03-29-2006 08:18 AM - edited 03-03-2019 12:13 PM
hi all,
In a few months we will be deploying a new design with very centralized servers. in our remote sites they will have domain controller to reach for dhcp, but in the even that it should die, i would like to able to assign an ip over the wan from the home office. what router considerations do i need to have to allow the dhcp request to reach the server? should i be using ip helper addresses? I will already be doing this somewhat as my dhcp server will reside on a different vlan that my hosts.
TIA,
R
03-29-2006 08:22 AM
I haven't done NT in a long time, but I beleive you can use NT to setup a backup DHCP server/scope. As for forwarding that traffic you will need to use helper addresses for the primary configuration.
03-29-2006 09:07 AM
Yes, yu need to use the ip helper-address command. Also, if you have any access list or firewalls in between the sites you need to ensure the traffic is allowed. I am assuming you already have the correct routing in place as well.
03-29-2006 10:00 AM
Thanks for the replies. I know the helper command goes on the vlan interfaces inside the lan, but in the wan, i was unsure. would this command go on the interface facing the switch, be it fast ethernet or what have you. or on the int facing the wan?
also, i have seen posts with the following to lock down the helper command:
o ip forward-protocol udp tftp
no ip forward-protocol udp dns
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
Are these needed?
03-29-2006 10:22 AM
The ip helper-address command is always applied on the LAN interface. It doesn't serve any purpose to configure it on the interface facing the WAN side unless the router interface on the other end is configured as a DHCP client.
When helper-address is configured the router listens for broadcast on the wire and takes it and converts to directed broadcast/unicast packets depending on what the helper address is pointing to.
HTH,
Sundar
03-29-2006 10:37 AM
When you enable the ip helper-address command on an interface it turns on udp forwarding for ports 69, 53, 37, 137, 138, 67, 68, 49,and 42. If you want to prevent other protocols from being forwarded you should use the no ip forward-protocol command.
If this helps please rate my post, thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: