Features and DHCP settings on Cisco routers
In this article, I want to consider using a DHCP server based on a Cisco router in a corporate network ...
As the name implies, Dynamic Host Configuration Protocol (DHCP) is used to dynamically configure network device parameters.
')
The operation of the DHCP protocol begins with the fact that a client that needs dynamic configuration, sends a DISCOVERY request. It looks like this:
Next is the options field, option numbers can range from 0 to 255, each option has its own purpose:
In response, the server sends an OFFER clause in which it indicates the address it assigns to the client, and also fills in the options with the appropriate values:
A client can receive several OFFER offers from different DHCP servers (if there are several), which of the servers to give preference to, is selected by the client itself. Usually the client chooses the server from which he first received the offer.
After the client determines for itself the server from which it wants to receive the configuration, it sends a REQUEST request. The request is sent broadcasting so that all DHCP servers can receive it, and the address of the server that the client has selected is specified in the special option:
Thus, the client tells all servers in the broadcast domain which one he chooses.
The next step is to confirm the request ( ACK message) from the server. The server also broadcasts a confirmation, but in the body of the message it explicitly indicates the client's MAC address:
When assigning addresses, both the client and server verify their uniqueness. Suppose a server is configured with an address pool that starts at 192.168.13.2. The first pool address is assigned manually by one of the network users. When assigning such an address via DHCP, a conflict will occur, therefore, the following mechanism exists for initiating conflicts:
After receiving the DISCOVERY message (line 1), the server selects the first address from the pool (in this case, 192.168.13.2) and sends an ARP request to it (line 2)
Since a computer with this address exists on the network, the server receives a response (line 3).
To make sure that there is a node on the network with the address 192.168.13.2, the server sends an Echo-Request to this address (line 4) and receives a response (line 5).
In this case, the server takes the next free address from the pool (in this case, 192.168.13.3) and sends an ARP request to it (line 6)
Without waiting for a response (almost 15 seconds have passed), the server considers the address free and offers it to the client in a REQUEST message (line 7).
The client, confirming the receipt of the address (line 8) and waiting for confirmation from the server (line 9), also checks whether the issued address is occupied by someone.
This is done by sending ARP requests by the client (lines 10-12); if the response to the request is not received, the client assigns the received address to itself on the interface.
Consider the simplest case when a single address pool is configured on a router and the server is in the same broadcast domain as the clients:
With this configuration, the server will issue addresses only to clients whose request came through an interface whose address is on the same network as the configured pool.
That's all for now, thank you for your attention and for the invite :). In the future, I plan to describe in more detail the work of DHCP-Relay and a number of specific options.
1. Theory
As the name implies, Dynamic Host Configuration Protocol (DHCP) is used to dynamically configure network device parameters.
')
The operation of the DHCP protocol begins with the fact that a client that needs dynamic configuration, sends a DISCOVERY request. It looks like this:
Frame 34 (342 bytes on wire, 342 bytes captured)
Ethernet II, Src: 02:00:4c:4f:4f:50 (02:00:4c:4f:4f:50), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
#-
Internet Protocol, Src: 0.0.0.0 (0.0.0.0), Dst: 255.255.255.255 (255.255.255.255)
#IP-
User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
#UDP- 68 67
Client IP address: 0.0.0.0 (0.0.0.0)
# , , , ip-
Your (client) IP address: 0.0.0.0 (0.0.0.0)
# , DHCP-
Next server IP address: 0.0.0.0 (0.0.0.0)
# DHCP-
Relay agent IP address: 0.0.0.0 (0.0.0.0)
# Relay-, ( )
Client MAC address: 02:00:4c:4f:4f:50 (02:00:4c:4f:4f:50)
#-
Next is the options field, option numbers can range from 0 to 255, each option has its own purpose:
Option: (t=50,l=4) Requested IP Address = 192.168.13.2
# 50 4 , IP-,
Option: (t=12,l=8) Host Name = "MainHost"
# 12 8 , ,
Option: (t=55,l=11) Parameter Request List
# 55, , 11 ,
In response, the server sends an OFFER clause in which it indicates the address it assigns to the client, and also fills in the options with the appropriate values:
A client can receive several OFFER offers from different DHCP servers (if there are several), which of the servers to give preference to, is selected by the client itself. Usually the client chooses the server from which he first received the offer.
After the client determines for itself the server from which it wants to receive the configuration, it sends a REQUEST request. The request is sent broadcasting so that all DHCP servers can receive it, and the address of the server that the client has selected is specified in the special option:
Option: (t=54,l=4) DHCP Server Identifier = 192.168.13.1Thus, the client tells all servers in the broadcast domain which one he chooses.
The next step is to confirm the request ( ACK message) from the server. The server also broadcasts a confirmation, but in the body of the message it explicitly indicates the client's MAC address:
Client MAC address: 02:00:4c:4f:4f:50 (02:00:4c:4f:4f:50)When assigning addresses, both the client and server verify their uniqueness. Suppose a server is configured with an address pool that starts at 192.168.13.2. The first pool address is assigned manually by one of the network users. When assigning such an address via DHCP, a conflict will occur, therefore, the following mechanism exists for initiating conflicts:
After receiving the DISCOVERY message (line 1), the server selects the first address from the pool (in this case, 192.168.13.2) and sends an ARP request to it (line 2)
Since a computer with this address exists on the network, the server receives a response (line 3).
To make sure that there is a node on the network with the address 192.168.13.2, the server sends an Echo-Request to this address (line 4) and receives a response (line 5).
In this case, the server takes the next free address from the pool (in this case, 192.168.13.3) and sends an ARP request to it (line 6)
Without waiting for a response (almost 15 seconds have passed), the server considers the address free and offers it to the client in a REQUEST message (line 7).
The client, confirming the receipt of the address (line 8) and waiting for confirmation from the server (line 9), also checks whether the issued address is occupied by someone.
This is done by sending ARP requests by the client (lines 10-12); if the response to the request is not received, the client assigns the received address to itself on the interface.
2. Basic configuration on a Cisco router
Consider the simplest case when a single address pool is configured on a router and the server is in the same broadcast domain as the clients:
! , , 192.168.13.1 192.168.13.10...192.168.13.15
ip dhcp excluded-address 192.168.13.1
ip dhcp excluded-address 192.168.13.10 192.168.13.15
! lan_pool1
ip dhcp pool lan_pool1
! ,
network 192.168.13.0/24
! -
ip default-router 192.168.13.1
! DNS-
dns-server 192.168.13.10 192.168.13.11
!
domain-name example.ua
! 5 (- 1 )
lease 5
With this configuration, the server will issue addresses only to clients whose request came through an interface whose address is on the same network as the configured pool.
That's all for now, thank you for your attention and for the invite :). In the future, I plan to describe in more detail the work of DHCP-Relay and a number of specific options.
Source: https://habr.com/ru/post/87920/
All Articles