replies with mask, DNS, default gateway, IP boot server
requires RARP server
DHCP
messages:
Discover:
bcast
UDP 67
Offer:
bcast/unicast (depends on flag in Discover)
UDP 68
Request:
bcast
DHCP server MAC
Ack:
bcast/unicast (depends on flag in Discover)
Nak:
bcast/unicast (depends on flag in Discover)
Decline:
bcast
Release:
unicast
Inform:
bcast (if no DHCP server IP is known) or unicast
from client, to request IP parameters (e.g., access server)
Cisco verifies, whether address is available, before allocating it to client via ping; useful if ARP cache it out of date or server is in the other L2 segment
Client ID: 01XX.XXXX.XXXX.XX, where X…X – MAC address
User-Agent field:
usually identifies OS
can be used freely (e.g., to identify corporate asset)
; N=0 ≡ disable, 2 default
(config)# ip dhcp ping packets <N>
; 500 ms default
(config)# ip dhcp ping timeout <ms>
(config)# service dhcp
(config)# ip dhcp database <URL>
; on default
(config)# ip dhcp conflict logging
; used INTF MAC for client ID
(config-if)# ip address dhcp client-id <INTF>
; set BROADCAST flag in messages from client
(config-if)# ip dhcp client broadcast-flag set|clear
; DHCP relay
(config-if)# ip helper-address <IP>
# release dhcp <INTF>
Options
43: vendor-encapsulated
66: TFTP server
69: SMTP server
70: POP3 server
78: SLP directory agent
79: SLP service scope
82:
circuit ID (VLAN, port number) + remote ID (switch MAC)
inserted by first-hop switch: relay IP = 0.0.0.0
switch checks that option is present in DHCP replies from server
83: iSNS server
128: TFTP server for IP phone
150: TFTP server, Cisco
; include option, can be in any message
(dhcp-config)# option <N> ascii <STR> | hex <HEX> | ip <IPv4>
Option 82 on switch
(config)# ip dhcp snooping
(config)# ip dhcp snooping vlan <N>
; add option 82 into DHCP message, L2 traffic
(config)# ip dhcp snooping information option
; add option 82 into DHCP message, L3 traffic on DHCP relay
(config)# ip dhcp relay information option
Option 82 on server
(config)# ip dhcp class <CLASS>
(config-dhcp-class)# relay agent information
; option in binary, HEX – regex (* and bitmask)
(config-dhcp-class-relayinfo)# relay-information hex <HEX>
(config)# ip dhcp pool <POOL>
(dhcp-config)# class <CLASS>
(config-dhcp-pool-class)# address range <START> <STOP>
(config)# ip dhcp snooping
; permit Option 82 from untrusted ports
(config)# ip dhcp snooping information option allow-untrusted
; TFTP is better than Flash
(config)# ip dhcp snooping database <PATH>
; permit Option 82 on all interfaces, inserted by switch (relay IP = 0.0.0.0)
(config)# ip dhcp relay information trust-all
; on default, check that Option 82 is present in DHCP responses, if absent/invalid – drop
(config)# ip dhcp relay information check
; permit Option 82 on this interface, inserted by switch (relay IP = 0.0.0.0)
(config-if)# ip dhcp relay information trust-all
(config-if)# ip dhcp relay information check-reply
DHCPv6
messages:
solicit
when RA contains M/O flags
when RA is not received at all
advertise
request: stateful DHCP
reply
response or acknowledge to a message (release, decline)
confirm
check if the parameters are valid
sent to all servers
renew
sent to server which provided the parameters
rebind
same as renew
after renew is not responded to
sent to all DHCP servers
release
sent to server which provided the parameters
decline
sent to server which provided the parameters
reconfigure
server → client when new info is available
triggers renew or information-request
information-request: stateless DHCP
relay-forward
relay-reply
rapid-commit
2 messages in lieu of 4
option in solicit
allocated addresses may be lost if there are several DHCP servers
DUID: DHCP unique ID – device ID, one per device
IAID: interface association ID – interface ID, one per interface
relay uses egress interface IP as source address (IPv4 uses ingress interface)
when address is allocated, server does not send pings by default (in contrast to IPv4)
(config)# ipv6 dhcp database <URL>
(config)# ipv6 dhcp pool <NAME>
(config-dhcpv6)# dns-server <IPv6>
(config-dhcpv6)# domain-name <DOMAIN>
; address pool, address mask is fixed at 64 bits
(config-dhcpv6)# address prefix <PREFIX>
on delegation static route for the prefix is added
client: Null0
server: egress interface, link-local next-hop
DHCP solicit from requesting router (RR) asks for PD
DHCP reply from delegating router (DR) contains requested prefix
(config)# ipv6 dhcp pool <NAME>
(config-dhcpv6)# prefix-delegation pool <PD_POOL>
; PD_PREFIX - pool, split into subnets of length n
(config)# ipv6 local pool <PD_POOL> <PD_PREFIX> <n>
; on RR towards DR
(config-if)# ipv6 dhcp client pd <GPREFIX>
; on RR towards clients, GPREFIX takes MSB bits of prefix
; default – install ::/0 via DR
(config-if)# ipv6 address <GPREFIX> <prefix> [default]