Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

DHCP across two router interfaces

I have a 2513 router running IOS 11.2. We have a DHCP server on the token ring side and have just added some worksations on to the ethernet side. I also have a IP FORWARD-PROTOCOL UDP 1604 and IP HELPER ADDRESS' for Citrix servers (and the DHCP SERVER) on both TR and Ethernet ports. We are having a problem with DHCP and I was wondering if there is anything I need to do to allow DHCP requests to traverse from ethernet to TR?


Re: DHCP across two router interfaces

I apologize in advance for length of this post. Lots of it is information you probably already know; but maybe there's something in what follows that will provide the missing link, and get your DHCP working across subnets.

I assume you are using the 2513 router to route IP between the Token Ring LAN and the Ethernet LAN, and that there are only two LANs. You say you have the DHCP server on the Token Ring side. I assume you already have DHCP clients on the Token Ring side, since you also say you just added some DHCP clients on the Ethernet side.

You don't need the ip helper-address commands on the Token Ring interface of the 2513 router, as far as DHCP is concerned. It is not really helping you there. Any clients on the Token Ring will issue their DHCP requests as UDP broadcasts. The DHCP server is on that LAN, so it will hear those broadcasts directly.

If there is no DHCP server on the Ethernet LAN, then it is useful to have an ip helper-address on the Ethernet interface of the 2513 router, to take advantage of a DHCP server on another LAN/subnet. (This is what you're trying to do.) Make sure the IP address of the DHCP server is in one of these ip helper-address commands (because you CAN have several ip helper-address commands on an interface).

By default, the ip helper-address command on a LAN interface will forward UDP broadcasts heard on that interface to the specified destination IP address, for the following services:

Trivial File Transfer Protocol (tftp) (UDP port 69)

IEN-116 Name Service (nameserver) (UDP port 42)

Domain Naming System (domain) (UDP port 53)

Time service (time) (UDP port 37)

NetBIOS Name Service (netbios-ns) (UDP port 137)

NetBIOS Datagram Service (netbios-dgm) (UDP port 138)

TACACS service (tacacs) (UDP port 49)

Bootstrap Protocol or BOOTP server (bootps) (UDP port 67)

Bootstrap Protocol or BOOTP client (bootpc) (UDP port 68)

Most people use ip helper-address on an interface just to get it to forward BOOTP, which carries DHCP protocol information. They don't realize that broadcasts for all the other services listed above are forwarded too. This can cause problems, especially in a Microsoft networking environment (which uses UDP ports 137 and 138). To stop the default forwarding of broadcasts for these and other protocols, I run and save the following commands at the global config level:

no ip forward-protocol udp tftp

no ip forward-protocol udp nameserver

no ip forward-protocol udp domain

no ip forward-protocol udp time

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

no ip forward-protocol udp tacacs

As long as you are not blocking the forwarding of BOOTP broadcasts on your Cisco router, and an ip helper-address on the Ethernet LAN interface points to your DHCP server, that's all you can really do on the Cisco router. The rest of the troubleshooting needs to be done on your DHCP server.

When the Cisco router forwards a DHCP address request broadcast to a remote DHCP server, it includes the IP address information of the LAN interface on which the broadcast was heard. The DHCP server uses that extra IP address information to look for a corresponding scope of addresses from which to serve up one for the remote client. (When the DHCP server hears a request broadcast on its own LAN interface, it looks up an address in the scope for its local IP subnet.) So you should have two scopes on your DHCP server, one for the Token Ring LAN IP subnet, and the other for the Ethernet LAN IP subnet. The addresses in the pool/scope for the Ethernet LAN must be a subset of the range of valid IP addresses for the IP subnet associated with that LAN.

In addition to having a range of addresses to hand out, each scope should also contain options such as default gateways, DNS or WINS/NetBIOS Name Servers, maybe even a DNS domain name. In your case, the default gateway associated with the Ethernet LAN's IP subnet scope should be the IP address of the Cisco router's Ethernet LAN interface. All the other information (DNS, WINS) can be for addresses that are NOT on the Ethernet LAN's IP subnet; but you must provide a local default gateway IP address for the machines on the Ethernet LAN if they are to communicate with systems on the other subnets. Some options can be configured as global options, that is, used by all scopes (for example, DNS); others need to be scope-specific (for example, default gateway).

Hope this helps.

CreatePlease to create content