cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
787
Views
19
Helpful
7
Replies

IP Helpers

danny9797
Level 1
Level 1

Hello all,

I was told that IP Helpers are used for DHCP requests. If a client is looking for a dhcp address and a broadcast is sent, if the router received the broadcast, it will drop the request. If an ip helper is setup on the router, it will forward the request to a DHCP server.

Do I have the above correct? If so, how are ip helpers configured?

Thanks

7 Replies 7

vinayrajkp
Level 1
Level 1

On the interface which connects to the dhcp client configure ip helper address

vinay

Harold Ritter
Cisco Employee
Cisco Employee

Your description is correct. You need to configure the following command on all interfaces where DHCP request are received and need to be forwarded.

int fa0/0

ip helper-address x.x.x.x (where x.x.x.x is the address of the DHCP server).

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Thanks a lot,

I read a bit about it. I noticed, by default, the ip helper command will forward broadcasts for the following services:

Time

37

TACACS

49

DNS

53

BOOTP/DHCP Server

67

BOOTP/DHCP Client

68

TFTP

69

NetBIOS name service

137

NetBIOS datagram service

138

If I leave it default, dns and other services will not work properly b/c they're located on other servers.

I can just run the command and remove the other service forwards with this command: no ip forward-protocol

I will then just leave port 68 open for forwarding.

Does this look right?

I also need to figure out which interface this would go on. Can this command be used on firewalls and switches?

By default, we have clients on a catalyst switch (vlans). The switch is connected to E0 on the router where I may have to configure the ip helpers. The issue is that the ip default-gateway on the catalyst switch points to a pix firewall. Wouldn't the broadcasts be sent there as opposed to the router?

Dan

There are several aspects of your post that deserve comment:

- if a client sends a broadcast request then it should be forwarded everywhere within the VLAN. It does not matter whether the client default gateway points to a firewall, if the client sends a broadcast request then the request should get to the router. and if the helper-address is configured on the router, then it should forward it to the remote server.

- I do not understand your comment about "If I leave it default, dns and other services will not work properly b/c they're located on other servers". If the server is remote and if the client is not configured for the particular server then it will not work anyway. and if the client is configured for the remote server (for example if the client has a DNS server configured which is on a remote subnet) then it will work whether helper-address is configured or not. if the client is configured for specific remote servers then it communicates with unicast addresses and helper-address does not impact it.

- you are correct that if you wish to disable forwarding broadcasts for the other services then you can use the no ip forward-protocol to disable forwarding broadcasts for these services. In my experience few people do this. if that a reason why you think that you might need to do this?

HTH

Rick

HTH

Rick

Thanks a lot

I kind of confused myself when I made that comment about disabling some of the services. I was thinking about something a bit off topic.

The situation we have here is that we have 3 subnets and 3 different dhcp servers for each. We want to eliminate 2 of them and configure the scopes on just the one. So I was thinking about enabling the ip helper on the routers after all of the changes are made to point all of the requests to the one server.

It looks as though the one single command should do the trick - ip helper-address dhcp_server_ip

Please correct me if i'm wrong here.

Thank You

Dan

I believe that you are correct. If you build multiple scopes on a single DHCP server then the command ip helper-address dhcp_server_ip on the router interfaces where the server is remote should be exactly what you need.

HTH

Rick

HTH

Rick

Thank You very much for your help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco