IP Helpers

Unanswered Question
Jun 21st, 2007
User Badges:

Hello all,


I was told that IP Helpers are used for DHCP requests. If a client is looking for a dhcp address and a broadcast is sent, if the router received the broadcast, it will drop the request. If an ip helper is setup on the router, it will forward the request to a DHCP server.


Do I have the above correct? If so, how are ip helpers configured?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (4 ratings)
Loading.
vinayrajkp Thu, 06/21/2007 - 05:03
User Badges:

On the interface which connects to the dhcp client configure ip helper address


vinay

Harold Ritter Thu, 06/21/2007 - 05:03
User Badges:
  • Cisco Employee,

Your description is correct. You need to configure the following command on all interfaces where DHCP request are received and need to be forwarded.


int fa0/0

ip helper-address x.x.x.x (where x.x.x.x is the address of the DHCP server).


Hope this helps,

danny9797 Thu, 06/21/2007 - 05:22
User Badges:

Thanks a lot,


I read a bit about it. I noticed, by default, the ip helper command will forward broadcasts for the following services:


Time

37

TACACS

49

DNS

53

BOOTP/DHCP Server

67

BOOTP/DHCP Client

68

TFTP

69

NetBIOS name service

137

NetBIOS datagram service

138


If I leave it default, dns and other services will not work properly b/c they're located on other servers.


I can just run the command and remove the other service forwards with this command: no ip forward-protocol


I will then just leave port 68 open for forwarding.



Does this look right?


I also need to figure out which interface this would go on. Can this command be used on firewalls and switches?


By default, we have clients on a catalyst switch (vlans). The switch is connected to E0 on the router where I may have to configure the ip helpers. The issue is that the ip default-gateway on the catalyst switch points to a pix firewall. Wouldn't the broadcasts be sent there as opposed to the router?

Richard Burts Thu, 06/21/2007 - 05:47
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Dan


There are several aspects of your post that deserve comment:

- if a client sends a broadcast request then it should be forwarded everywhere within the VLAN. It does not matter whether the client default gateway points to a firewall, if the client sends a broadcast request then the request should get to the router. and if the helper-address is configured on the router, then it should forward it to the remote server.

- I do not understand your comment about "If I leave it default, dns and other services will not work properly b/c they're located on other servers". If the server is remote and if the client is not configured for the particular server then it will not work anyway. and if the client is configured for the remote server (for example if the client has a DNS server configured which is on a remote subnet) then it will work whether helper-address is configured or not. if the client is configured for specific remote servers then it communicates with unicast addresses and helper-address does not impact it.

- you are correct that if you wish to disable forwarding broadcasts for the other services then you can use the no ip forward-protocol to disable forwarding broadcasts for these services. In my experience few people do this. if that a reason why you think that you might need to do this?


HTH


Rick

danny9797 Thu, 06/21/2007 - 07:49
User Badges:

Thanks a lot


I kind of confused myself when I made that comment about disabling some of the services. I was thinking about something a bit off topic.


The situation we have here is that we have 3 subnets and 3 different dhcp servers for each. We want to eliminate 2 of them and configure the scopes on just the one. So I was thinking about enabling the ip helper on the routers after all of the changes are made to point all of the requests to the one server.


It looks as though the one single command should do the trick - ip helper-address dhcp_server_ip


Please correct me if i'm wrong here.


Thank You

Richard Burts Thu, 06/21/2007 - 07:55
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Dan


I believe that you are correct. If you build multiple scopes on a single DHCP server then the command ip helper-address dhcp_server_ip on the router interfaces where the server is remote should be exactly what you need.


HTH


Rick

Actions

This Discussion