DHCP design guidance

jeffrey j donovan donovan at beth.k12.pa.us
Mon May 21 22:56:19 UTC 2012 

On May 21, 2012, at 4:37 PM, Jason Lixfeld wrote:

> Hi all,
> 
> I'm looking for some guidance on DHCP network designs, specifically in an ISP environment, but I suppose ISP design might be synonymous with Enterprise or Academic design.
> 
> I have a Cisco switch with a bunch of clients hanging off of it, and my DHCP server lives on the other side of the network, so I use the ip helper-address hook in IOS to relay DHCP requests to the off-subnet DHCP server.
> 
> As near as I can tell, on the server side, I need a subnet declaration that matches the subnet of the pool from which I want to assign these clients their addresses.  In order to achieve this, and have the DHCP server start, I need an interface in that same subnet on the DHCP server.
> 
> ! Cisco side:
> !
> interface Vlan4000
> description Client facing
> ip vrf forwarding Inetv4
> ip address 10.0.0.1 255.255.255.0
> ip helper-address vrf management 10.219.51.135
> !
> interface GigabitEthernet 1/1
> description Facing Client 1
> switchport access vlan 4000
> !
> 
> ! DHCPD side:
> ;
> ;
> subnet 10.219.51.128 netmask 255.255.255.224 {
> }
> 
> subnet 10.0.0.0 netmask 255.255.255.0 {
> not authoritative;
> range 10.0.0.5 10.0.0.254;
> option routers 10.0.0.1;
> }
> ;
> ;
> 
> [root at dhcp01 ~]# ifconfig | egrep "encap|inet "
> eth0      Link encap:Ethernet  HWaddr 00:0C:29:46:FE:E9  
>          inet addr:10.219.51.135  Bcast:10.219.51.159  Mask:255.255.255.224
> eth0:0    Link encap:Ethernet  HWaddr 00:0C:29:46:FE:E9  
>          inet addr:10.0.0.2  Bcast:255.255.255.255  Mask:0.0.0.0
> lo        Link encap:Local Loopback  
>          inet addr:127.0.0.1  Mask:255.0.0.0
> [root at dhcp01 ~]# 
> 
> 
> When I run the server with -d -f:
> 
> DHCPDISCOVER from 00:02:71:17:58:bb via 10.0.0.1
> DHCPOFFER on 10.0.0.3 to 00:02:71:17:58:bb via 10.0.0.1
> DHCPDISCOVER from 00:02:71:17:58:bb via 10.0.0.1
> DHCPOFFER on 10.0.0.3 to 00:02:71:17:58:bb via 10.0.0.1
> DHCPDISCOVER from 00:02:71:17:58:bb via 10.0.0.1
> DHCPOFFER on 10.0.0.3 to 00:02:71:17:58:bb via 10.0.0.1
>>>> 
> And herein, from my likely ignoramus perspective, lies the problem.  The local interface that I'm using to allow dhcpd to start without it complaining about not having an interface within a configured address range is also the interface that is receiving the discover and sending the offer.  The problem is that this interface actually goes nowhere and is actually just an alias acting as an anchor.  Offers directed out this interface will get sent out on the wire which has no knowledge of how to actually reach 10.0.0.0/24.
> 
> My impression was that the ip helper-address would write the discovery in such a way where it would send the offer back out the same interface it was received on, but alas..
> 
> So I'm left with two conclusions.
> 
> 1.  I'm ignorant and don't actually understand how this is supposed to work.
> 2.  This idea is wrong and the only way that it will work is for my DHCP server to have an interface that is bridged back to the same common subnet as VLAN4000, but that would make the ip helper-address command useless, so I must be missing something.
> 
> I'm wondering if anyone might be able to offer some insight.  My google-fu seems to be useless in trying to find an answer or at least a direction.
> 
> Thanks in advance.
> 


Greetings
yes, the DHCP/UDP helper should pass the UDP requests to your dhcpd server. But since you are not seeing any packet data i would assume something is not configured correctly.

eg;

client [ 10.219.51.x ]------------[10.219.51.1 = L3 router = 10.0.0.1 ]-------[ 10.0.0.2] DHCP server

the client will broadcast local for dhcp info, the helper should pass that info to the server on the remote subnet after it fails the local broadcast check.

verify route paths and firewall ports between server and client.
-j

More information about the dhcp-users mailing list