Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Using ip-helper without using DHCP functionality

Hello,

 

I am fairly new to Cisco, and am after a bit of help.

 

My scenario:

We have a new domain setup on a new VLAN (3), seperate from our current infrastructure VLAN (2).

The new domain controllers provide DHCP for our new servers, and I would also like them to handle DHCP for wireless clients.

We have one DHCP scope 10.0.0.0 255.255.0.0, and I would like to assign all wireless clients an IP in the 10.0.6.0 range.

My thinking on the best way to do this, is with a DHCP policy, that looks at the relay agent information.

I would then set the ip-helper address, on the port the wireless access point is connected to on the Cisco, to point to the DHCP server.

Then for that same port, I would seb a subscriber id in the relay agent information, and use this string to set the IP assigned to that device.

 

Looking into doing this, it seems the Ciscos DHCP functionality has to be turned on in order to use ip-helper.

In my config, I cannot tell if DHCP is enabled or not, I can see neither "service dhcp", nor "no service dhcp" in the config.

 

Assuming I were to turn it on using "service dhcp", can I then leave the actual functionality turned off? i.e. turn on the DHCP service, but not have it assign IP addresses?

Also, does turning it on cause any downtime or disruption?

 

I think I have to run these commands:

conf t

service dhcp

interface GigabitEthernet2/40

Ip helper-address 10.0.0.1

Ip dhcp relay information option-insert

Ip dhcp relay information option subscriber-id “wireless”

 

I know these are probably simple questions, so please forgive my ignorance.

 

James

21 REPLIES

Where does the 10.0.0.0 /16

Where does the 10.0.0.0 /16 DHCP scope reside currently?

Whoever chose to use a /16 subnet needs a slap ;)

 

Hall of Fame Super Silver

James Perhaps questions may

James

 

Perhaps questions may be on the simple side, but we all started at the beginning learning simple things and these forums are a good place for both simple and complex topics. So for your questions, yes you can enable the DHCP functionality on the router without having it give out IP addresses. And no it is not disruptive to enable the DHCP functionality.

 

One other comment I would offer is that in the Cisco configuration most of the parameters that are at their default setting do not show up when you do show running-config which is why you do not see a setting for the DHCP functionality. If you enable it and it begins to show up in the config then you know that its default was disabled. Or if you disable it and it begins to show up in the config then you know that its default was enabled.

 

HTH

 

Rick

New Member

Thanks guys for your replies.

Thanks guys for your replies.

 

I've only been in this, my first IT job, for 3 years, so am learning as I go :)

 

With regards to the scope, our existing network topology is our primary site using 10.1.0.0//16, with our other site connected via VPN using 10.2.0.0/16, 10.3.0.0/16 etc etc.

I don't think this is great, as it means our broadcast traffic is probably horrific, but this is what I have inherited :)

As we are re-doing our server infrastructure, I don't want to make things too complicated just yet by adding in changing the network structure at the same time.

Would you say the best thing would be to have everything on /24 subnets? I'm not a networking expert obviously, so not sure how best to organise our network.

 

In any case, I shall have a go at enabling DHCP functionality to see if I can achieve what I am aiming to do.

 

I am sure I will be back in future with more questions on network layout and configuration.

 

Thanks again

Hall of Fame Super Silver

James 10.1.0.0/16, 10.2.0.0

James

 

10.1.0.0/16, 10.2.0.0/16, etc are large address spaces especially for a single subnet (DHCP scope). Most of us would prefer to design networks with smaller size vlan/subnets and /24 is a convenient (easy to use) size to work with. But it is not magic and effective networks can be designed with different size subnets.

 

Good luck with enabling DHCP functionality. It should go pretty smoothly. Feel free to come back with more questions. Do continue to be active in the community.

 

HTH

 

Rick

New Member

Hi Richard, Not sure if you

Hi Richard,

 

Not sure if you can advise on this, but when I go into config mode, select the interface, and try to set the IP helper-address, I get an invalid input error.

 

I have attached a screenshot. Perhaps I am using the wrong command?

 

Many thanks.

Hi JamesWhich model of switch

Hi James

Which model of switch or router are you trying this on?

I believe you should be able to have helper addresses on subinterfaces but it may depend on which model you are using and perhaps which IOS.

Another way to do it would be to create Vlan interfaces (SVI's) and run a Trunk link between your switch and router but having not seen your topology, I am unsure if this is possible.

Thanks

New Member

Hi, We are running two

Hi,

 

We are running two Catalyst 4506 switches.

I think on IOS version 12.2(31r)SGA1

 

I can get a screen print of "show version" if needed.

 

Many thanks.

Hall of Fame Super Silver

It looks to me like you are

It looks to me like you are applying the helper address command on a layer 2 interface (switchport is the default and no switchport would configure it as a layer 3 interface). ip helper-address can only be configured on layer 3 interfaces. So make that interface into layer 3 and apply helper-address to it or apply helper-address to the vlan interface for the vlan that this interface belongs to.

 

HTH

 

Rick

New Member

Is there any additional

Is there any additional config on the port that is required when converting it to layer 3?

 

At the moment, we have 3 VLANS, (2) is our current production environment, (3) will soon be our production environment, (104) our voice VLAN.

Most of our Gigabit ports are currently set as:

interface GigabitEthernet2/40
 description *** Server Access Port ***
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast disable
 spanning-tree bpduguard enable
!

If I just convert this to layer 3, without doing anything extra, can I then set the IP helper-address and keep it on VLAN 3?

 

Many thanks.

James

New Member

If I am reading correctly, I

If I am reading correctly, I would need to first convert to a layer 3 port, and then assign an IP to that port.

 

conf t
interface GigaBitEthernet2/40
no switchport
ip address 10.0.6.0 255.255.0.0
ip helper-address 10.0.0.1

 

Does that look correct?

 

Thanks
James

Hall of Fame Super Silver

James That syntax does look

James

 

That syntax does look correct. But I am not sure that you really want to do this. In your previous post you asked "If I just convert this to layer 3, without doing anything extra, can I then set the IP helper-address and keep it on VLAN 3". The key thing is that if you make this interface into layer 3 then you take it out of the vlan. If you want to keep this interface in vlan 3 then you need to keep it as a layer 2 interface.

 

So it looks to me like what you really want to do is to configure the helper-address on interface vlan 3. This is the layer 3 interface associated with the vlan and the helper-address configured here would process the request generated from Gig2/40 (as well as requests from other interfaces in vlan 3).

 

HTH

 

Rick

New Member

Thanks for the info.I think

Thanks for the info.

I think then, if I do:

conf t
interface vlan 3
ip helper-address 10.0.0.1

 

That will set all VLAN 3 switchports to forward DHCP requests to that IP.

Then I can:

conf t
interface GigabitEthernet2/40
ip dhcp relay information option-insert
ip dhcp relay information option subscriber-id wireless

 

Which sets that port to allow option 82 in DHCP to be inserted, and sets the subscriber ID as "wireless".

 

Will have a crack at it in the morning and let you know my results.

 

James

Hall of Fame Super Silver

James Do give it a try and

James

 

Do give it a try and let us know the results. Certainly putting the helper-address under interface vlan 3 is right. My guess is that

ip dhcp relay information option-insert
ip dhcp relay information option subscriber-id wireless

may also be layer 3 commands that go under interface vlan 3. But try them on Gig2/40 first and see what happens.

 

HTH

 

Rick

 

New Member

Well it doesn't seem to have

Well it doesn't seem to have worked unfortunately.

Vlan 3 has a helper address of 10.0.0.1, and I was able to run the commands on Ge2/40 to add subscriber id of wireless, but my DHCP server is still not assigning addresses in the correct range.

 

Is there any way to tell if the Cisco is in fact adding in option 82 to the DHCp requests?

 

Thanks.

Hall of Fame Super Silver

James It is interesting that

James

 

It is interesting that IOS would accept those commands on interface Gig2/40. But if it is not working right then I wonder if it would help to put those commands under interface vlan 3 also.

 

Can you help us understand better what is not working. You say that the DHCP server is not assigning addresses in the right range. Can you tell us what range you want it to be and what range it is assigning? It might also be helpful to share with us the complete configuration of vlan 3.

 

It might also be helpful to review the scopes configured on the server and to share with us information about what is set up on the server.

 

HTH

 

Rick

New Member

Ok here goes.On my domain

Ok here goes.

On my domain controller/DHCP server, I have a scope setup of 10.0.0.0 255.255.0.0, and is set with an IP range of 10.0.0.1 - 10.0.6.253

I have various reservations in place, and a working policy to assign thin clients an IP of 10.0.2.X based on their MAC address.

I have then created a second policy, that should be assigning IPs in the 10.0.6.0 range, based on relay agent information, subscriber ID. This is a HEX value, so whatever string I enter on the Cisco, has to be converted to HEX.

This DHCP server is on the same VLAN 3. The VLAN interface on the Cisco has IP of 10.0.0.254 255.255.0.0

The wireless clients are getting IP addresses, but not within the range specified by the policy, so they are getting any address between 10.0.0.1 and 10.0.6.253 that is not already in use.

 

Image 1 shows the vlan interface, where I have set the helper address, relay information option-insert, and subscriber id of "wireless".

Image 2 shows the config on the port that my access point is connected to.

Image 3 shows the value of the policy on the DHCP server, based on subscriber ID

Image 4 shows the string "wireless" converted to HEX

Image 5 shows the IP range that the policy should be using

Image 6 shows "Edss-iPhone" as have an IP not within the correct range

 

Hopefully that helps.

 

Hall of Fame Super Silver

James I must admit that I

James

 

I must admit that I have not read the outputs that you posted - because there is a very significant detail in your recent post: "This DHCP server is on the same VLAN 3". If the DHCP server is in the same VLAN then you do not need any ip helper-address commands because the DHCP server will receive the DHCP request from the client directly and does not need the DHCP relay functions. And I suspect that the IP dhcp relay information commands are not changing anything because  the switch is not relaying any DHCP requests. I wonder if there is a way to achieve the parameters in the DHCP request from the wireless device?

 

HTH

 

Rick

Hi JamesI have not used the

Hi James

I have not used the relay information options before so I am unsure why they are not working. It looks setup correctly on the Cisco so I suspect the issue may be with the DHCP server. The one way to prove it would be to setup a packet capture and look at the DHCP messages when a Wireless client tries to obtain an IP address to see if you can see the extra options in there. This would prove if the Cisco is not adding them or if the Server is not processing them properly.

As you already have a large /16 scope for 10.0.*.*, why not use something outside this range such as 10.1.0.0 /24?

255.255.0.0 with a subnet address of 10.0.0.0 only emcompasses 10.0.0.0 to 10.0.255.255.

You could happily setup a new subnet of 10.1.0.0 /24 on the Cisco, even reusing the Vlan3 SVI with an IP address of maybe 10.1.0.1 255.255.255.0 and then setup a scope on the server of 10.1.0.100 - 10.1.0.200. Still use a helper address of 10.0.0.1 on the Vlan3 SVI and it should work fine.

New Member

Thanks for all the help

Thanks for all the help everyone!


I decided in the end to create a new VLAN, with a range of 10.100.0.0. 255.255.0.0 (a lot of 10.X between 0 and 100 are in use, so making it this high ensures I am not overlapping).

I then set the IP helper address for this VLAN interface, and put the wireless on there.

I then just created a second scope on the DHCP server and all is working well!

 

Thanks again for helping out a newbie.

James

Hi JamesGlad its working :

Hi James

Glad its working :)

One thing I would point out for the future is that using a /16 subnet mask (255.255.0.0) is not really best practice. You should look to use something like a /24 or /24 as it conserves addresses.

Thanks

Hall of Fame Super Silver

James Glad that you got it

James

 

Glad that you got it working. Creating a new VLAN and using the helper-address and relay options is a reasonable solution. Thanks for posting back to let us know that you got it working.

 

Good luck as you continue to learn about networking. Continue to be active in the forum.

 

HTH

 

Rick

400
Views
0
Helpful
21
Replies