Introduction and Overview
Dynamic Host Configuration Protocol (DHCP) is an IP protocol used by hosts on a TCP/IP network to receive IP configuration parameters such as IP address, default gateway, DNS server addresses, domain name among others. DHCP is used to assign IP configuration information to the clients automatically. It works at layer 4 and is a client-server protocol. DHCP uses UDP with the client using port 68 as the source port number and 67 as destination port number which is used by the server. DHCP is based on the BootP protocol. DHCP server can be local within the subnet, in a remote server. In relatively small networks, the DHCP server is usually the network default gateway.
Components of DHCP:
- DHCP server: devices assign IP configuration information to requesting clients. These may be dedicated such as Windows/Linux servers, or configured switches/routers. Routers and some switches can be configured as DHCP servers.
- DHCP client: devices that request for IP addresses and other network services such as DNS server addresses.
- IP address pool: Range of IP addresses to be assigned to clients.
- Lease: length of time that a client can use an assigned IP address.
- DHCP relay: used to forward DHCP requests from clients to servers when the server is located in a remote network. Device listens to broadcasts from the clients and forwards them to the server. This is common in networks with centralised DHCP servers.
DHCP is used to send IP configuration information to clients. Some of the IP configuration information that is issued by DHCP includes the following:
- IP address
- subnet mask
- default gateway IP address
- DNS server IP address
- Other IP addressing information
DHCP supports three mechanisms for IP address allocation:
- Automatic Allocation: DHCP assigns a permanent IP address to a client. Addresses for new clients are assigned from the address pool and, then mapped.
- Dynamic Allocation: DHCP assigns an IP address to a client for a limited period of time. The IP address is then returned to the pool when the lease is not renewed.
- Manual allocation: network administrator assigns an IP address to a client and DHCP is used simply to convey the assigned address to the client. This address is permanently assigned to the host.
The lease period must be renewed if a device wants to continue using the assigned IP configuration information. An infinite lease has the time set to 4294967295 seconds (136 years). The lease period must be renewed while it is still valid. Once a lease expires, the address issued is returned to the address pool. The first attempt to renew the lease period is at half the lease time. The second attempt occurs at half the remaining time limit i.e., at 3/4 of the original lease time.
The lease can be terminated by the client or server:
- Client: with the DHCPRELEASE message.
- Server: with the DHCPFORCERENEW and DHCPNACK messages.
In corporate networks, the lease should be made longer, say 24 hours or longer, as these users connect to the network frequently and routinely. For guest networks, the lease should be made short as guests users are likely to be connected for a shorter time period.
IP Configuration Allocation by DHCP
DHCP uses a four stage process for servers to allocate IP configuration parameters to clients. These stages are: DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, DHCPACK. These four stages are usually abbreviated as DORA. Most of the server DHCP messages are sent in unicast while clients send broadcasts.
Discover
Devices that would like to receive addresses through DHCP should be configured
as clients. End-user devices, by default, are configured to request for
DHCP services automatically. On IOS, interfaces are configured as
DHCP clients using the command ip address dhcp.
Network and server devices, should be configured with static IP addresses or receive their IP addresses through DHCP manual allocation.
A client sends a broadcast DHCPDISCOVER message onto the network using source port UDP port 68 and destination UDP port 67. Any DHCP servers on the local network will respond to the DHCPDISCOVER with an offer message. DHCP relays will receive the DHCP Discover message and forward it to the remote DHCP server.
- Source IP: 0.0.0.0
- MAC: client MAC
- Destination IP: 255.255.255.255
- Destination MAC: FFFF.FFFF.FFFF
If a response to the DHCPDISCOVER message is not received in a specified period of time, the client broadcasts another DHCPDISCOVER message. The following is a Wireshark packet capture of a DHCPDISCOVER message:
Frame 321: 333 bytes on wire (2664 bits), 333 bytes captured (2664 bits) on interface -, id 0
Ethernet II, Src: ca:07:06:8d:00:08 (ca:07:06:8d:00:08), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Dynamic Host Configuration Protocol (Discover)
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x000026e0
Seconds elapsed: 7
Bootp flags: 0x8000, Broadcast flag (Broadcast)
1... .... .... .... = Broadcast flag: Broadcast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0
Your (client) IP address: 0.0.0.0
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: ca:07:06:8d:00:08 (ca:07:06:8d:00:08)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Discover)
Length: 1
DHCP: Discover (1)
Option: (57) Maximum DHCP Message Size
Length: 2
Maximum DHCP Message Size: 1200
Option: (61) Client identifier
Length: 27
Type: 0
Client Identifier: cisco-ca07.068d.0008-Gi0/0
Option: (12) Host Name
Length: 2
Host Name: R7
Option: (55) Parameter Request List
Length: 8
Parameter Request List Item: (1) Subnet Mask
Parameter Request List Item: (6) Domain Name Server
Parameter Request List Item: (15) Domain Name
Parameter Request List Item: (44) NetBIOS over TCP/IP Name Server
Parameter Request List Item: (3) Router
Parameter Request List Item: (33) Static Route
Parameter Request List Item: (150) TFTP Server Address
Parameter Request List Item: (43) Vendor-Specific Information
Option: (255) End
Option End: 255
If clients are not in the same subnet as the server, the DHCPDISCOVER message will
have a non-zero value for giaddr field. If the client is in
the same subnet as the DHCP server, the DHCPDISCOVER packet will have a value
of zero.
Offer
A DHCP server that receives a DHCP Discover message will reply to the Discover
message with an offer message. The offer is sent to the broadcast address
255.255.255.255. Clients will identify the DHCPOFFER is intended for them because
the DHCP server includes the client MAC address that was in the DHCPDISCOVER
message received from the client.
For DHCPDISCOVER messages received from a DHCP relay, the appropriate address
pool is determined using the value of the giaddr field.
For a DHCPDISCOVER message received from a local subnet, the IP address of the interface
through which the message was received determines the pool to be used for assigning
the address.
Frame 37: 365 bytes on wire (2920 bits), 365 bytes captured (2920 bits) on interface -, id 0
Ethernet II, Src: ca:01:05:ca:00:08 (ca:01:05:ca:00:08), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 172.30.1.1, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (Offer)
Message type: Boot Reply (2)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x000010eb
Seconds elapsed: 0
Bootp flags: 0x8000, Broadcast flag (Broadcast)
1... .... .... .... = Broadcast flag: Broadcast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0
Your (client) IP address: 172.30.1.26
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: ca:07:06:8d:00:08 (ca:07:06:8d:00:08)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Offer)
Length: 1
DHCP: Offer (2)
Option: (54) DHCP Server Identifier (172.30.1.1)
Length: 4
DHCP Server Identifier: 172.30.1.1
Option: (51) IP Address Lease Time
Length: 4
IP Address Lease Time: (86340s) 23 hours, 59 minutes
Option: (58) Renewal Time Value
Length: 4
Renewal Time Value: (43170s) 11 hours, 59 minutes, 30 seconds
Option: (59) Rebinding Time Value
Length: 4
Rebinding Time Value: (75544s) 20 hours, 59 minutes, 4 seconds
Option: (1) Subnet Mask (255.255.255.0)
Length: 4
Subnet Mask: 255.255.255.0
Option: (3) Router
Length: 4
Router: 172.30.1.1
Option: (150) TFTP Server Address
Length: 4
TFTP Server Address: 172.30.1.10
Option: (6) Domain Name Server
Length: 8
Domain Name Server: 172.30.1.1
Domain Name Server: 172.30.5.10
Option: (15) Domain Name
Length: 25
Domain Name: emmanueltoko.blogspot.com
Option: (255) End
Option End: 255
Because clients send broadcasts, any DHCP servers listening can respond to the client. A client usually accepts the first offer it receives. If a client does not respond to a DHCPOffer message within a given amount of time the server can reclaim the IP addresses that it had reserved for the client. If a DHCP server cannot satisfy a DHCP request from its own database, it can forward the request to one or more secondary servers.
If an offer contains invalid configuration parameters, a client can respond with a DHCPDECLINE message sent in broadcast. A server sends a DHCPNAK denial broadcast message indicating that parameters are not assigned if an error occurred during the parameter negotiation or client was slow in responding to the offer, particularly if the address was assigned to another client.
Request
The client which receives the offer will send a request for the offered IP configuration parameters. If multiple DHCP servers respond with DHCP offer messages, the client usually processes the first offer and declines the others.
Frame 38: 345 bytes on wire (2760 bits), 345 bytes captured (2760 bits) on interface -, id 0
Ethernet II, Src: ca:07:06:8d:00:08 (ca:07:06:8d:00:08), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Dynamic Host Configuration Protocol (Request)
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x000010eb
Seconds elapsed: 0
Bootp flags: 0x8000, Broadcast flag (Broadcast)
1... .... .... .... = Broadcast flag: Broadcast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0
Your (client) IP address: 0.0.0.0
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: ca:07:06:8d:00:08 (ca:07:06:8d:00:08)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Request)
Length: 1
DHCP: Request (3)
Option: (57) Maximum DHCP Message Size
Length: 2
Maximum DHCP Message Size: 1200
Option: (61) Client identifier
Length: 27
Type: 0
Client Identifier: cisco-ca07.068d.0008-Gi0/0
Option: (54) DHCP Server Identifier (172.30.1.1)
Length: 4
DHCP Server Identifier: 172.30.1.1
Option: (50) Requested IP Address (172.30.1.26)
Length: 4
Requested IP Address: 172.30.1.26
Option: (12) Host Name
Length: 2
Host Name: R7
Option: (55) Parameter Request List
Length: 8
Parameter Request List Item: (1) Subnet Mask
Parameter Request List Item: (6) Domain Name Server
Parameter Request List Item: (15) Domain Name
Parameter Request List Item: (44) NetBIOS over TCP/IP Name Server
Parameter Request List Item: (3) Router
Parameter Request List Item: (33) Static Route
Parameter Request List Item: (150) TFTP Server Address
Parameter Request List Item: (43) Vendor-Specific Information
Option: (255) End
Option End: 255
Acknowledge
DHCP servers acknowledge the IP configuration parameters that were offered to the client. The DHCP process also sets the IP address of the gateway. This is usually a static route with an administrative distance of 254.
Frame 39: 365 bytes on wire (2920 bits), 365 bytes captured (2920 bits) on interface -, id 0
Ethernet II, Src: ca:01:05:ca:00:08 (ca:01:05:ca:00:08), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 172.30.1.1, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (ACK)
Message type: Boot Reply (2)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x000010eb
Seconds elapsed: 0
Bootp flags: 0x8000, Broadcast flag (Broadcast)
1... .... .... .... = Broadcast flag: Broadcast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0
Your (client) IP address: 172.30.1.26
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: ca:07:06:8d:00:08 (ca:07:06:8d:00:08)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (ACK)
Length: 1
DHCP: ACK (5)
Option: (54) DHCP Server Identifier (172.30.1.1)
Length: 4
DHCP Server Identifier: 172.30.1.1
Option: (51) IP Address Lease Time
Length: 4
IP Address Lease Time: (86340s) 23 hours, 59 minutes
Option: (58) Renewal Time Value
Length: 4
Renewal Time Value: (43170s) 11 hours, 59 minutes, 30 seconds
Option: (59) Rebinding Time Value
Length: 4
Rebinding Time Value: (75544s) 20 hours, 59 minutes, 4 seconds
Option: (1) Subnet Mask (255.255.255.0)
Length: 4
Subnet Mask: 255.255.255.0
Option: (3) Router
Length: 4
Router: 172.30.1.1
Option: (150) TFTP Server Address
Length: 4
TFTP Server Address: 172.30.1.10
Option: (6) Domain Name Server
Length: 8
Domain Name Server: 172.30.1.1
Domain Name Server: 172.30.5.10
Option: (15) Domain Name
Length: 25
Domain Name: emmanueltoko.blogspot.com
Option: (255) End
Option End: 255
DHCP Relay
By default, routers block broadcast messages. So these messages do not get sent to a remote DHCP server unless a DHCP relay has been configured. The DHCP relay takes the DHCPDISCOVER broadcast message and sends a unicast DHCPDISCOVER meesage to the DHCP server.
The network that the DHCP relay (and client) reside in should be known to the DHCP server or its default router. Otherwise the DHCP server will not have a route to replay to the DHCP Discover message. The DHCP relay should have IP reachability to the network of the remote DHCP server.
The DHCP relay is configured on the interface facing the clients i.e., the interface directly connected to the clients.
A DHCP relay agent forwards the following:
- TFTP
- DNS
- Internet Time Service(ITS)
- NetBIOS name server
- NetBIOS datagram server
- BootP
- TACACS
The command to configure the DHCP relay is ip helper-address <dhcp-server-ip-address>.
DHCP Messages
DHCP messages include: DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, DHCPACK, DHCPDECLINE, DHCPNAK, DHCPRELEASE, DHCPINFORM.
DHCPDECLINE
Message is sent by a client to a server informing that an IP address is already in use on the network.
DHCPNAK
Server sends this message to a client and informs that the server declines to provide the client the requested IP configuration information.
DHCPRELEASE
Client sends this message to a server informing it that the client has released its DHCP lease, this allowing the DHCP server to reassign the IP address to another client.
DHCPINFORM
Client sends this message to a server requesting IP configuration parameters. Such a message might be sent from an access server requesting IP configuration information for a remote client attaching to the access server.
DHCP Options
The DHCP server and client exchange IP configuration parameters using DHCP options. DHCP options are defined by a numeric variable and value. There are up to 255 DHCP options available (from 0 to 254). These options can be categorized into options for:
- IP Layer parameters per host such as policy filters, maximum datagrame reassembly size, default IP TTL, path MTU aging timeout etc.
- IP Layer parameters per interface such as interface MTU, broadcast address, router solicitation address etc.
- TCP parameters suchas TCP keepalive interval, TCP keepalive garbage option
- Application and service parameters
| Option Number | Value | Description |
| 1 | Subnet mask | The subnet mask option specifies the client's subnet mask. If both the subnet mask and the router option are specified in a DHCP reply, the subnet mask option MUST be first. |
| 3 | Router | The router option specifies a list of IP addresses for routers on the client's subnet. Routers SHOULD be listed in order of preference. |
| 6 | Domain Name Server | The domain name server option specifies a list of Domain Name System name servers available to the client. Servers SHOULD be listed in order of preference. |
| 12 | Host name | This option specifies the name of the client. The name may or may not be qualified with the local domain name. |
| 15 | Domain Name | This option specifies the domain name that client should use when resolving hostnames via the Domain Name System. |
| 50 | Requested IP Address | This option is used in a client request (DHCPDISCOVER) to allow the client to request that a particular IP address be assigned. This DHCP option is used by a host computer when it previously connected to the network and would like to reuse its previously assigned IP address. New devices to not use this option. |
| 51 | IP Address Lease Time | This option is used in a client request (DHCPDISCOVER or DHCPREQUEST) to allow the client to request a lease time for the IP address. In a server reply (DHCPOFFER), a DHCP server uses this option to specify the lease time it is willing to offer. The time is in units of seconds, and is specified as a 32-bit unsigned integer. |
| 53 | DHCP Message Type |
This option is used to convey the type of the DHCP message. The code
for this option is 53, and its length is 1. Legal values and message types
for this option are:
|
| 54 | Server Identifier | Used in DHCPOFFER and DHCPREQUEST messages to allow the client to distinguish between lease offers received from different DHCP servers. DHCP clients use the contents of the 'server identifier' field as the destination address for any DHCP messages unicast to the DHCP server. DHCP clients also indicate which of several lease offers is being accepted by including this option in a DHCPREQUEST message. The identifier is the IP address of the selected server. |
| 55 | Parameter Request List | This option is used by a DHCP client to request values for specified configuration parameters. The list of requested parameters is specified as n octets, where each octet is a valid DHCP option code. The client MAY list the options in order of preference. The DHCP server is not required to return the options in the requested order, but MUST try to insert the requested options in the order requested by the client. |
| 56 | Message | This option is used by a DHCP server to provide an error message to a DHCP client in a DHCPNAK message in the event of a failure. A client may use this option in a DHCPDECLINE message to indicate the why the client declined the offered parameters. The message consists of n octets of NVT ASCII text, which the client may display on an available output device. |
| 61 | Client-identifier | This option is used by DHCP clients to specify their unique identifier. DHCP servers use this value to index their database of address bindings. This value is expected to be unique for all clients in an administrative domain. Identifiers SHOULD be treated as opaque objects by DHCP servers. The client identifier MAY consist of type-value pairs. For instance, it MAY consist of a hardware type and hardware address. In this case the type field SHOULD be one of the ARP hardware types. A hardware type of 0 (zero) should be used when the value field contains an identifier other than a hardware address (e.g. a fully qualified domain name). For correct identification of clients, each client's client- identifier MUST be unique among the client-identifiers used on the subnet to which the client is attached. Vendors and system administrators are responsible for choosing client-identifiers that meet this requirement for uniqueness. |
| 66 | TFTP Server Name | This option is used to identify a TFTP server when the 'sname' field in the DHCP header has been used for DHCP options. |
| 69 | SMTP | The SMTP server option specifies a list of SMTP servers available to the client. Servers SHOULD be listed in order of preference. |
| 70 | POP3 | The POP3 server option specifies a list of POP3 available to the client. Servers SHOULD be listed in order of preference. |
| 82 | Relay Agent | Option 82 feature provides the Cisco IOS Dynamic Host Configuration Protocol (DHCP) server the ability to allocate dynamic IP addresses based on the relay information option (option 82) information sent by the relay agent.. |
| 150 | TFTP server | This option is used to identify a TFTP server when the 'sname' field in the DHCP header has been used for DHCP options. This option is usually used by IP Phones to locate the TFTP server from which they can download configurations or update their firmware. |
The entire list of DHCP options can be obtained from the RFC document defining DHCP.
Configuration
To enable DHCP servers on a router or switch, the DHCP needs to be enabled. This
is done using the command service dhcp.
Server
The server is not bound to any network. It can issue IP addresses for many networks
if many DHCP pools are configured. Servers and relay agent features are enabled
by default. If disabled, re-enable using the global configuration command
service dhcp.
Features include:
- network
- default-router
- lease
- dns-server
- Options: TFTP servers can be specified as an option. This is important particularly for IP phones. This value is in digits.
- Excluded Addresses:
Before configuring the DHCP features, it is best to first configure addresses to
be excluded from being assigned to clients. These are usually addresses reserved
for hosts to receive addresses through static configuration such as network devices,
servers.
To exclude a range
addresses from being assigned to clients, use the command
ip dhcp excluded-address <low-ip-address> <high-ip-address>.DHCP_SERVER(config)#ip dhcp excluded-address 192.168.1.2 192.168.1.20Note that a router cannot issue an IP address for one of its interfaces even if that address is not included in the range of the excluded addresses. This command can be entered multiple times.
-
DHCP Pool:
A DHCP Pool is a range of addresses or scope that the DHCP server will use for assigning
IP addresses to clients. When a client sends out a DHCPDiscover message, the
server will pick an IP address from the pool (usually the lowest available address)
and offer it to the client.
DHCP_SERVER(dhcp-config)#?
DHCP pool configuration commands:
accounting Send Accounting Start/Stop messages
bootfile Boot file name
class Specify a DHCP class
client-identifier Client identifier
client-name Client name
default-router Default routers
dns-server DNS servers
domain-name Domain name
exit Exit from DHCP pool configuration mode
hardware-address Client hardware address
host Client IP address and mask
import Programatically importing DHCP option parameters
lease Address lease time
netbios-name-server NetBIOS (WINS) name servers
netbios-node-type NetBIOS node type
network Network number and mask
next-server Next server in boot process
no Negate a command or set its defaults
odap Configure ODAP
option Raw DHCP options
origin Configure the origin of the pool
relay Function as a DHCP relay
remember Remember released bindings
renew Configure renewal policy
server Configure the server ID option value
subnet Subnet allocation commands
update Dynamic updates
utilization Configure various utilization parameters
vrf Associate this pool with a VRF
DHCP_SERVER(config)#
DHCP_SERVER(config)#ip dhcp pool DHCP_POOL_10.3.1.0/24
DHCP_SERVER(dhcp-config)#network 10.3.1.0 255.255.255.0
DHCP_SERVER(dhcp-config)#default-router 10.3.1.1 10.3.1.2
DHCP_SERVER(dhcp-config)#lease 1 12 0
- The DHCP pool has been defined using the name DHCP_POOL_10.3.1.0/24.
- network: The subnet is defined here alongside the subnet mask. Here, it is 10.3.1.0 with a subnetwork mask of 255.255.255.0
- default-router: defines the default gateway(s) for the subnet. More than one default gateway can be defined. Here, it is 10.3.1.1 and 10.3.1.2
- lease: Defines the lease. By default it is set to 1 day (24 hours). Here, it is configured for one day and twelve hours and zero minutes (36 hours)
- dns-server: the list of DNS servers with most preferred servers listed first.
- Configure any DHCP options using the command
option <option-code> [ascii | hex | instance | ip] <value>.DHCP_SERVER(dhcp-config)#option 15 ?
ascii Data is an NVT ASCII string
hex Data is a hexadecimal string
instance Specify the option instance
ip Data is one or more IP addresses
DHCP_SERVER(dhcp-config)#option 15 ascii emmanueltoko.blogspot.com
DHCP_SERVER(dhcp-config)#dns-server 8.8.4.4 8.8.8.8
DHCP_SERVER(dhcp-config)#exit
DHCP_SERVER(config)#- option: 15 is the DHCP option for domain name. Here it is
emmanueltoko.blogspot.com. The domain name could have easily been entered using
the more traditional command
domain-name emmanueltoko.blogspot.com
- option: 15 is the DHCP option for domain name. Here it is
emmanueltoko.blogspot.com. The domain name could have easily been entered using
the more traditional command
-
Manually Assigned Addresses: can be issused to specified clients
by mapping a particular address to the client identifier which, by default,
is the MAC address.
DHCP_SERVER(dhcp-config)#address 10.3.1.2 hardware-address 0000.deaf.beaf
DHCP Server Pinging an address before Offer to Client
Before a DHCP server offers an IP address to a client, the server first pings the IP address to confirm that no other host has that address. By default, the address is pinged twice before being issued. However, you can configure the number of times that a DHCP server pings an address before it offers the address using the command;
DHCP_SERVER(config)#ip dhcp ping packets 5
Here, the value five (5) has been entered indicating that the DHCP server should ping the IP address five times before offering the address in a DHCPOFFER message to the client. Setting the ping number to zero deactivates the ability of the DHCP server to ping an IP address before offering it in a DHCPOFFER message. Take note that this may compromise the ability of a DHCP server from detecting IP address conflicts using the ping method. If a host exists on the network with an IP address that the DHCP server intends to offer to a client, the server will record an IP address conflict and how it determined the conflict. In this case the conflict will the determined by pinging.
DHCP_SERVER#
DHCP_SERVER#
*Jan 23 21:50:17.155: %DHCPD-4-PING_CONFLICT: DHCP address conflict: server pinged 10.1.13.1.
DHCP_SERVER#show ip dhcp conflict
IP address Detection method Detection time VRF
10.1.13.1 Ping Jan 23 2021 09:50 PM
DHCP_SERVER#
Ping Timeout
The default timeout of DHCP servers is 500ms (milliseconds). To change this value, issue the following command in global configuration mode;
DHCP_SERVER(config)#ip dhcp ping timeout 200
Note that setting a higher value for ping timeout and number of packets increases the amount of time that a client takes to receive an IP address through DHCP.
Client
By default, most host devices such as computers, and phones are set to receive network configuration parameters through DHCP.
Usually, network devices such as routers, switches and servers have their network configuration done manually. However, if circumstances require that a router or switch receive network configuration parameters through DHCP, the following command makes this possible:
Router(config)#interface gigabitEthernet0/0
Router(config-if)ip address dhcp
After receiving network configuration information, DHCP installs a static default route in the routing table. This route has a default administrative distance of 254 which is the worst acceptable administrative distance.
Relay
Relay agents are used to forward requests and replies between clients and servers when they are not in the same subnet. DHCP messages exchanged between the DHCP relay and the DHCP server are unicast. Relay agent supports the use of unnumbered interfaces through adding a static host route. To configure a local router as a DHCP relay, use the following command;
Router(config)#interface gigabitEthernet0/0
Router(config-if)#ip helper-address 10.1.14.2
Database Agents
A database agent is any host for example a (T)FTP server, RCP (Remote Copy Protocol) server that stores the DHCP bindings database. It could also be a storage media device or partition on the DHCP server. It is recommended by Cisco for a DHCP database agent to be configured. The purpose of the DHCP database agent is to store the recording of DHCP address conflicts so that if the Cisco IOS device (router or switch) reboots, the DHCP conflict logs cannot be lost. If these are lost, some addresses run the risk of being removed from the pool and yet are not assigned to a client. This leads to waste of addresses. To entirely disable a DHCP address conflict logging, run the command;
DHCP_SERVER(config)#no ip dhcp conflict logging
To export the DHCP bindings database to a database agent, enter the following command;
DHCP_SERVER(config)#ip dhcp database <ip-address>
DHCP Optimization
In order to optimise DHCP operation, it may be advisable to carryout the following configurations:
- In an Ethernet network (wired) with fewer than 254 hosts, the default number of pings is OK. It may be possible to decrease the ping timeout value if the DHCP server is in the same subnet as the host, or less than three hops away. Timeout values of 70ms are OK for an entirely wired path from client to server with no more than 5 hops.
- In a wireless configuration, the timeout value can be decreased to 200ms.
- In a large network with several hosts (more than 254) having static addresses, increase the number of pings to four.
- Increasing the switch MAC address holdtime may also help improve DHCP performance. This may eliminate the need for ARP when a client initially connects to the network.
Import Configuration Parameters
To import DHCP options into a local DHCP server database from a remote/central DHCP server, use the following command;
DHCP_SERVER(config)#ip dhcp pool DHCP_POOL
DHCP_SERVER(dhcp-config)#network 192.168.1.0 255.255.255.0
DHCP_SERVER(dhcp-config)#import all
Monitoring and Maintaining a DHCP Server
Router#clear ip dhcp binding <ip-address | *>
Router#clear ip dhcp conflict
Router#clear ip dhcp server statistics
Router#clear ip route <vrf-name> dhcp <ip_address>
Verification
show ip dhcp binding
Displays information about the allocated IP addresses and the lease period.
R1#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
172.16.1.2 0063.6973.636f.2d63. Apr 24 2023 09:45 PM Automatic
6130.382e.3036.3963.
2e30.3030.382d.4769.
302f.30
172.17.0.1 0063.6973.636f.2d63. Apr 24 2023 09:53 PM Automatic
6130.342e.3036.3236.
2e30.3030.382d.4769.
302f.30
172.30.1.26 0063.6973.636f.2d63. Apr 24 2023 09:15 PM Automatic
6130.372e.3036.3864.
2e30.3030.382d.4769.
302f.30
R1#
show ip dhcp database
Displays details of configured DHCP database agents.
R1#show ip dhcp database
URL : 172.17.1.1
Read : Never
Written : Never
Status : Last write failed because of a protocol error.
Delay : 300 seconds
Timeout : 300 seconds
Failures : 1
Successes: 0
show ip dhcp server statistics
Number of messages exchanged using DHCP.
R1#show ip dhcp server statistics
Memory usage 52771
Address pools 3
Database agents 0
Automatic bindings 3
Manual bindings 0
Expired bindings 0
Malformed messages 0
Secure arp entries 0
Message Received
BOOTREQUEST 0
DHCPDISCOVER 72
DHCPREQUEST 3
DHCPDECLINE 0
DHCPRELEASE 0
DHCPINFORM 0
Message Sent
BOOTREPLY 0
DHCPOFFER 3
DHCPACK 3
DHCPNAK 0
R1#
show ip dhcp conflict
show ip dhcp pool
Displays configured DHCP pools and their respective info.
R1#show ip dhcp pool
Pool POOL_172.30.1.0/24 :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 254
Leased addresses : 1
Pending event : none
1 subnet is currently in the pool :
Current index IP address range Leased addresses
172.30.1.27 172.30.1.1 - 172.30.1.254 1
Pool POOL_172.16.1.0/24 :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 254
Leased addresses : 1
Pending event : none
1 subnet is currently in the pool :
Current index IP address range Leased addresses
172.16.1.3 172.16.1.1 - 172.16.1.254 1
Pool 172.17.1.0/23 :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 510
Leased addresses : 1
Pending event : none
1 subnet is currently in the pool :
Current index IP address range Leased addresses
172.17.0.2 172.17.0.1 - 172.17.1.254 1
R1#
debug ip dhcp server events
debug ip dhcp server packet
show dhcp lease
Verify DHCP IP parameters on the client.
R8#show dhcp lease
Temp IP addr: 172.16.1.2 for peer on Interface: GigabitEthernet0/0
Temp sub net mask: 255.255.255.0
DHCP Lease server: 172.16.1.1, state: 5 Bound
DHCP transaction id: 616
Lease: 86400 secs, Renewal: 43200 secs, Rebind: 75600 secs
Next timer fires after: 11:30:58
Retry count: 0 Client-ID: cisco-ca08.069c.0008-Gi0/0
Client-ID hex dump: 636973636F2D636130382E303639632E
303030382D4769302F30
Hostname: R8
R8#
show ip route dhcp <ip-address>
Router#show ip route Troubleshooting
Routers, by default, do not forward broadcasts.
- DHCP pool out of addresses: expand the scope of addresses or purge the old leases. Issue shorter releases.
- Misconfiguration
- Duplicate address
- Redundant DHCP services not communicating and handing out overlapping addresses
- "Pull" nature of DHCP: DHCP server cannot initiate a change on the client if a problem is detected.
- Interface not configured with IP address in DHCP Pool. IP addresses should be in the pool.
- DHCP snooping may be blocking messages.
IP address conflict: clear ip dhcp conflict *.
