06-23-2009 08:02 AM - edited 03-06-2019 06:24 AM
All,
We've acquired a network, and I'm going through their configs. The previous tech set up a helper address to 192.168.1.255. I've never seen this before, but I can only gather that it's broadcasting to every device on their network when a request for dhcp, udp forwards, etc. come in.
Thanks,
John
06-23-2009 08:21 AM
IP helper address is for preventing the presence of a DHCP server in every VLAN.
problem:
A router or L3 switch, doesn't forward broadcast to other subnets than the subnet of interface it received the request.
solution:
so there's a mechanism needed for forwarding DHCP broadcast (and some other protocols with same issue)
The SVI or router that receives the request will forward the DHCP message unicast to the IP helper address (=DHCP server in this case)
the forwarding of other protocols can be disabled with "no ip forward-protocol x"
06-23-2009 08:26 AM
Davy,
Thanks for the response. My main question is why this person was forwarding the helper address to a broadcast address instead of a direct ip.
Thanks,
John
06-23-2009 08:28 AM
ah ok, without SM it wasn't clear that you mention a broadcast ;-)
because several servers which requires the forwarding of these UDP protocols are on the same segment.
I've to doublecheck first ;)
06-23-2009 08:30 AM
So, I would have to say it's a bad design then (maybe they didn't want to go back and add others later). I would specify individual servers instead of the broadcast because now you have every host on that segment having to receive that traffic regardless if they need to or not. =)
John
06-23-2009 08:42 AM
In most implementations the IP helper address is solely used for DHCP clients retrieving a DHCP server. Other forwarding UDP protocols are often 'removed' from the ip helper "mechanism".
--> no ip forward protcol UPD xxx
I think it's your turn to check what services the IP helper address is used for.
06-23-2009 09:21 AM
That is a subnet broadcast , instead of using 1 or 2 helper addresses they blasted to the whole subnet , not a great idea .
06-23-2009 09:32 AM
Your understanding is correct. The design is going from broadcast on client subnet, to unicast at the L3 interface of the routing device back down to broadcast on the remote LAN segment.
Depending upon the customer requirements, this can be either a bad or desired design.
On a local segment, these packets will be in broadcast mode anyways, you are just extending the broadcast to another segment.
Ideally, you know the DHCP server at the remote LAN subnet but as I said, it depends on the customer requirements.
HTH,
__
Edison.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide