the most common purpose and addresses are typically the scarcest resource associated with DHCP. The NT version of the DHCP server can, in fact, be used to assign nearly 50 different network settings, such as the ones shown in the figure:
As an aside, the number preceding the setting name (such as the "003" before "Router") refers to the DHCP option identifier. A complete list of DHCP options per the Internet Engineering Task Force (IETF) can be found on the Internet at http://www.isi.edu/in-notes/iana/assignments/bootp-dhcp-parameters . (Table 1 below lists all of the DHCP options supported in the Windows NT DHCP Service).
SIDEBAR: Other Address Conservation Schemes
IP version 6 (IPv6), of course, obviates the address exhaustion problem by employing 128-bit addresses -- a large enough space to address every molecule in the solar system! But schemes such as CIDR, NAT, PAT, and DHCP are actually extending the life of the current version of IP (IPv4) because of their address handling capabilities.
ABOUT THE AUTHORS: Gary C. Kessler was, at the time this article was written, the Director of Information Technology at Hill Associates, a telecommunications training and education firm with headquarters in Colchester, VT. Carol A. Monaghan is currently the Director of Information Technology at Hill Associates. Their e-mail addresses are [email protected] and [email protected] , respectively.
- Articles Automation Career Cloud Containers Kubernetes Linux Programming Security
- About About Enable Sysadmin Email newsletter Join the community Sudoers program Meet the team FAQs
Static and dynamic IP address configurations: DHCP deployment
%t min read | by Damon Garn
In my Static and dynamic IP address configurations for DHCP article, I discussed the pros and cons of static versus dynamic IP address allocation. Typically, sysadmins will manually configure servers and network devices (routers, switches, firewalls, etc.) with static IP address configurations. These addresses don’t change (unless the administrator changes them), which is important for making services easy to find on the network.
With dynamic IP configurations, client devices lease an IP configuration from a Dynamic Host Configuration Protocol (DHCP) server. This server is configured with a pool of available IPs and other settings. Clients contact the server and temporarily borrow an IP address configuration.
In this article, I demonstrate how to configure DHCP on a Linux server.
[ You might also like: Using systemd features to secure services ]
Manage the DHCP service
First, install the DHCP service on your selected Linux box. This box should have a static IP address. DHCP is a very lightweight service, so feel free to co-locate other services such as name resolution on the same device.
Note : By using the -y option, yum will automatically install any dependencies necessary.
Configure a DHCP scope
Next, edit the DHCP configuration file to set the scope. However, before this step, you should make certain you understand the addressing scheme in your network segment. In my courses, I recommend establishing the entire range of addresses, then identifying the static IPs within the range. Next, determine the remaining IPs that are available for DHCP clients to lease. The following information details this process.
How many static IP addresses?
Figure out how many servers, routers, switches, printers, and other network devices will require static IP addresses. Add some additional addresses to this group to account for network growth (it seems like we’re always deploying more print devices).
What are the static and dynamic IP address ranges?
Set the range of static IPs in a distinct group. I like to use the front of the available address range. For example, in a simple Class C network of 192.168.2.0/24, I might set aside 192.168.2.1 through 192.168.2.50 for static IPs. If that’s true, you may assume I have about 30 devices that merit static IP addresses, and I have left about twenty addresses to grow into. Therefore, the available address space for DHCP is 192.168.2.51 through 192.168.2.254 (remember, 192.168.2.255 is the subnet broadcast address).
This screenshot from the part one article is a reminder:
Note : Some administrators include the static IPs in the scope and then manually mark them as excluded or unavailable to the DHCP service for leasing. I’m not a fan of this approach. I prefer that the DHCP not even be aware of the addresses that are statically assigned.
What is the router’s IP address?
Document the router’s IP address because this will be the default gateway value. Administrators tend to choose either the first or the last address in the static range. In my case, I’d configure the router’s IP address as 192.168.2.1/24, so the default gateway value in DHCP is 192.168.2.1.
Where are the name servers?
Name resolution is a critical network service. You should configure clients for at least two DNS name servers for fault tolerance. When set manually, this configuration is in the /etc/resolv.conf file.
Note that the DNS name servers don’t have to be on the same subnet as the DNS clients.
Lease duration
In the next section, I’ll go over the lease generation process whereby clients receive their IP address configurations. For now, suffice it to say that the IP address configuration is temporary. Two values are configured on the DHCP server to govern this lease time:
default-lease-time - How long the lease is valid before renewal attempts begin.
max-lease-time - The point at which the IP address configuration is no longer valid and the client is no longer considered a lease-holder.
Configure the DHCP server
Now that you understand the IP address assignments in the subnet, you can configure the DHCP scope. The scope is the range of available IP addresses, as well as options such as default gateway. There is good documentation here .
Create the DHCP scope
Begin by editing the dhcp.conf configuration file (you’ll need root privileges to do so). I prefer Vim :
Next, add the values you identified in the previous section. Here is a subnet declaration (scope):
Remember, that spelling counts and typos can cause you a lot of trouble. Check your entries carefully. A mistake in this file can prevent many workstations from having valid network identities.
Reserved IP addresses
It is possible to reserve an IP address for a specific host. This is not the same thing as a statically-assigned IP address. Static IP addresses are configured manually, directly on the client. Reserved IP addresses are leased from the DHCP server, but the given client will always receive the same IP address. The DHCP service identifies the client by MAC address, as seen below.
Start the DHCP service
Start and enable the DHCP service. RHEL 7 and 8 rely on systemd to manage services, so you’ll type the following commands:
See this article I wrote for a summary on successfully deploying services.
Don’t forget to open the DHCP port in the firewall:
Explore the DORA process
Now that the DHCP server is configured, here is the lease generation process. This is a four-step process, and I like to point out that it is entirely initiated and managed by the client, not the server. DHCP is a very passive network service.
The process is:
- Acknowledge
Which spells the acronym DORA .
- The client broadcasts a DHCPDiscover message on the subnet, which the DHCP server hears.
- The DHCP server broadcasts a DHCPOffer on the subnet, which the client hears.
- The client broadcasts a DHCPRequest message, formally requesting the use of the IP address configuration.
- The DHCP server broadcasts a DHCPAck message that confirms the lease.
The lease must be renewed periodically, based on the DHCP Lease Time setting. This is particularly important in today’s networks that often contain many transient devices such as laptops, tablets, and phones. The lease renewal process is steps three and four. Many client devices, especially desktops, will maintain their IP address settings for a very long time, renewing the configuration over and over.
Updating the IP address configuration
You may need to obtain a new IP address configuration with updated settings. This can be an important part of network troubleshooting.
Manually generate a new lease with nmcli
You can manually force the lease generation process by using the nmcli command. You must know the connection name and then down and up the card.
Manually force lease generation with dhclient
You can also use the dhclient command to generate a new DHCP lease manually. Here are the commands:
dhclient -r to release it
dhclient (no option) to lease a new one
dhclient -r eth0 for specific NIC
Note : use -v for verbose output
Remember, if the client’s IP address is 169.254.x.x, it could not lease an IP address from the DHCP server.
Other DHCP considerations
There are many ways to customize DHCP to suit your needs. This article only covers the most common options. Two settings to keep in mind are lease times and dealing with routers.
Managing lease times
There is a good trick to be aware of. Use short lease durations on networks with many portable devices or virtual machines that come and go quickly from the network. These short leases will allow IP addresses to be recycled regularly. Use longer durations on unchanging networks (such as a subnet containing mostly desktop computers). In theory, the longer durations reduced network traffic by requiring fewer renewals, but on today’s networks, that traffic is inconsequential.
Routers and DHCP
There is one other aspect of DHCP design to consider. The DORA process covered above occurs entirely by broadcast. Routers, as a general rule, are configured to stop broadcasts. That’s just part of what they do. There are three approaches you can take to managing this problem:
- Place a DHCP server on each subnet (no routers between the DHCP server and its clients).
- Place a DHCP relay agent on each subnet that sends DHCP lease generation traffic via unicast to the DHCP server on a different subnet.
- Use RFC 1542-compliant routers, which can be configured to recognize and pass DHCP broadcast traffic.
[ Getting started with containers? Check out this free course. Deploying containerized applications: A technical overview . ]
DHCP is a simple service but an absolutely critical one. Understanding the lease generation process helps with network troubleshooting. Proper planning and tracking are essential to ensuring you don’t permit duplicate IP address problems to enter your network environment.
Check out these related articles on Enable Sysadmin
Damon Garn owns Cogspinner Coaction, LLC, a technical writing, editing, and IT project company based in Colorado Springs, CO. Damon authored many CompTIA Official Instructor and Student Guides (Linux+, Cloud+, Cloud Essentials+, Server+) and developed a broad library of interactive, scored labs. He regularly contributes to Enable Sysadmin, SearchNetworking, and CompTIA article repositories. Damon has 20 years of experience as a technical trainer covering Linux, Windows Server, and security content. He is a former sysadmin for US Figure Skating. He lives in Colorado Springs with his family and is a writer, musician, and amateur genealogist. More about me
Try Red Hat Enterprise Linux
Download it at no charge from the red hat developer program., related content.
OUR BEST CONTENT, DELIVERED TO YOUR INBOX
Privacy Statement
DHCP address assignment mechanisms
Configure the following address assignment mechanisms as needed:
Static address allocation —Manually bind the MAC address or ID of a client to an IP address in a DHCP address pool. When the client requests an IP address, the DHCP server assigns the IP address in the static binding to the client.
Dynamic address allocation —Specify IP address ranges in a DHCP address pool. Upon receiving a DHCP request, the DHCP server dynamically selects an IP address from the matching IP address range in the address pool.
You can specify IP address ranges in an address pool by using either of the following methods:
Method 1 — A primary subnet being divided into multiple address ranges in an address pool
Method 2 — A primary subnet and multiple secondary subnets in an address pool
A primary subnet being divided into multiple address ranges in an address pool
An address range includes a common IP address range and IP address ranges for DHCP user classes.
Upon receiving a DHCP request, the DHCP server finds a user class matching the client and selects an IP address in the address range of the user class for the client. A user class can include multiple matching rules, and a client matches the user class as long as it matches any of the rules. In address pool view, you can specify different address ranges for different user classes.
The DHCP server selects an IP address for a client by performing the following steps:
DHCP server compares the client against DHCP user classes in the order they are configured.
If the client matches a user class, the DHCP server selects an IP address from the address range of the user class.
If the matching user class has no assignable addresses, the DHCP server compares the client against the next user class. If all the matching user classes have no assignable addresses, the DHCP server selects an IP address from the common address range.
If the DHCP client does not match any DHCP user class, the DHCP server selects an address in the IP address range specified by the address range command. If the address range has no assignable IP addresses or it is not configured, the address allocation fails.
A primary subnet and multiple secondary subnets in an address pool
The DHCP server selects an IP address from the primary subnet first. If there is no assignable IP address on the primary subnet, the DHCP server selects an IP address from secondary subnets in the order they are configured.
© Copyright 2015, 2017 Hewlett Packard Enterprise Development LP
What is DHCP and how does it allocate IP addresses?
DHCP is a network management protocol that deals with the allocation of IP addresses . It is one of those processes that users might be unaware of but should be grateful regardless. After all, it makes it possible for you to connect multiple devices to a network instantly. Since each of them must operate with a unique IP address, components like DHCP become essential. Let’s figure out how DHCP works and other traits related to this protocol.
Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.
What is L2TP, and can you trust it in a VPN?
What is a home server, and how can you build it?
This document describes the configurations of IP service, including IP address, ARP, DHCP, DNS, UDP Helper, IP performance, IPv6, DHCPv6, IPv6 DNS, IPv6 over IPv4 tunnel and IPv4 over IPv6 tunnel.
- About This Document
- IPv4 Overview
- Configuration Notes
- IPv4 Protocol Suite
- IPv4 Address
- IPv4 Packet Format
- IP Address Resolution
- Configuring a Primary IP Address for an Interface
- (Optional) Configuring a Secondary IP Address for an Interface
Checking the Configuration
- Configuring a Primary IP Address for the IP Numbered Interface
- Configuring an IP address Unnumbered Interface
- Example for Configuring Primary and Secondary IP Addresses for an Interface
- Example for Configuring an IP Unnumbered Interface
- IP Address Configuration Fails on an Interface
- ARP Overview
- ARP Principles
- Gratuitous ARP
- Multi-Interface ARP
- Configuration Task Summary
- Licensing Requirements and Limitations for ARP
- Default Configuration
- Configuring Static ARP
- Optimizing Dynamic ARP
- Configuring Proxy ARP
- Configuring ARP-Ping
- Enabling a Device to Learn Multicast MAC Addresses and Generate ARP Entries
- Configuring Multi-Interface ARP
- Configuring the Scheduled ARP Refresh Function
- Clearing ARP Entries
- Monitoring the ARP Running Status
- Example for Configuring Static ARP
- Example for Configuring Routed Proxy ARP
- Example for Configuring Intra-VLAN Proxy ARP
- Example for Configuring Inter-VLAN Proxy ARP
- Example for Configuring Layer 2 Topology Detection
- Example for Configuring Multi-Interface ARP
- DHCP Overview
- Typical Networking
- How a DHCP Server Allocates Network Parameters to New DHCP Clients
- How a DHCP Client Reuses an IP Address
- How a DHCP Client Renews Its IP Address Lease
- Specifications
- DHCP Server Application
- DHCP Relay Agent Application
- DHCP Client Application
- Master/Backup DHCP Server Application
- Introduction to DHCP Messages
- DHCP Options
- Planning Data
- Enabling DHCP
Configuring a DHCP Server to Allocate IP Addresses to Clients
- (Optional) Configuring a DHCP Server to Allocate Network Parameters Besides IP Addresses
- (Optional) Configuring the DHCP Rate Limit Function
- Enabling the DHCP Relay Function
- Specifying an IP Address for the DHCP Server on a DHCP Relay Agent
- (Optional) Configuring Strategies for Processing Option 82 Information on a DHCP Relay Agent
- (Optional) Configuring Rate Limit of DHCP Packets
- (Optional) Configuring Attributes for a DHCP Client
- (Optional) Configuring an Expected Lease for a DHCP Client
- (Optional) Configuring the Gateway Detection Function on a DHCP Client
- (Optional) Configuring a DHCP Client to Dynamically Obtain Routing Information
- Enabling the DHCP Client Function
- (Optional) Configuring Attributes for a BOOTP Client
- (Optional) Configuring the Gateway Detection Function on a BOOTP Client
- (Optional) Configuring a BOOTP Client to Dynamically Obtain Routing Information
- Enabling the BOOTP Client Function
- Viewing Statistics About DHCP Messages
- Clearing Statistics About DHCP Messages
- Resetting a DHCP Address Pool
- Locking a DHCP Address Pool
- Example for Configuring the Device as a DHCP Server (Based on the Interface Address Pool)
- Example for Configuring the DHCP Server to Allocate Different Network Parameters to Dynamic Clients and Static Clients in the Global Address Pool
- Example for Configuring the Device as a DHCP Relay (Relay and Server Are Located on the Same Network)
- Example for Configuring a Device as the DHCP Relay Agent (Connected to the DHCP Server Across a BGP/MPLS IP VPN Tunnel)
- Example for Configuring a DHCP Client
- Example for Configuring a BOOTP Client
- Example for Configuring a DHCP Server in a Super-VLAN
- The IP Address Obtained by a Client Conflicts with the IP Address of Another Client
- A Client Fails to Obtain an IP Address from a DHCP Server
- It Takes a Long Time for a DHCP Client to Obtain an IP Address from a DHCP Server
- A DHCP Client Can Obtain an IP Address Through the DHCP Relay Agent, but Cannot Access the Internet
- How Can I Ensure that a DHCP Client Selects the Correct DHCP Server?
- How Can I Configure a PC to Release and Update Its IP Address?
- When Both the DHCP Server and Relay Functions Are Enabled on an Interface, Which Function Is Processed Preferentially?
- DNS Overview
- Working Principle of DNS
- Working Principle of DNS Proxy or Relay
- Working Principle of DNS Spoofing
- Working Principle of DDNS
- DNS Client Application
- DNS Proxy Application
- Configuring the Static Domain Name Resolution
- Configuring the Dynamic Domain Name Resolution
- (Optional) Associating a DNS Server with NQA
- Configuring the Destination DNS Server
- (Optional) Configuring DNS Spoofing
- Configuring a DDNS Policy
- Binding a DDNS Policy to an Interface
- Deleting Dynamic DNS Entries
- Deleting DNS Entries of the DNS Proxy or Relay
- Clearing Statistics on Sent and Received DNS Packets
- Manually Updating a DDNS Policy
- Monitoring the Running Status of DNS
- Example for Configuring DNS Proxy
- Example for Configuring the DDNS Client (Using the Update Mode Defined by the RFC2136)
- Example for Configuring the DDNS Client (Using the Update Mode Implemented Through the DDNS Server)
- Example for Configuring the Router to Communicate with the Siemens DDNS Server
- Example for Configuring Association Between the DNS Server and NQA
- Dynamic Domain Name Resolution Cannot Be Implemented on a DNS Client
- Introduction to NAT
- NAT Implementation
- DNS Mapping
- NAT Associated with VPNs
- NAT Filtering and NAT Mapping
- Private Network Hosts Accessing Public Network
- Public Network Hosts Accessing Private Network Servers
- Private Network Hosts Accessing Private Network Servers Using the Domain Name
- Configuration Tasks
- Configuring ACL Rules
- Configuring Outbound NAT
- (Optional) Enabling NAT ALG
- (Optional) Configuring the SIP Call Bandwidth Limit on a NAT Device
- (Optional) Configuring NAT Filtering and NAT Mapping
- (Optional) Configuring Twice NAT
- (Optional) Configuring NAT Log Output
- (Optional) Configuring the Aging Time of NAT Mapping Entries
- Configuring Static Address Mapping
- (Optional) Configuring DNS Mapping
- Configuring Internal NAT Server
- Clearing NAT Mapping Entries
- Monitoring NAT Mapping Entries
- Example for Configuring Dynamic NAT
- Example for Configuring Static One-to-One NAT
- Example for Configuring an Internal NAT Server
- Example for Configuring Twice NAT
- Example for Configuring NAT
- Example for Configuring PPPoE Dialup Access in Easy IP Mode
- Example for Configuring the SIP Call Bandwidth Limit on a NAT Device
- Intranet users Fail to Access Public Networks
- External Hosts Fail to Access Internal Servers
- Internal Hosts with an Overlapped IP Address Fail to Access External Servers
- UDP Helper Overview
- Configuring UDP Helper
- Displaying UDP Helper Statistics
- Clearing UDP Helper Statistics
- Example for Configuring UDP Helper
- IP Performance Overview
- Configuring Source IP Addresses Verification
- Configuring an Outbound Interface to Fragment IP Packets
- Configuring Virtual Fragment Reassembly of IP Packets
- Configuring Unequal Cost Multiple Path
- Configuring the Device to Process IP Packets with Options
- Configuring an Interface to Forward Directed Broadcast Packets
- Configuring the Enhanced Forwarding Function for Control Packets Generated by the Device
- Configure Routing Forwarding for Broadcast Packets
- Configuring ICMP properties
- Configuring TCP Properties
- Clearing IP Performance Statistics
- IPv6 Overview
- IPv6 Addresses
- IPv6 Packet Format
- Neighbor Discovery
- Configuring Global Unicast Addresses for Interfaces
- Configuring Link-local Addresses for Interfaces
- Configuring Anycast Addresses for Interfaces
- Configuring ICMPv6 Packet Control
- Configuring Static Neighbors
- Configuring Neighbor Discovery
- Configuring Static PMTU
- Setting the Aging Time of Dynamic PMTU
- Setting TCP6 Timers
- Setting the TCP6 Sliding Window Size
- Setting the MSS Value for a TCP6 Connection
- Configuring the Enhanced Forwarding Function for IPv6 Control Packets Generated by the Device
- Clearing IPv6 Statistics
- Monitoring IPv6 Running Status
- Example for Configuring Basic IPv6 Functions
- DHCPv6 Overview
- DHCPv6 Packets
- DHCPv6 Working Principles
- Working Principle of DHCPv6 PD
- Working Principle of the DHCPv6 Relay Agent
- IPv6 Address/Prefix Allocation and Lease Updating
- Typical Networking of the DHCPv6 Server
- Typical Networking of the DHCPv6 PD Server
- Typical Networking of the DHCPv6 Relay Agent
- Typical Networking of the DHCPv6 Client
- Typical Networking of the DHCPv6 PD Client
- Configuring the DHCPv6 DUID
- Configuring an IPv6 Address Pool
- (Optional) Configuring Network Server Addresses for the IPv6 Address Pool
- (Optional) Configuring the Options of an IPv6 Address Pool
- (Optional) Configuring the DHCPv6 Data Saving Function
- Enabling the DHCPv6 Server Function
- (Optional) Configuring the DHCPv6 Message Rate Limit and Alarm Function of DHCPv6 Messages Discarded
- Configuring an IPv6 PD Address Pool
- Enabling the DHCPv6 PD Server Function
- Configuring the DHCPv6 Relay Function
- (Optional) Configuring DHCPv6 Relay Options
- Enabling the DHCPv6 Client Function
- Enabling the DHCPv6 PD Client Function
- Monitoring DHCPv6 Operation
- Clearing DHCPv6 Packet Statistics
- Resetting the Status of the IPv6 Address Pool
- Example for Configuring a DHCPv6 Server
- Example for Configuring a DHCPv6 PD Server
- Example for Configuring a DHCPv6 Relay to Assign IPv6 Addresses to the Clients in One Network Segment Connected to the Relay
- Example for Configuring a DHCPv6 Relay to Assign IPv6 Addresses to the Clients in Multiple Network Segments Connected to the Relay
- Example for Configuring a DHCPv6 PD Client
- Example for Configuring a DHCPv6 Client
- IPv6 DNS Overview
- Configuring the IPv6 Static Domain Name Resolution
- Configuring the IPv6 Dynamic Domain Name Resolution
- Configuring the DNS Server Address
- (Optional) Configuring Static DNSv6 Entries
- (Optional) Configuring IPv6 DNS Spoofing
- Clearing IPv6 DNS dynamic Entries
- Clearing IPv6 DNS Forwarding Entries
- Clearing Statistics on Sent and Received IPv6 DNS Packets
- Monitoring the Running Status of IPv6 DNS
- Example for Configuring IPv6 DNS
- Example for Configuring IPv6 DNS Proxy
- IPv6 over IPv4 Tunnel Overview
- Dual Protocol Stack
- IPv6 over IPv4 Tunnel
- Enabling IPv6 Packet Forwarding
- Configuring an IPv4 Address and an IPv6 Address for Respective Interfaces
- Configuring a Manual IPv6 over IPv4 Tunnel
- Configuring an Automatic IPv6 over IPv4 Tunnel
- Configuring a 6to4 Tunnel
- Configuring an ISATAP Tunnel
- Monitoring the Running Status of the IPv6 over IPv4 Tunnel
- Example for Configuring a Manual IPv6 over IPv4 Tunnel
- Example for Configuring an IPv6 over IPv4 GRE Tunnel
- Example for Configuring an Automatic IPv6 over IPv4 Tunnel
- Example for Configuring 6to4 Relay
- Example for Configuring an ISATAP Tunnel
- IPv4 over IPv6 Tunnel Overview
- Configuring a Tunnel Interface
- Configuring a Tunnel Route
- Performing Other IPv4 over IPv6 Tunnel Configurations
- Monitoring the Running Status of the IPv4 over IPv6 Tunnel
- Example for Configuring an IPv4 over IPv6 Tunnel
DHCP servers can allocate IP addresses to DHCP and BOOTP clients.
Creating an Address Pool
Enabling the dhcp server function, (optional) configuring the range of ip addresses that cannot be automatically allocated to clients from an address pool, (optional) configuring a dhcp server to allocate fixed ip addresses to specified clients, (optional) configuring an address lease time, (optional) configuring the logging function during ip address allocation, (optional) configuring ip address conflict detection before a dhcp server allocates ip addresses, (optional) configuring a dhcp server to automatically save ip address allocation information, (optional) associating an ip address pool with nqa.
Address pools allow DHCP servers to allocate network parameters including IP addresses to clients. You can specify network parameters in an address pool, including an IP address range, gateway address, and the IP address of a DNS server.
Address pools are classified into interface address pools and global address pools.
- Interface address pool: After an IP address is configured for an interface on a DHCP server, you can create an address pool on the same network segment as this interface. Addresses in the address pool can be allocated only to clients connected to the interface. The interface address pool can allocate IP addresses to clients on the same network segment as the DHCP server. When no DHCP relay agent is deployed. A DHCP server allocates IP addresses to clients connected to one interface or allocates IP addresses on different network segments to clients connected to multiple interfaces.
- The DHCP server and clients are not on the same network segment, and a DHCP relay agent is deployed.
- The DHCP server and clients are on the same network segment, and the DHCP server needs to allocate an IP address to a client connected to one interface or allocate IP addresses to clients connected to multiple interfaces.
Configuring interface address pools is recommended for scenarios where a DHCP server and clients reside on the same network segment.
- When no DHCP relay agent is deployed, the DHCP server selects the address pool on the same network segment as the IP address of the interface receiving DHCP Request messages.
- When DHCP relay agents are deployed, the DHCP server selects the address pool on the same network segment as the IP address specified in the Giaddr field of received DHCP Request messages.
The system view is displayed.
The DHCP server is enabled to respond to BOOTP requests.
By default, a DHCP server responds to a BOOTP request.
The DHCP server is enabled to dynamically allocate IP addresses to BOOTP clients.
By default, a DHCP server does not dynamically allocate IP addresses to BOOTP clients.
In addition to dynamically allocating IP addresses to BOOTP clients, the device functioning as the DHCP server can allocate IP addresses to the BOOTP clients in static binding mode using the dhcp server static-bind ip-address ip-address mac-address mac-address command.
The interface view or sub-interface view is displayed.
An IP address is configured for the interface.
The IP address segment of the interface is the interface address pool.
A global address pool is created and the global address pool view is displayed.
By default, no global address pool is created on the device.
The range of IP addresses that can be dynamically allocated from the global address pool is specified.
By default, the range of IP addresses that can be allocated dynamically to clients is not specified.
An address pool can be configured with only one IP address segment. The IP address range is determined by the mask length.
When specifying the IP address range, ensure that IP addresses within the range are on the same network segment as the interface IP address of the DHCP server or DHCP relay agent to avoid incorrect IP address allocation.
A VPN instance is configured for the address pool.
By default, no VPN instance is configured for an address pool.
In most cases, an address pool allocates IP addresses to clients on only one network segment to prevent IP address conflicts. In a BGP/MPLS IP VPN scenario, different VPNs use IP addresses on the same network segment. If clients in different VPNs apply to the same DHCP server for IP addresses, perform this step to use the same address pool to allocate IP addresses on the same network segment to the clients.
Only the S5720HI and S5720EI support this step. Only the S5320EI supports this step. Only the S5720HI, S5720EI, S5720SI, S5720S-SI and S6720EI support this step. Only the S5320EI, S5320SI and S6320EI support this step.
After the DHCP server function is enabled on an interface, the DHCP function can allocate network parameters including IP addresses to clients.
The interface is enabled to use the interface address pool to provide the DHCP server function.
By default, an interface does not use the interface address pool to provide the DHCP server function.
An interface address pool is actually the network segment where the interface IP address resides, and such an interface address pool applies only to this interface.
If the device functioning as the DHCP server provides the DHCP service for clients connected to multiple interfaces, repeat this step to enable the DHCP server function on all the interfaces.
The primary and secondary interface IP addresses are configured.
When a client on the interface applies for an IP address after the interface IP addresses are configured:
The device can select the global address pool based on the primary and secondary interface IP addresses only when the DHCP client and server are located in the same network segment.
- If the device and client are located in different network segments (that is, a relay exists), the DHCP server parses the IP address specified by the giaddr field in the received DHCP request packet and selects the address pool in the same network segment as this IP address to assign an IP address to the client. If no address pool matches the parsed IP address, the client cannot obtain an IP address.
The interface is enabled to use the global address pool to provide the DHCP server function.
By default, an interface does not use the global address pool to provide the DHCP server function.
Clients connected to the interface can obtain network parameters including IP addresses from the global interface pool.
This step is optional if a DHCP relay agent exists between the device and clients; this step is mandatory if no relay agent exists.
Follow-up Procedure
A DHCP client sends a DHCP Discover message in broadcast mode. When multiple DHCP servers including bogus DHCP servers exist on a network segment, the DHCP client accepts only the first received DHCP Offer message and therefore may obtain an unexpected IP address from a bogus DHCP server. To ensure that a client obtains an IP address from the correct DHCP server, configure DHCP snooping on the client. For detailed configuration of DHCP snooping, see DHCP Snooping Configuration in Huawei AR Series IOT Gateway Configuration Guide - Security .
Some servers and clients may use specific IP addresses in an address pool, so that the DHCP server does not automatically allocate these IP addresses to other clients. For example, in an enterprise, a DHCP server allocates IP addresses on the network segment 192.168.1.0/24 to employee PCs. On this network segment, 192.168.1.1 is used as the gateway IP address, and 192.168.1.10 is used as the DNS server IP address. The DNS server IP address is manually configured to ensure stability, and other hosts obtain IP addresses using DHCP. Therefore, 192.168.1.10 must be excluded from the range of IP addresses that can be automatically allocated.
A DHCP server automatically excludes a gateway address configured using the gateway-list command and the IP addresses of interfaces that connect a DHCP server to clients. The DHCP server automatically adds these addresses to the list of IP addresses that cannot be automatically allocated.
The range of IP addresses that are not automatically allocated from the address pool is configured.
By default, all IP addresses are automatically allocated from the address pool.
To set multiple IP address ranges that cannot be automatically allocated from the address pool, run this command multiple times.
The global address pool view is displayed.
A DHCP server leases IP addresses to clients. When the lease expires, the clients must apply for new IP addresses. To ensure stability, certain clients require fixed IP addresses. In this case, configure the DHCP server to allocate fixed IP addresses to these clients. The MAC addresses of these clients are then bound to fixed IP addresses. When such a client applies to the DHCP server for an IP address, the DHCP server searches the binding entries for the MAC address of the client and allocates the matched IP address to the client. DHCP static allocation prevents manual configuration errors and facilitates unified management.
Before performing this configuration task, ensure that the IP addresses for static allocation have not been allocated. (To check related information, run the display ip pool { interface interface-pool-name | name ip-pool-name } used command.) If such an IP address has been allocated, use another IP address or release the allocated address using the reset ip pool { interface pool-name | name ip-pool-name } start-ip-address [ end-ip-address ] command and perform the binding again.
The DHCP server is configured to allocate fixed IP addresses to specified clients.
By default, a DHCP server does not allocate fixed IP addresses to specified clients.
The fixed IP addresses to be allocated must be within the range of IP addresses that can be dynamically allocated from the interface address pool.
The fixed IP addresses to be allocated must be within the range of IP addresses that can be dynamically allocated from the global address pool.
This task does not take effect for BOOTP clients.
Except for allocating fixed IP addresses to specified clients , a DHCP server can dynamically allocate IP addresses with leases to clients in scenarios where hosts temporarily access the network and the number of idle IP addresses is less than the total number of hosts.
- In locations where clients often move, for example, in cafes, airports, and hotels, plan a short-term lease to ensure that IP addresses are released quickly after the clients go offline.
- In locations where clients seldom move, for example, in office areas of an enterprise, plan a long-term lease to prevent services from being affected by frequent address renewals.
Different address pools on a DHCP server can be configured with different IP address leases, but the IP addresses in the same address pool must be configured with the same lease.
An IP address lease is set.
By default, the IP address lease is one day.
When the DHCP server allocates IP addresses to clients, it records address allocation information to facilitate routine maintenance and fault location. After the logging function during IP address allocation of the DHCP server is configured, the DHCP server records logs about address allocation, conflict, lease renewal, and release.
If a large number of DHCP clients request for IP addresses after the logging function during IP address allocation of the DHCP server is configured, the server frequently records logs and therefore the device performance may be affected.
The logging function during IP address allocation of the DHCP server is enabled.
By default, the logging function during IP address allocation of the DHCP server is disabled.
The global address pool is created and the global address pool view is displayed.
Run the display ip pool command to view the status of the logging function during IP address allocation of the DHCP server.
Configure the information center to display the IP address allocation logs recorded by the DHCP server on user terminals or log hosts or generate them in log files. For details on how to configure the information center, see Configuring Log Output in Huawei AR Series IOT Gateway Configuration Guide - Device Management - Information Center Configuration .
A DHCP server configured with IP address conflict detection checks whether an IP address to be allocated to a client conflicts with other IP addresses.
- If the DHCP server receives no ICMP Echo Reply packet within the detection period (number of detection times x maximum waiting period), this IP address is not used by any client, and the DHCP server allocates the IP address to the client by sending a DHCP Offer message to the client.
- If the DHCP server receives an ICMP Echo Reply packet within the detection period (number of detection times x maximum waiting period), this IP address is being used by a client, and the DHCP server lists this IP address as a conflicting IP address and waits for the next DHCP Discover message.
This configuration task takes effect for both the interface and global address pools.
If the detection period is too long, clients may fail to obtain IP addresses. Set the detection period to less than 8 seconds.
The number of times that the device detects IP address conflicts before allocating IP addresses is set.
By default, the device does not detect IP address conflicts before allocating IP addresses.
The maximum wait time for each conflict detection is set.
By default, the maximum wait time for each conflict detection is 500 milliseconds.
If a DHCP server is restarted upon an upgrade or is faulty, IP address allocation information on the DHCP server is lost. After the restart, the DHCP server must re-allocate IP addresses. To prevent data loss and to support data recovery upon a restart, configure a DHCP server to automatically save IP address allocation information, including address leases and conflicting IP addresses, in files. When the DHCP server restarts, it can recover the data from the files.
The DHCP server is enabled to automatically save IP address allocation information.
By default, a DHCP server does not periodically save IP address allocation information.
After this function is enabled, the DHCP server generates lease.txt and conflict.txt files in the DHCP folder in storage. The lease.txt file stores lease information, and the conflict.txt file stores conflicting IP addresses. To view information about the DHCP database, run the display dhcp server database command.
The interval at which the DHCP server saves IP address allocation information is set.
By default, IP address allocation information is saved every 300 seconds in data files. The new data files overwrite the earlier data files.
The DHCP server is enabled to recover IP address allocation information.
After this command is run, the DHCP server can recover IP address allocation information from the data files in storage.
As shown in Figure 3-14 and Figure 3-15 , the router functions as the backup DHCP server. You can associate the IP address pool on the router with NQA test instances to check the DHCP server status (including the link and DHCP server function). This can improve network reliability. When the DHCP server is working properly, the IP address pool on the router is locked, and PC1 and PC2 obtain IP addresses through the DHCP server. When NQA detects that the DHCP server is faulty, the IP address pool on the router is unlocked and assigns an IP address to PC3 that is newly online. When NQA detects that the DHCP server fault is rectified, the IP address pool on the router is locked again, and PC4 that is newly online obtains an IP address through the DHCP server.
This function is configured only for a global address pool.
When the DHCP server is faulty, PC3 obtains an IP address from the router; when the DHCP server is recovered, the DHCP function is switched back to the DHCP server. At this time, if the IP address lease of PC3 has expired, the lease renewal will fail. After PC3 goes offline temporarily, it re-obtains an IP address from the DHCP server. In addition, the two IP addresses obtained by PC3 are different because the IP address pools on the DHCP server and router have different address ranges.
An IP address pool can be associated with NQA test instances of the DHCP and ICMP types. NQA test instances of the DHCP type are used to test whether the DHCP server function is normal; those of the ICMP type are used to test whether routes to the DHCP server are reachable. When the device uses NQA test instances of the ICMP type, it cannot detect the status of the DHCP server function. Therefore, the device cannot detect the situation in which the route is reachable but the DHCP server function is unavailable, and users cannot go online.
An NQA test instance is created and the test instance view is displayed.
By default, no NQA test instance is configured.
The NQA test instance type is set to DHCP.
By default, no test type is configured for an NQA test instance.
The source interface is specified to send DHCP packets.
By default, no source interface is configured for an NQA test instance.
The automatic test interval is set for the NQA test instance.
By default, no automatic test interval is set. The system performs the test only once.
The NQA test instance is started.
An NQA test instance can be started immediately, at a specified time, or after a specified delay.
Run the start now [ end { at [ yyyy / mm / dd ] hh : mm : ss | delay { seconds second | hh : mm : ss } | lifetime { seconds second | hh : mm : ss } } ] command to start the test instance immediately.
Run the start at [ yyyy / mm / dd ] hh : mm : ss [ end { at [ yyyy / mm / dd ] hh : mm : ss | delay { seconds second | hh : mm : ss } | lifetime { seconds second | hh : mm : ss } } ] command to start the test instance at a specified time.
Run the start delay { seconds second | hh : mm : ss } [ end { at [ yyyy / mm / dd ] hh : mm : ss | delay { seconds second | hh : mm : ss } | lifetime { seconds second | hh : mm : ss } } ] command to start the test instance after a specified delay.
Exit from the NQA test instance view.
Before using the test instance of the DHCP type, ensure that the DHCP server provides the address pool for the network segment of the source interface (specified running the source-interface interface-type interface-number command). You can use the source interface to simulate a DHCP client to send a DHCP request, and determine the DHCP server status depending on whether an IP address can be obtained.
The test type is set to ICMP.
The destination address is configured.
By default, no test destination address is configured.
- To persistently detect the DHCP server status, you need to perform periodical test for NQA test instances. Therefore, run the frequency interval command to set the automatic test interval for NQA test instances.
- This section only mentions basic configuration parameters of the DHCP and ICMP NQA test instances. For details on how to configure other parameters, see Configuring DHCP Test and Configuring ICMP Test in the Huawei AR Series IOT Gateway Configuration Guide-Network Management and Monitoring-Configuring the NQA .
The IP addresses that are not automatically allocated in the address pool are configured.
By default, all IP addresses in an address pool can be automatically allocated to clients.
The IP addresses assigned by the backup DHCP server cannot overlap with those assigned by the DHCP server, which prevents repeated assignment of an IP address. Therefore, you need to run the excluded-ip-address start-ip-address [ end-ip-address ] command to exclude the IP addresses that are repeated with those of the remote DHCP service.
The IP address pool is associated with the NQA test instance. The device determines whether to lock the address pool according to the test result of the NQA test instance.
When the NQA test instance type is not DHCP and ICMP, the association between the IP address pool and NQA do not take effect. In this case, the IP address pool is locked.
Document ID: EDOC1000097281
Views: 300025
Downloads: 138
Related Version
Related documents.
- About Huawei Enterprise
- Get Pricing
- Find a Reseller
- Become Partner
- Find a Partner
- Case Studies
- Resource Center
- Video Library
- ICT Insights
Quick Links
- Huawei Digital Power
Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
- Terms of use
- Skip to content
- Skip to search
- Skip to footer
IP Addressing: DHCP Configuration Guide, Cisco IOS Release 15M&T
Bias-free language.
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
DHCP Overview
- Configuring the Cisco IOS DHCP Server
- Configuring the DHCP Server On-Demand Address Pool Manager
- Configuring the Cisco IOS DHCP Relay Agent
- DHCP Client
- Configuring DHCP Services for Accounting and Security
- Configuring DHCP Enhancements for Edge-Session Management
- DHCP: Automatic IPv4 Address Pool Assignment for DMVPN Spokes
- DHCPv6 Prefix Delegation Using AAA
- DHCPv6 Server Stateless Autoconfiguration
- DHCPv6 Relay and Server - MPLS VPN Support
- IPv6 Access Services: DHCPv6 Relay Agent
- IPv6 Access Services: Stateless DHCPv6
- DHCPv6 Server Timer Options
- IPv6 Access Services: DHCPv6 Prefix Delegation
Chapter: DHCP Overview
Information about dhcp, benefits of using cisco ios dhcp, dhcp server relay agent and client operation, dhcp database, dhcp attribute inheritance, dhcp options and suboptions, dhcp server on-demand address pool management overview, dhcp services for accounting and security overview, additional references.
The Dynamic Host Configuration Protocol (DHCP) is based on the Bootstrap Protocol (BOOTP), which provides the framework for passing configuration information to hosts on a TCP/IP network. DHCP adds the capability to automatically allocate reusable network addresses and configuration options to Internet hosts. DHCP consists of two components: a protocol for delivering host-specific configuration parameters from a DHCP server to a host and a mechanism for allocating network addresses to hosts. DHCP is built on a client/server model, where designated DHCP server hosts allocate network addresses and deliver configuration parameters to dynamically configured hosts.
This module describes the concepts needed to understand Cisco IOS XE DHCP.
Cisco routers running Cisco IOS XE software include Dynamic Host Control Protocol (DHCP) server and relay agent software. The Cisco IOS XE DHCP server is a full DHCP server implementation that assigns and manages IP addresses from specified address pools within the router to DHCP clients. These address pools can also be configured to supply additional information to the requesting client such as the IP address of the DNS server, the default router, and other configuration parameters. If the Cisco IOS XE DHCP server cannot satisfy a DHCP request from its own database, it can forward the request to one or more secondary DHCP servers defined by the network administrator.
DHCP supports three mechanisms for IP address allocation:
Automatic allocation—DHCP assigns a permanent IP address to a client.
Dynamic allocation—DHCP assigns an IP address to a client for a limited period of time, which is called a lease (or until the client explicitly relinquishes the address). DHCP also supports on-demand address pools (ODAPs), which is a feature in which pools of IP addresses can be dynamically increased or reduced in size depending on the address utilization level. ODAPs support address assignment for customers using private addresses.
Manual allocation—The network administrator assigns an IP address to a client and DHCP is used simply to convey the assigned address to the client.
The format of DHCP messages is based on the format of BOOTP messages, which ensures support for BOOTP relay agent functionality and interoperability between BOOTP clients and DHCP servers. BOOTP relay agents eliminate the need for deploying a DHCP server on each physical network segment. BOOTP is explained in RFC 951, Bootstrap Protocol (BOOTP) , and RFC 1542, Clarifications and Extensions for the Bootstrap Protocol .
The main advantage of DHCP compared to BOOTP is that DHCP does not require that the DHCP server be configured with all MAC addresses of all clients. DHCP defines a process by which the DHCP server knows the IP subnet in which the DHCP client resides, and it can assign an IP address from a pool of valid IP addresses in that subnet. Most of the other information that DHCP might supply, such as the default router IP address, is the same for all hosts in the subnet so DHCP servers can usually configure information per subnet rather than per host. This functionality reduces network administration tasks compared to BOOTP.
The Cisco IOS DHCP implementation offers the following benefits:
Reduced Internet access costs
Using automatic IP address assignment at each remote site substantially reduces Internet access costs. Static IP addresses are considerably more expensive to purchase than are automatically allocated IP addresses.
Reduced client configuration tasks and costs
Because DHCP is easy to configure, it minimizes operational overhead and costs associated with device configuration tasks and eases deployment by nontechnical users.
Centralized management
Because the DHCP server maintains configurations for several subnets, an administrator only needs to update a single, central server when configuration parameters change.
Dynamic Host Control Protocol (DHCP) provides a framework for passing configuration information dynamically to hosts on a TCP/IP network. A DHCP client is a host that uses DHCP to obtain configuration parameters such as an IP address.
A DHCP relay agent is any host that forwards DHCP packets between clients and servers. Relay agents are used to forward requests and replies between clients and servers when they are not on the same physical subnet. Relay agent forwarding is distinct from the normal forwarding of an IP router, where IP datagrams are switched between networks somewhat transparently. By contrast, relay agents receive DHCP messages and then generate a new DHCP message to send on another interface.
The figure below shows the basic steps that occur when a DHCP client requests an IP address from a DHCP server. The client, Host A, sends a DHCPDISCOVER broadcast message to locate a DHCP server. A relay agent forwards the packets between the DHCP client and server. A DHCP server offers configuration parameters (such as an IP address, a MAC address, a domain name, and a lease for the IP address) to the client in a DHCPOFFER unicast message.
A DHCP client may receive offers from multiple DHCP servers and can accept any one of the offers; however, the client usually accepts the first offer it receives. Additionally, the offer from the DHCP server is not a guarantee that the IP address will be allocated to the client; however, the server usually reserves the address until the client has had a chance to formally request the address.
The client returns a formal request for the offered IP address to the DHCP server in a DHCPREQUEST broadcast message. The DHCP server confirms that the IP address has been allocated to the client by returning a DHCPACK unicast message to the client.
The formal request for the offered IP address (the DHCPREQUEST message) that is sent by the client is broadcast so that all other DHCP servers that received the DHCPDISCOVER broadcast message from the client can reclaim the IP addresses that they offered to the client.
If the configuration parameters sent to the client in the DHCPOFFER unicast message by the DHCP server are invalid (a misconfiguration error exists), the client returns a DHCPDECLINE broadcast message to the DHCP server.
The DHCP server will send to the client a DHCPNAK denial broadcast message, which means the offered configuration parameters have not been assigned, if an error has occurred during the negotiation of the parameters or the client has been slow in responding to the DHCPOFFER message (the DHCP server assigned the parameters to another client) of the DHCP server.
DHCP address pools are stored in non-volatile RAM (NVRAM). There is no limit on the number of address pools. An address binding is the mapping between the client’s IP and hardware addresses. The client’s IP address can be configured by the administrator (manual address allocation) or assigned from a pool by the DHCP server.
Manual bindings are stored in NVRAM. Manual bindings are just special address pools configured by a network administrator. There is no limit on the number of manual bindings.
Automatic bindings are IP addresses that have been automatically mapped to the MAC addresses of hosts that are found in the DHCP database. Automatic bindings are stored on a remote host called the database agent. A DHCP database agent is any host--for example, an FTP, TFTP, or RCP server--that stores the DHCP bindings database.The bindings are saved as text records for easy maintenance.
You can configure multiple DHCP database agents and you can configure the interval between database updates and transfers for each agent.
The DHCP server database is organized as a tree. The root of the tree is the address pool for natural networks, branches are subnetwork address pools, and leaves are manual bindings to clients. Subnetworks inherit network parameters and clients inherit subnetwork parameters. Therefore, common parameters (for example, the domain name) should be configured at the highest (network or subnetwork) level of the tree.
Inherited parameters can be overridden. For example, if a parameter is defined in both the natural network and a subnetwork, the definition of the subnetwork is used.
Address leases are not inherited. If a lease is not specified for an IP address, by default, the DHCP server assigns a one-day lease for the address.
Configuration parameters and other control information are carried in tagged data items that are stored in the options field of the DHCP message. Options provide a method of appending additional information. Vendors that want to provide additional information to their client not designed into the protocol can use options.
The Cisco IOS XE DHCP implementation also allows most DHCP server options to be customized. For example, the TFTP server, which stores the Cisco IOS XE image, can be customized with option 150 to support intelligent IP phones.
Virtual Private Networks (VPNs) allow the possibility that two pools in separate networks can have the same address space, with private network addresses, served by the same DHCP server. Cisco IOS XE software supports VPN-related options and suboptions such as the relay agent information option and VPN identification suboption. A relay agent can recognize these VPN-related options and suboptions and forward the client-originated DHCP packets to a DHCP server. The DHCP server can use this information to assign IP addresses and other parameters, distinguished by a VPN identifier, to help select the VPN to which the client belongs.
For more information on DHCP options and suboptions, see the “DHCP Options Reference” appendix in the Network Registrar User’s Guide , Release 6.3.
During lease negotiation, the DHCP server sends the options shown in the table below to the client.
The Cisco IOS DHCP server on-demand address pool (ODAP) manager is used to centralize the management of large pools of addresses and simplify the configuration of large networks. ODAP provides a central management point for the allocation and assignment of IP addresses. When a router is configured as an ODAP manager, pools of IP addresses are dynamically increased or reduced in size depending on the address utilization level.
ODAPs support address assignment using DHCP for customers using private addresses. Each ODAP is configured and associated with a particular Multiprotocol Label Switching (MPLS) VPN. Cisco IOS software also provides ODAP support for non-MPLS VPN address pools by adding pool name support to the peer default ip address dhcp-pool pool name command.
DHCP server subnet allocation is a way of offering entire subnets (ranges of addresses) to relay agents so that remote access devices can provision IP addresses to DHCP clients. This functionality can occur along with or instead of managing individual client addresses. Subnet allocation can improve IP address provisioning, aggregation, characterization, and distribution by relying on the DHCP infrastructure to dynamically manage subnets.
This capability allows the DHCP server to be configured with a pool of subnets for lease to ODAP clients. Subnet pools can be configured for global ODAP clients or MPLS VPN ODAP clients on a per-client basis. The DHCP subnet allocation server creates bindings for the subnet leases and stores these leases in the DHCP database.
Cisco IOS software supports several new capabilities that enhance DHCP accounting, reliability, and security in Public Wireless LANs (PWLANs). This functionality can also be used in other network implementations.
DHCP accounting provides authentication, authorization, and accounting (AAA) and Remote Authentication Dial-In User Service (RADIUS) support for DHCP. The AAA and RADIUS support improves security by sending secure START and STOP accounting messages. The configuration of DHCP accounting adds a layer of security that allows DHCP lease assignment and termination to be triggered for the appropriate RADIUS START and STOP accounting records so that the session state is properly maintained by upstream devices such as a Service Selection Gateway (SSG). This additional security can help to prevent unauthorized clients or hackers from gaining illegal entry to the network by spoofing authorized DHCP leases.
Three other features have been designed and implemented to address the security concerns in PWLANs. The first feature secures ARP table entries to DHCP leases in the DHCP database. The secure ARP functionality prevents IP spoofing by synchronizing the database of the DHCP server with the ARP table to avoid address hijacking. Secure ARP adds an entry to the ARP table for a client when an address is allocated that can be deleted by the DHCP server only when a binding expires.
The second feature is DHCP authorized ARP. This functionality provides a complete solution by addressing the need for DHCP to explicitly know when a user logs out. Before the introduction of DHCP authorized ARP, there was no mechanism to inform the DHCP server if a user had left the system ungracefully, which could result in excessive billing for a customer that had logged out but the system had not detected the log out. To prevent this problem, DHCP authorized ARP sends periodic ARP messages on a per-minute basis to determine if a user is still logged in. Only authorized users can respond to the ARP request. ARP responses from unauthorized users are blocked at the DHCP server providing an extra level of security.
In addition, DHCP authorized ARP disables dynamic ARP learning on an interface. The address mapping can be installed only by the authorized component specified by the arp authorized interface configuration command. DHCP is the only authorized component currently allowed to install ARP entries.
The third feature is ARP autologoff, which adds finer control for probing when authorized users log out. The arp probe interval command specifies when to start a probe (the timeout), how frequent a peer is probed (the interval), and the maximum number of retries (the count).
Related Documents
Standards and rfcs, technical assistance.
CPE --customer premises equipment. Terminating equipment, such as terminals, telephones, and modems, supplied by the service provider, installed at customer sites, and connected to the network.
DSLAM --digital subscriber line access multiplexer. A device that connects many digital subscriber lines to a network by multiplexing the DSL traffic onto one or more network trunk lines.
ISSU --In Service Software Upgrade. ISSU is a process that allows Cisco IOS software to be updated or otherwise modified while packet forwarding continues.
ODAP --On-Demand Address Pool. ODAPs enable pools of IP addresses to be dynamically increased or reduced in size depending on the address utilization level. Once configured, the ODAP is populated with one or more subnets leased from a source server and is ready to serve address requests from DHCP clients or from PPP sessions.
RP --Route Processor. A generic term for the centralized control unit in a chassis.
SSO --Stateful Switchover. SSO refers to the implementation of Cisco IOS software that allows applications and features to maintain a defined state between an active and standby RP. When a switching occurs, forwarding and sessions are maintained. SSO makes an RP failure undetectable to the network.
Contents DHCP Overview Information About DHCP DHCP Overview Benefits of Using Cisco IOS DHCP DHCP Server Relay Agent and Client Operation DHCP Database DHCP Attribute Inheritance DHCP Options and Suboptions DHCP Server On-Demand Address Pool Management Overview DHCP Services for Accounting and Security Overview Additional References Glossary DHCP Overview The Dynamic Host Configuration Protocol (DHCP) is based on the Bootstrap Protocol (BOOTP), which provides the framework for passing configuration information to hosts on a TCP/IP network. DHCP adds the capability to automatically allocate reusable network addresses and configuration options to Internet hosts. DHCP consists of two components: a protocol for delivering host-specific configuration parameters from a DHCP server to a host and a mechanism for allocating network addresses to hosts. DHCP is built on a client/server model, where designated DHCP server hosts allocate network addresses and deliver configuration parameters to dynamically configured hosts. This module describes the concepts needed to understand Cisco IOS XE DHCP. Information About DHCP Additional References Glossary Information About DHCP DHCP Overview Benefits of Using Cisco IOS DHCP DHCP Server Relay Agent and Client Operation DHCP Database DHCP Attribute Inheritance DHCP Options and Suboptions DHCP Server On-Demand Address Pool Management Overview DHCP Services for Accounting and Security Overview DHCP Overview Cisco routers running Cisco IOS XE software include Dynamic Host Control Protocol (DHCP) server and relay agent software. The Cisco IOS XE DHCP server is a full DHCP server implementation that assigns and manages IP addresses from specified address pools within the router to DHCP clients. These address pools can also be configured to supply additional information to the requesting client such as the IP address of the DNS server, the default router, and other configuration parameters. If the Cisco IOS XE DHCP server cannot satisfy a DHCP request from its own database, it can forward the request to one or more secondary DHCP servers defined by the network administrator. DHCP supports three mechanisms for IP address allocation: Automatic allocation—DHCP assigns a permanent IP address to a client. Dynamic allocation—DHCP assigns an IP address to a client for a limited period of time, which is called a lease (or until the client explicitly relinquishes the address). DHCP also supports on-demand address pools (ODAPs), which is a feature in which pools of IP addresses can be dynamically increased or reduced in size depending on the address utilization level. ODAPs support address assignment for customers using private addresses. Manual allocation—The network administrator assigns an IP address to a client and DHCP is used simply to convey the assigned address to the client. The format of DHCP messages is based on the format of BOOTP messages, which ensures support for BOOTP relay agent functionality and interoperability between BOOTP clients and DHCP servers. BOOTP relay agents eliminate the need for deploying a DHCP server on each physical network segment. BOOTP is explained in RFC 951, Bootstrap Protocol (BOOTP) , and RFC 1542, Clarifications and Extensions for the Bootstrap Protocol . The main advantage of DHCP compared to BOOTP is that DHCP does not require that the DHCP server be configured with all MAC addresses of all clients. DHCP defines a process by which the DHCP server knows the IP subnet in which the DHCP client resides, and it can assign an IP address from a pool of valid IP addresses in that subnet. Most of the other information that DHCP might supply, such as the default router IP address, is the same for all hosts in the subnet so DHCP servers can usually configure information per subnet rather than per host. This functionality reduces network administration tasks compared to BOOTP. Benefits of Using Cisco IOS DHCP The Cisco IOS DHCP implementation offers the following benefits: Reduced Internet access costs Using automatic IP address assignment at each remote site substantially reduces Internet access costs. Static IP addresses are considerably more expensive to purchase than are automatically allocated IP addresses. Reduced client configuration tasks and costs Because DHCP is easy to configure, it minimizes operational overhead and costs associated with device configuration tasks and eases deployment by nontechnical users. Centralized management Because the DHCP server maintains configurations for several subnets, an administrator only needs to update a single, central server when configuration parameters change. DHCP Server Relay Agent and Client Operation Dynamic Host Control Protocol (DHCP) provides a framework for passing configuration information dynamically to hosts on a TCP/IP network. A DHCP client is a host that uses DHCP to obtain configuration parameters such as an IP address. A DHCP relay agent is any host that forwards DHCP packets between clients and servers. Relay agents are used to forward requests and replies between clients and servers when they are not on the same physical subnet. Relay agent forwarding is distinct from the normal forwarding of an IP router, where IP datagrams are switched between networks somewhat transparently. By contrast, relay agents receive DHCP messages and then generate a new DHCP message to send on another interface. The figure below shows the basic steps that occur when a DHCP client requests an IP address from a DHCP server. The client, Host A, sends a DHCPDISCOVER broadcast message to locate a DHCP server. A relay agent forwards the packets between the DHCP client and server. A DHCP server offers configuration parameters (such as an IP address, a MAC address, a domain name, and a lease for the IP address) to the client in a DHCPOFFER unicast message. Figure 1. DHCP Request for an IP Address from a DHCP Server A DHCP client may receive offers from multiple DHCP servers and can accept any one of the offers; however, the client usually accepts the first offer it receives. Additionally, the offer from the DHCP server is not a guarantee that the IP address will be allocated to the client; however, the server usually reserves the address until the client has had a chance to formally request the address. The client returns a formal request for the offered IP address to the DHCP server in a DHCPREQUEST broadcast message. The DHCP server confirms that the IP address has been allocated to the client by returning a DHCPACK unicast message to the client. The formal request for the offered IP address (the DHCPREQUEST message) that is sent by the client is broadcast so that all other DHCP servers that received the DHCPDISCOVER broadcast message from the client can reclaim the IP addresses that they offered to the client. If the configuration parameters sent to the client in the DHCPOFFER unicast message by the DHCP server are invalid (a misconfiguration error exists), the client returns a DHCPDECLINE broadcast message to the DHCP server. The DHCP server will send to the client a DHCPNAK denial broadcast message, which means the offered configuration parameters have not been assigned, if an error has occurred during the negotiation of the parameters or the client has been slow in responding to the DHCPOFFER message (the DHCP server assigned the parameters to another client) of the DHCP server. DHCP Database DHCP address pools are stored in non-volatile RAM (NVRAM). There is no limit on the number of address pools. An address binding is the mapping between the client’s IP and hardware addresses. The client’s IP address can be configured by the administrator (manual address allocation) or assigned from a pool by the DHCP server. Manual bindings are stored in NVRAM. Manual bindings are just special address pools configured by a network administrator. There is no limit on the number of manual bindings. Automatic bindings are IP addresses that have been automatically mapped to the MAC addresses of hosts that are found in the DHCP database. Automatic bindings are stored on a remote host called the database agent. A DHCP database agent is any host--for example, an FTP, TFTP, or RCP server--that stores the DHCP bindings database.The bindings are saved as text records for easy maintenance. You can configure multiple DHCP database agents and you can configure the interval between database updates and transfers for each agent. DHCP Attribute Inheritance The DHCP server database is organized as a tree. The root of the tree is the address pool for natural networks, branches are subnetwork address pools, and leaves are manual bindings to clients. Subnetworks inherit network parameters and clients inherit subnetwork parameters. Therefore, common parameters (for example, the domain name) should be configured at the highest (network or subnetwork) level of the tree. Inherited parameters can be overridden. For example, if a parameter is defined in both the natural network and a subnetwork, the definition of the subnetwork is used. Address leases are not inherited. If a lease is not specified for an IP address, by default, the DHCP server assigns a one-day lease for the address. DHCP Options and Suboptions Configuration parameters and other control information are carried in tagged data items that are stored in the options field of the DHCP message. Options provide a method of appending additional information. Vendors that want to provide additional information to their client not designed into the protocol can use options. The Cisco IOS XE DHCP implementation also allows most DHCP server options to be customized. For example, the TFTP server, which stores the Cisco IOS XE image, can be customized with option 150 to support intelligent IP phones. Virtual Private Networks (VPNs) allow the possibility that two pools in separate networks can have the same address space, with private network addresses, served by the same DHCP server. Cisco IOS XE software supports VPN-related options and suboptions such as the relay agent information option and VPN identification suboption. A relay agent can recognize these VPN-related options and suboptions and forward the client-originated DHCP packets to a DHCP server. The DHCP server can use this information to assign IP addresses and other parameters, distinguished by a VPN identifier, to help select the VPN to which the client belongs. For more information on DHCP options and suboptions, see the “DHCP Options Reference” appendix in the Network Registrar User’s Guide , Release 6.3. During lease negotiation, the DHCP server sends the options shown in the table below to the client. Table 1 Default DHCP Server Options DHCP Option Name DHCP Option Code Description Subnet mask option 1 Specifies the client’s subnet mask per RFC 950. Router option 3 Specifies a list of IP addresses for routers on the client’s subnet, usually listed in order of preference. Domain name server option 6 Specifies a list of DNS name servers available to the client, usually listed in order of preference. Hostname option 12 Specifies the name of the client. The name may or may not be qualified with the local domain name. Domain name option 15 Specifies the domain name that the client should use when resolving hostnames via the Domain Name System. NetBIOS over TCP/IP name server option 44 Specifies a list of RFC 1001/1002 NetBIOS name servers listed in order or preference. NetBIOS over TCP/IP node type option 46 Enables NetBIOS over TCP/IP clients that are configurable to be configured as described in RFC 1001/1002. IP address lease time option 51 Allows the client to request a lease for the IP address. DHCP message type option 53 Conveys the type of the DHCP message. Server identifier option 54 Identifies the IP address of the selected DHCP server. Renewal (T1) time option 58 Specifies the time interval from address assignment until the client transitions to the renewing state. Rebinding (T2) time option 59 Specifies the time interval from address assignment until the client transitions to the rebinding state. DHCP Server On-Demand Address Pool Management Overview The Cisco IOS DHCP server on-demand address pool (ODAP) manager is used to centralize the management of large pools of addresses and simplify the configuration of large networks. ODAP provides a central management point for the allocation and assignment of IP addresses. When a router is configured as an ODAP manager, pools of IP addresses are dynamically increased or reduced in size depending on the address utilization level. ODAPs support address assignment using DHCP for customers using private addresses. Each ODAP is configured and associated with a particular Multiprotocol Label Switching (MPLS) VPN. Cisco IOS software also provides ODAP support for non-MPLS VPN address pools by adding pool name support to the peer default ip address dhcp-pool pool name command. DHCP server subnet allocation is a way of offering entire subnets (ranges of addresses) to relay agents so that remote access devices can provision IP addresses to DHCP clients. This functionality can occur along with or instead of managing individual client addresses. Subnet allocation can improve IP address provisioning, aggregation, characterization, and distribution by relying on the DHCP infrastructure to dynamically manage subnets. This capability allows the DHCP server to be configured with a pool of subnets for lease to ODAP clients. Subnet pools can be configured for global ODAP clients or MPLS VPN ODAP clients on a per-client basis. The DHCP subnet allocation server creates bindings for the subnet leases and stores these leases in the DHCP database. DHCP Services for Accounting and Security Overview Cisco IOS software supports several new capabilities that enhance DHCP accounting, reliability, and security in Public Wireless LANs (PWLANs). This functionality can also be used in other network implementations. DHCP accounting provides authentication, authorization, and accounting (AAA) and Remote Authentication Dial-In User Service (RADIUS) support for DHCP. The AAA and RADIUS support improves security by sending secure START and STOP accounting messages. The configuration of DHCP accounting adds a layer of security that allows DHCP lease assignment and termination to be triggered for the appropriate RADIUS START and STOP accounting records so that the session state is properly maintained by upstream devices such as a Service Selection Gateway (SSG). This additional security can help to prevent unauthorized clients or hackers from gaining illegal entry to the network by spoofing authorized DHCP leases. Three other features have been designed and implemented to address the security concerns in PWLANs. The first feature secures ARP table entries to DHCP leases in the DHCP database. The secure ARP functionality prevents IP spoofing by synchronizing the database of the DHCP server with the ARP table to avoid address hijacking. Secure ARP adds an entry to the ARP table for a client when an address is allocated that can be deleted by the DHCP server only when a binding expires. The second feature is DHCP authorized ARP. This functionality provides a complete solution by addressing the need for DHCP to explicitly know when a user logs out. Before the introduction of DHCP authorized ARP, there was no mechanism to inform the DHCP server if a user had left the system ungracefully, which could result in excessive billing for a customer that had logged out but the system had not detected the log out. To prevent this problem, DHCP authorized ARP sends periodic ARP messages on a per-minute basis to determine if a user is still logged in. Only authorized users can respond to the ARP request. ARP responses from unauthorized users are blocked at the DHCP server providing an extra level of security. In addition, DHCP authorized ARP disables dynamic ARP learning on an interface. The address mapping can be installed only by the authorized component specified by the arp authorized interface configuration command. DHCP is the only authorized component currently allowed to install ARP entries. The third feature is ARP autologoff, which adds finer control for probing when authorized users log out. The arp probe interval command specifies when to start a probe (the timeout), how frequent a peer is probed (the interval), and the maximum number of retries (the count). Additional References Related Documents Related Topic Document Title Cisco IOS Commands Cisco IOS Master Command List, All Releases DHCP commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples Cisco IOS IP Addressing Services Command Reference DHCP conceptual information “DHCP Overview” module DHCP relay agent configuration “Configuring the Cisco IOS XE DHCP Relay Agent” module DHCP client configuration “Configuring the Cisco IOS XE DHCP Client” module DHCP On-Demand Address Pool Manager “Configuring the DHCP On-Demand Address Pool Manager” module Standards and RFCs Standard/RFC Title RFC 951 Bootstrap Protocol (BOOTP) RFC 1542 Clarifications and Extensions for the Bootstrap Protocol RFC 2131 Dynamic Host Configuration Protocol RFC 2132 DHCP Options and BOOTP Vendor Extensions Technical Assistance Description Link The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. http://www.cisco.com/techsupport Glossary CPE --customer premises equipment. Terminating equipment, such as terminals, telephones, and modems, supplied by the service provider, installed at customer sites, and connected to the network. DSLAM --digital subscriber line access multiplexer. A device that connects many digital subscriber lines to a network by multiplexing the DSL traffic onto one or more network trunk lines. ISSU --In Service Software Upgrade. ISSU is a process that allows Cisco IOS software to be updated or otherwise modified while packet forwarding continues. ODAP --On-Demand Address Pool. ODAPs enable pools of IP addresses to be dynamically increased or reduced in size depending on the address utilization level. Once configured, the ODAP is populated with one or more subnets leased from a source server and is ready to serve address requests from DHCP clients or from PPP sessions. RP --Route Processor. A generic term for the centralized control unit in a chassis. SSO --Stateful Switchover. SSO refers to the implementation of Cisco IOS software that allows applications and features to maintain a defined state between an active and standby RP. When a switching occurs, forwarding and sessions are maintained. SSO makes an RP failure undetectable to the network.
Was this Document Helpful?
Contact Cisco
- (Requires a Cisco Service Contract )
DHCPRequest
DHCP in action
*Mar 1 00:05:03.927: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d 63.3430.312e.3033.6363.2e30.3030.302d.4661.302f.30 on interface FastEthernet0/0.
*Mar 1 00:05:03.931: DHCPD: Allocate an address without class information (10.0.0.0)
*Mar 1 00:05:05.931: DHCPD: Sending DHCPOFFER to client 0063.6973.636f.2d63.3430.312e.3033.6363.2e30.3030.302d.4661.302f.30 (10.0.0.2).
*Mar 1 00:05:05.931: DHCPD: broadcasting BOOTREPLY to client c401.03cc.0000.
*Mar 1 00:05:05.935: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d63.3430.312e.3033.6363.2e30.3030.302d.4661.302f.30 on interface FastEthernet0/0.
*Mar 1 00:05:05.935: DHCPD: Sending DHCPOFFER to client 0063.6973.636f.2d63.3430.312e.3033.6363.2e30.3030.302d.4661.302f.30 (10.0.0.2).
*Mar 1 00:05:05.939: DHCPD: broadcasting BOOTREPLY to client c401.03cc.0000.
*Mar 1 00:05:06.215: DHCPD: DHCPREQUEST received from client 0063.6973.636f.2d63.3430.312e.3033.6363.2e30.3030.302d.4661.302f.30.
*Mar 1 00:05:06.219: DHCPD: No default domain to append - abort update
*Mar 1 00:05:06.219: DHCPD: Sending DHCPACK to client 0063.6973.636f.2d63.3430.312e.3033.6363.2e30.3030.302d.4661.302f.30 (10.0.0.2).
*Mar 1 00:05:06.219: DHCPD: broadcasting BOOTREPLY to client c401.03cc.0000.
- Dynamic Host Configuration Protocol, http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol
- Cisco IOS DHCP Server, http://www.cisco.com/en/US/docs/ios/12_0t/12_0t1/feature/guide/Easyip2.html
- The Bryant Advantage, http://www.thebryantadvantage.com/CCNACCNPCertificationDHCP.htm
Sign in | Recent Site Activity | Report Abuse | Print Page | Powered By Google Sites
- Network Infrastructure
DHCP (Dynamic Host Configuration Protocol)
- Alexander S. Gillis, Technical Writer and Editor
What is DHCP (Dynamic Host Configuration Protocol)?
DHCP (Dynamic Host Configuration Protocol) is a network management protocol used to dynamically assign an IP address to any device, or node , on a network so it can communicate using IP. DHCP automates and centrally manages these configurations rather than requiring network administrators to manually assign IP addresses to all network devices. DHCP can be implemented on small local networks, as well as large enterprise networks.
DHCP assigns new IP addresses in each location when devices are moved from place to place, which means network administrators do not have to manually configure each device with a valid IP address or reconfigure the device with a new IP address if it moves to a new location on the network.
Versions of DHCP are available for use in IP version 4 ( IPv4 ) and IP version 6 ( IPv6 ). IPv6 became an industry standard in 2017 -- nearly 20 years after its specifications were first published. While the adoption rate of IPv6 was slow, more than 29% of Google users were making inquiries using IPv6 by July 2019.
How DHCP works
DHCP runs at the application layer of the TCP/IP stack. It dynamically assigns IP addresses to DHCP clients and allocates TCP/IP configuration information to DHCP clients. This information includes subnet mask information, default gateway IP addresses and domain name system ( DNS ) addresses.
DHCP is a client-server protocol in which servers manage a pool of unique IP addresses, as well as information about client configuration parameters. The servers then assign addresses out of those address pools. DHCP-enabled clients send a request to the DHCP server whenever they connect to a network.
Clients configured with DHCP broadcast a request to the DHCP server and request network configuration information for the local network to which they're attached. A client typically broadcasts a query for this information immediately after booting up. The DHCP server responds to the client request by providing IP configuration information previously specified by a network administrator. This includes a specific IP address, as well as a time period -- also called a lease -- for which the allocation is valid.
When refreshing an address assignment, a DHCP client requests the same parameters, but the DHCP server may assign a new IP address based on policies set by administrators. DHCP clients can also be configured on an Ethernet interface.
A DHCP server manages a record of all the IP addresses it allocates to network nodes. If a node is relocated in the network, the server identifies it using its media access control ( MAC ) address, which prevents the accidental configuration of multiple devices with the same IP address. Configuring a DHCP server also requires the creation of a configuration file, which stores network information for clients.
DHCP is not a routable protocol, nor is it a secure one. DHCP is limited to a specific local area network , which means a single DHCP server per LAN is adequate -- or two servers for use in case of a failover. Larger networks might have a wide area network ( WAN ) that contains multiple individual locations. Depending on the connections between these points and the number of clients in each location, multiple DHCP servers can be set up to handle the distribution of addresses.
If network administrators want a DHCP server to provide addressing to multiple subnets on a given network, they must configure DHCP relay services located on interconnecting routers that DHCP requests have to cross. These agents relay messages between DHCP clients and servers located on different subnets.
DHCP lacks any built-in mechanism that enables clients and servers to authenticate each other. Both are vulnerable to deception -- one computer pretending to be another -- and to attack, where rogue clients can exhaust a DHCP server's IP address pool.
When managing many DHCP servers or DHCP servers in a WAN, users can work with a command line. Users should also be aware that starting, stopping and restarting affects the running of the daemon.
Components of DHCP
DHCP is made up of numerous components, such as the DHCP server, client and relay.
The DHCP server -- typically either a server or router -- is a networked device that runs on the DHCP service. The DHCP server holds IP addresses, as well as related information pertaining to configuration.
The DHCP client is a device -- such as a computer or phone -- that connects to a network and communicates with a DHCP server.
The DHCP relay manages requests between DHCP clients and servers. Typically, relays are used when an organization has to handle large or complex networks.
Other components include the IP address pool, subnet, lease and DHCP communications protocol.
Static vs. dynamic DHCP leases
With dynamic DHCP, a client does not own the IP address assigned to it but instead leases it for a period of time. Each time a device with a dynamic IP address is powered up, it must communicate with the DHCP server to lease another IP address. Wireless devices are examples of clients that are assigned dynamic IP addresses when they connect to a network.
On the other hand, static devices -- such as web servers and switches -- are assigned permanent IP addresses.
Under a dynamic DHCP setup, a client might also have to perform certain activities that lead to terminating its IP address and then reconnecting to the network using a different IP address. DHCP lease times can vary depending on how long a user is likely to need an internet connection at a particular location. Devices release their IP addresses when their DHCP leases expire and then request a renewal from the DHCP server if they are staying online. The DHCP server may assign a new address rather than renewing an old one.
The typical dynamic DHCP lease cycle is as follows:
- A client acquires an IP address lease through the allocation process of requesting one from the DHCP server.
- If a client already has an IP address from an existing lease, it needs to refresh its IP address when it reboots after being shut down and contact the DHCP server to have an IP address reallocated.
- Once a lease is active, the client is bound to the lease and to the address.
- Once the lease has expired, a client contacts the server that initially granted the lease to renew it so it can keep using its IP address.
- If a client is moving to a different network, its dynamic IP address is terminated, and it requests a new IP address from the DHCP server of the new network.
DHCP uses and functions
DHCP is used to distribute IP addresses within a network and to configure the proper subnet mask, default gateway and DNS server information on the device.
DHCP, including Request for Comments (RFC) 8415 -- the draft version released in November 2018 -- can also be used by ordinary electronic devices whose manufacturers want them to be part of the internet of things ( IoT ). DHCP is one method of connecting devices -- such as refrigerators and lawn sprinkler systems -- to the internet using a Manufacturer Usage Description (MUD), suggested by the Internet Engineering Task Force (IETF).
Pros and cons of DHCP
DHCP makes it easier for network administrators to add or move devices within a network, whether it be a LAN or WAN. But DHCP is not inherently secure, and if malicious actors access the DHCP server, they can wreak havoc. Also, if the DHCP server does not have a backup and the server fails, so do the devices served by it.
DHCP security
One of the key vulnerabilities of DHCP has been the use of so-called man in the middle ( MitM ) attacks, in which an attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other.
DHCP servers have also been the subject of multiple memory corruption vulnerabilities. In these, attackers have targeted the Windows DHCP Server service. When successful, the attacks can lead to a full compromise of Microsoft Active Directory (AD). One such vulnerability, patched by Microsoft, was the Common Vulnerabilities and Exposures (CVE)-2019-0725 Windows DHCP Server Remote Code Execution (RCE) Vulnerability.
History of DHCP
DHCP is an extension of a 1985 network IP management protocol, Bootstrap Protocol ( BOOTP ). DHCP is more advanced, and DHCP servers can handle BOOTP client requests if any BOOTP clients exist on a network segment.
Using one central BOOTP server to serve hosts on many IP subnets, BOOTP introduced the concept of a relay agent that enabled BOOTP packets to be forwarded across networks. BOOTP required a manual process to add configuration information for each client, however, and did not provide a mechanism for reclaiming IP addresses no longer in use.
Editor's note: This definition was republished to improve reader experience.
Continue Reading About DHCP (Dynamic Host Configuration Protocol)
Dhcp client configuration for linux, windows and macos.
- 12 common network protocols and their functions explained
- Static IP vs. dynamic IP addresses: What's the difference?
- Brief introduction: DHCP and DNS
Related Terms
Dig deeper on network infrastructure.
Automatic Private IP Addressing (APIPA)
5 basic network commands for Linux and Windows
Configure DHCP failover for Windows Server
More organizations are adopting ESG initiatives, and UC vendors have begun to offer new programs and capabilities in response. ...
The tech giant's $10 billion investment in OpenAI brings AI-supported updates to its basic Teams offering, on top of features ...
The new platform moves to the modern cloud infrastructure and offers a streamlined inbox, an AI-supported writing tool and ...
Configuration profiles make it easier to manage BYOD iPhones, but they're also associated with malware. Mobile security policies ...
User Enrollment creates a management profile for BYOD iPhones, but IT must remove that data in cases such as device loss or theft...
User Enrollment in iOS can separate work and personal data on BYOD devices. IT teams should learn how to enable it in Microsoft ...
Linux admins can use Cockpit to view Linux logs, monitor server performance and manage users. Use the tool to help admins manage ...
Hyperscale data centers can hold thousands of servers and process much more data than an enterprise facility. However, they can ...
Organizations that build 5G data centers may need to upgrade their infrastructure. These 5G providers offer products like virtual...
Software and services companies are adding personnel and expanding their offerings, as venture funds invest in tech startups with...
Businesses working with aging network architectures could use a tech refresh. While the easing of equipment backlogs works in ...
Industry studies underscore businesses' continuing struggle to obtain cloud computing benefits. A greater focus on strategy, ...
IMAGES
VIDEO
COMMENTS
Dynamic Allocation: DHCP assigns an IP address from a pool of addresses for a limited period of time chosen by the server, or until the client tells the DHCP
The assignment of IP addresses happens dynamically within a given address range. As a result, a device connected to the network doesn't have a forever address.
Dynamic allocation: The server assigns an IP address to a client for a limited period of time (called the lease) or until the client explicitly relinquishes the
It is possible to reserve an IP address for a specific host. This is not the same thing as a statically-assigned IP address. Static IP addresses are configured
Static address allocation—Manually bind the MAC address or ID of a client to an IP address in a DHCP address pool. When the client requests an IP address, the
Automatic allocation. This method means that each client receives a permanent IP address. DHCP server retains a list of past connections to
Address pools allow DHCP servers to allocate network parameters including IP addresses to clients. You can specify network parameters in an address pool
DHCP server subnet allocation is a way of offering entire subnets (ranges of addresses) to relay agents so that remote access devices can
static allocation: The DHCP server allocates an IP address based on a table with MAC address/IP address pairs, which are manually filled in (perhaps by a
When refreshing an address assignment, a DHCP client requests the same parameters, but the DHCP server may assign a new IP address based on policies set by