Configure router to pass DHCP requests from local clients to a centralized DHCP server
The traditional role of routers in DHCP has been simply to act as a proxy device, forwarding information between the client and server. Since IOS level 12.0(1)T, Cisco routers also have DHCP server and client features. But the DHCP proxy function is still the most common for routers.
Because the initial DHCP request comes from a client that typically doesn’t have an IP address, it must find the server using a Layer 2 broadcast. So, if the router was not able to function as a proxy for these broadcasts, it would be necessary to put a DHCP server on every network segment.
IP Helper Configuration Example:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#interface Ethernet0 Router1(config-if)#ip helper-address 172.25.1.1 Router1(config-if)#ip helper-address 172.25.10.7 Router1(config-if)#exit Router1(config)#end Router1#
NB: 172.25.1.1 and 172.25.10.7 is DHCP server IP Address
The DHCP server needs two critical pieces of information before it can allocate an IP address to the client. It must know the subnet that the client is connected to, and it needs the client device’s MAC address. The subnet information is needed to ensure that the address that the server allocates will actually work on client’s network segment. And the MAC address is necessary so that the server can find any information that is unique to this workstation. This is particularly true if you need to ensure that the end device always gets the same IP address every time it connects to the network.
So the DHCP proxy, which is the router itself, must convert the local broadcast from the client to a unicast packet and forward it to the server. This is what the ip helper-address command does.
When the DHCP client sends the DHCP request packet, it doesn’t have an IP address. So it uses the all-zeroes address, 0.0.0.0, as the IP source address. And it doesn’t know how to reach the DHCP server, so it uses a general broadcast address, 255.255.255.255, for the destination.
So the router must replace the source address with its own IP address, for the interface that received the request. And it replaces the destination address with the address specified in the ip helper-address command. The client device’s MAC address is included in the payload of the original DHCP request packet, so the router doesn’t need to do anything to ensure that the server receives this information.
The DHCP server now has enough information to assign an address from the correct address pool, since it now knows what the originating subnet was for the DHCP request. The server then sends a unicast response back to the proxy router, which in turn sends the request back to the correct MAC address.
The example shows two ip helper-address commands. You should include one of these commands for each of your DHCP servers. The router will forward the DHCP broadcasts to all of these addresses. Most organizations use at least two DHCP servers because although the utilization is light, the functionality is critical. In the very likely event that the client device receives several responses to a DHCP request, it will usually just select the one it received first.
It is important to note that the ip helper-address command does not just forward DHCP requests. In fact, although you can configure it to forward any UDP broadcast you want, by default it will forward UDP broadcast packets for several different UDP ports to the specified address. In some cases, this unwanted traffic can cause problems on the network or DHCP server.
The show ip interface command includes information about the helper addresses configured on an interface:
Router1#show ip interface Ethernet0 Ethernet0 is up, line protocol is up Internet address is 192.168.30.1/24 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes Helper addresses are 172.25.1.3 172.25.1.1 Directed broadcast forwarding is disabled <removed for brevity> Router1#
Limiting the Impact of IP Helper Addresses
The ip helper-address command implicitly enables forwarding several different kinds of UDP broadcasts. You can prevent the router from forwarding the unwanted types of broadcasts with the no ip forward-protocol udp configuration command:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#no ip forward-protocol udp tftp Router1(config)#no ip forward-protocol udp nameserver Router1(config)#no ip forward-protocol udp domain Router1(config)#no ip forward-protocol udp time Router1(config)#no ip forward-protocol udp netbios-ns Router1(config)#no ip forward-protocol udp netbios-dgm Router1(config)#no ip forward-protocol udp tacacs Router1(config)#end Router1#
[…] read more here […]
Thank you very very much for the information.
Thank you the information is very usefull.
good and it would be more better if having scenorios and explain the concepts.
Thanks
Good explanation, nice and clear – thankyou !
Thankyou, Its very useful
“it must find the server using a Layer 2 broadcast”. Just want to tell you it will use a layer 3 broadcast (with a destination IP address of 255.255.255.255), not layer 2.
Good article, thanks!
Ur sure? :S
i think it’s layer 2 Alana
as in FF.FF.FF.FF.FF.FF mac add for broadcast
Thank you for this very well written and informative post. You’ve explained the command in a very simple yet incredibly useful manner so that I now understand the technology.
Information really cleared my doubts.
Thank you very much. 🙂
We are setting up MetaIP servers for our dhcp services at all sites. Each MetaIP server will “replicate” scopes, etc to a backup server at a remote site. Therefore, we will have a dhcp server at every site but want to have failover capabilities in case the local server goes offline and thus need to configure an ip helper-address for the remote “standby” dhcp server. In this situation, would you want to create just one ip helper:
ip helper-address [remote standby server]
or would you want to create 2:
ip helper-address [local server]
ip helper-address [remote standby server]
Thank you in advance.
Very informative. Thankyou very much.
Very useful information. Practical and straight forward. Thanks much!!
Very detailed info. Good job
Detailed information, easy to pick up !! Thank you
Hi,
one of the better articles I’ve come across. we are about to set up second IPHelpers on all routers with seperate IPpoolof scopes at that second location. no dups:)
bottom line, when a clients reboot w/s and if the dhcp server today is unavailable -they will receive the 169.x.xx ip from M/s. can’t figure out why they get nack and the lease we had given out a couple of days earlier gets squashed? the lease period we use is 30 day to minimize dhcp/renewals . if they would maintain their lease, I’d be one happy camper. could it be the router … any ideas on that one. D.
Thanks for spending the time to describe the terminlogy towards the beginners!
Simple & sober information, thanks.
One question :- how to break the router/switch password without re-booting the device.
Chander Parkash
chandercpb@gmail.com
Thanks Yohanes for the straight-forward explanation.
A lame question- is the ‘ip helper-address’ command conf’d on the interface to the client or on the one to the DHCP server? Anyone?
@Sd
Because the ip helper address is serving as proxy for the client (a device that doesn’t yet have an ip address), it must be configured on the client’s interface to function for that client.
But then again, it would probably be configured for the interfaces on every segment that has DHCP required (except for the DHCP server’s – it’s not required there because the server will get the broadcast requests directly).
Cheers,
Stephen
stephen@gospelshabbat.com
Got it. Thanks Stephen!
@Sd
Because the ip helper address is serving as proxy for the client (a device that doesn’t yet have an ip address), it must be configured on the client’s interface to function for that client.
But then again, it would probably be configured for the interfaces on every segment that has DHCP required (except for the DHCP server’s – it’s not required there because the server will get the broadcast requests directly).
Cheers,
Stephen
stephen@gospelshabbat.com
it’s veru helpfull site
thank you
rohit verma
9958140513
Awesome Article
Thank you
rq
charlie
Thanks to your explanation. I added a new dhcp server in our network. With this command, I was able to put the new server to handle addresses and tcp ip information for clients. really appreciated!
Great Ideas in this post. It’s good to know some quality blogs still exist now that have useful information. Looking forward to your next posts. Thanks for sharing pal.
So this is configurations for DHCP relay agent??
This is does more than the job and does not pass the majority of junk traffic!
Thanks a lot !!!
Thanks for the clear info !!
But, In our environment :
Is Dhcp server with two NIC’s ( i.e 2 different subnets) better than using ip-address helper ( @Router end) for kickstarting clients on different subnets .
We dont want to make our network fuzzy
Any suggestions ?
can anyone tell me the setup of dhcp server side?
i have L3 Switches and i already configure the ip helper address command in my router, but still the client cant get ip address from the server.
Good One
You have to configure your switches to use ip helper-address to find your DHCP server if they are on different subnets.
http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_13_ea1/configuration/guide/swdhcp82.html
Great article!
just wondering, do I have to(or better question could I ?) put ip helper to access layer switches ?
There is option to set ip helper on vlan interface if L2 switch is in transparent mode.
My logic tells me that routing occurs on L3 distribution switches, so probably right thing would be to configure it on L3?
Regards,
L
Great article! thanks you very much for your time writing it, helped me to understand the command much better
includell: you can configure ip helper on SVI’s, or a MLS switch. if the port is in L2 mode, you can’t configure ip helper since the interface itself doesn’t have an ip assigned to it. to configure ip helper, you need the interface to have an IP address in the same subnet mask.
Great article! Gave me a better understanding of what the engineers are doing behind the scenes as they tend to not share information when something breaks…
Thank you very much, it clear all my doubts. =)
What i don’t realize is if truth be told how you’re now not
really much more neatly-preferred than you may be now.
You’re very intelligent. You know thus significantly in relation to this matter, produced me in my view believe it from a lot of various angles. Its like women and men don’t seem to be
fascinated unless it is something to do with Girl gaga!
Your own stuffs great. At all times handle it up!
Hi, i read your blog from time to time and i own a similar one and i was just wondering if you get a lot of spam
remarks? If so how do you reduce it, any plugin or anything you can advise?
I get so much lately it’s driving me crazy so any assistance is very much appreciated.
This is very interesting, You’re a very skilled blogger. I’ve joined your feed and look
forward to seeking more of your excellent post. Also, I have shared your site in my
social networks!
You said it perfectly..
amazing explanation..so easy to understand about IP helper address !!
Thanks
Sid
Each 2 year management consultants in the Asia receive more than $3 billion for their services.
Much of this money pays for unsupported statistics and poorly prepared resource fo review
services, federal rules & procedure evaluation.
Our business model concept is focusing in safeguarding and improving practice.
We and our partners undertake a wide range of areas of activity, including RTF – our own unique system of review.
We, have goodly experienced and talented managers offer a wide variety of special session services to meet people many needs.
We and our partner provides you with the research and statistics tools to grow your share of the American market penetration.
We offer detailed support that can help you achieve your business goals through consulting
on strategic things, product development, marketing
programs and channels for distribution.
A common goal for a statistical research project
is to discover causality, and in particular to
draw a actionable conclusion on the effect of changes in the values of predictors or
independent variables on dependent variables or actions. There are 2 major types
of causal statistical studies: experimental study
and observational studies. In both types of studies,
the effect of differences of an independent variable
(or variables) on the behavior of the dependent
variable are observed.
hi there, my problem is my externel dhcp server assigned IPs for pppoe client but all ip assigned to one mac address(interface of router that connect to sw 3560 that connect to dhcp server).i use ip helper address under interface virtual-tempalte .
Everything is very open with a precise clarification of the issues.
It was definitely informative. Your site is
very useful. Thank you for sharing!
Have you ever considered writing an e-book or guest authoring on
other websites? I have a blog based on the same ideas you discuss and would
love to have you share some stories/information.
I know my audience would appreciate your work. If you are even remotely interested, feel free to shoot
me an e mail.
gillette advil professional samples
Hi this is kind of of off topic but I was wanting to
know if blogs use WYSIWYG editors or if you have to manually code with HTML.
I’m starting a blog soon but have no coding knowledge so I wanted to get guidance
from someone with experience. Any help would be greatly appreciated!
Sollte ich lieber eine Olympus Kamera kaufen, oder keine
Marken Kamera?
The Dubai-based Debtors Assets can be captured
if the court governs against them. You’re now equipped with
the fundamental know-how that you require to be able to overcome the debt collection industry.
A professional debt recovery letter can save you from all of that.
If some one desires to be updated with hottest technologies therefore
he must be visit this website and be up to date all the time.
What’s up to all, how is thhe whole thing, I think every one is getting more from this site,
and your views are nice in favor of new visitors.
Hi, everything is going perfectly here and ofcourse every one
is sharing data, that’s in fact fine, keep up writing.