Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Best Practice for ip helper-address

I have 2 dhcp servers on same subnet 192.168.1.0

I'm trying to setup my SVI

Gateway 192.168.6.1

How should the ip helper-address be setup?

ip helper-address 192.168.1.0

or

ip helper-address 192.168.1.1 <- dhcp 1

ip helper-address 192.168.1.2 <- dhcp 2

2 Dhcp servers setup each to handle half the scope of a given subnet.

2 REPLIES
Hall of Fame Super Silver

Re: Best Practice for ip helper-address

Sparky

Generally I believe that the best practice for this is to use two helper address statements. This will send two unicaast packets, one to each server. The other alternative is to send a directed broadcast (which would actually be ip helper-address 192.168.1.255). To do this you would also have to be sure that ip directed-broadcast was enabled on the router interface connecting to the 192.168.1.0 subnet. Many people reguard ip directed-broadcast as a security vulnerability and do not want it enabled. If your environment is comfortable with enabling this function then both alternatives would work. The advantage of the directed broadcast is that it transmits one packet rather than transmitting two packets. If it were me I would use two helper address statements.

HTH

Rick

Re: Best Practice for ip helper-address

The best practise is to have multiple IP Helpers configured on your DHCP Client VLAN's pointing to your DHCP Servers. Alternatively you can have a single IP helper but use the network broadcast address, but this isn't generally recommended:

ip helper-address 192.168.1.255

It is also best practise to disable the forwarding of unwanted UDP broadcasts. I have seen lots of Microsoft Networking Browser issues with the defaults being left:

no ip forward-protocol udp tftp

no ip forward-protocol udp nameserver

no ip forward-protocol udp domain

no ip forward-protocol udp time

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

no ip forward-protocol udp tacacs

HTH

Andy

807
Views
5
Helpful
2
Replies