IP Addressing: DHCP Configuration Guide, Cisco IOS Release 12.4T
Configuring the Cisco IOS DHCP Relay Agent
Downloads: This chapterpdf (PDF - 269.0KB) The complete bookPDF (PDF - 1.22MB) | Feedback

Configuring the Cisco IOS DHCP Relay Agent

Contents

Configuring the Cisco IOS DHCP Relay Agent

Last Updated: April 30, 2012

All Cisco routers that run Cisco software include a DHCP server and the relay agent software. A DHCP relay agent is any host or IP router that forwards DHCP packets between clients and servers. This module describes the concepts and tasks needed to configure the Cisco IOS DHCP relay agent.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Prerequisites for Configuring the Cisco IOS DHCP Relay Agent

  • Before you configure the DHCP relay agent, you should understand the concepts documented in the "DHCP Overview" module.
  • The Cisco IOS DHCP server and relay agent are enabled by default. You can verify whether they have been disabled by checking your configuration file. If they have been disabled, the no service dhcp command will appear in the configuration file. Use the service dhcp command to reenable the functionality if necessary.
  • The Cisco IOS DHCP relay agent will be enabled on an interface only when the ip helper-address command is configured. This command enables the DHCP broadcast to be forwarded to the configured DHCP server.

Information About the DHCP Relay Agent

DHCP Relay Agent Overview

A DHCP relay agent is any host that forwards DHCP packets between clients and servers. Relay agents forward requests and replies between clients and servers when they are not on the same physical subnet. Relay agent forwarding is distinct from the normal forwarding of an IP router, where IP datagrams are switched between networks somewhat transparently. In contrast, when relay agents receive DHCP messages, the agents generate a new DHCP message to send out through another interface. The relay agent sets the gateway IP address (the giaddr field of the DHCP packet) and, if configured, adds the relay agent information option (option 82) to the packet and forwards the packet to the DHCP server. The reply from the server is forwarded back to the client after removing option 82.

The Cisco IOS DHCP relay agent supports the use of unnumbered interfaces, including the use of smart relay agent forwarding. For DHCP clients that are connected though unnumbered interfaces, the DHCP relay agent automatically adds a static host route after the DHCP client obtains an address, specifying the unnumbered interface as the outbound interface. The route is automatically removed once the lease time expires or when the client releases the address.

How to Configure the DHCP Relay Agent

Specifying the Packet Forwarding Address

DHCP clients need to use UDP broadcasts to send their initial DHCPDISCOVER messages because the clients do not have information about the network to which they are attached. If the client is on a network segment that does not include a server, UDP broadcasts are not usually forwarded because most routers are configured to not forward broadcast traffic. When the DHCP client broadcasts a DHCPDISCOVER message, the relay agent sends the broadcast message toward the server, which may create Address Resolution Protocol (ARP) entries due to unnecessary ARP checks performed by the client after receiving the ACK message. If there are two entries in the ARP table, one times out after the ARP timeout. You can remedy this situation by configuring the interface of your router that is receiving the broadcasts to forward certain classes of broadcasts to a helper address. You can use more than one helper address per interface.

When a router forwards these address assignment/parameter requests, it acts as a DHCP relay agent. The Cisco router implementation of the DHCP relay agent is provided through the ip helper-address interface configuration command.

In the figure below, the DHCP client broadcasts a request for an IP address and additional configuration parameters on its local LAN. Router B, acting as a DHCP relay agent, picks up the broadcast and generates a new DHCP message to send out on another interface. As part of this DHCP message, the relay agent inserts the IP address of the interface containing the ip helper-address command into the gateway IP address (giaddr) field of the DHCP packet. This IP address enables the DHCP server to determine which subnet should receive the packet. The DHCP relay agent sends the local broadcast, through IP unicast, to the DHCP server address 172.16.1.2 that is specified by the ip helper-address interface configuration command.

Figure 1 Forwarding UDP Broadcasts to a DHCP Server Using a Helper Address


Perform this task to configure the DHCP relay agent to forward packets to a DHCP server.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    interface type number

4.    ip helper-address address

5.    exit

6.    ip dhcp relay prefer known-good-server

7.    exit


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Device> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Device# configure terminal

 

Enters global configuration mode.

 
Step 3
interface type number


Example:

Device(config)# interface FastEthernet0/0

 

Configures an interface and enters interface configuration mode.

 
Step 4
ip helper-address address


Example:

Device(config-if)# ip helper-address 172.16.1.2

 

Forwards UDP broadcasts, including BOOTP and DHCP.

  • The address argument can be a specific DHCP server address, or it can be the network address if other DHCP servers are on the destination network segment. The network address enables other servers to respond to DHCP requests.
  • If you have multiple servers, you can configure one helper address for each server.
 
Step 5
exit


Example:

Device(config-if)# exit

 

Exits interface configuration mode and returns to global configuration mode.

 
Step 6
ip dhcp relay prefer known-good-server


Example:

Device(config)# ip dhcp relay prefer known-good-server

 

(Optional) Reduces the frequency with which the DHCP clients change their addresses and forwards client requests to the server that handled the previous request.

  • The DHCP relay agent deletes the ARP entries for addresses offered to the DHCP client on unnumbered interfaces.
 
Step 7
exit


Example:

Device(config)# exit

 

Returns to privileged EXEC mode.

 

Configuring Support for the Relay Agent Information Option

Automatic DHCP address allocation is typically based on an IP address, which may be either the gateway IP address (giaddr field of the DHCP packet) or the incoming interface IP address. In some networks, additional information may be required to further determine the IP addresses that need to be allocated. By using the relay agent information option (option 82), the Cisco IOS relay agent can include additional information about itself when forwarding client-originated DHCP packets to a DHCP server. Cisco software supports this functionality by using the ip dhcp relay information option command. The relay agent will automatically add the circuit identifier suboption and the remote ID suboption to the relay agent information option and forward them to the DHCP server.

The DHCP server can use this information to assign IP addresses, perform access control, and set quality of service (QoS) and security policies (or other parameter-assignment policies) for each subscriber of a service provider network.

The figure below shows how the relay agent information option is inserted into the DHCP packet as follows:

  1. The DHCP client generates a DHCP request and broadcasts it on the network.
  2. The DHCP relay agent intercepts the broadcast DHCP request packet and inserts the relay agent information option (option 82) into the packet. The relay agent information option contains related suboptions.
  3. The DHCP relay agent unicasts the DHCP packet to the DHCP server.
  4. The DHCP server receives the packet, uses the suboptions to assign IP addresses and other configuration parameters to the packet, and forwards the packet back to the client.
  5. The suboption fields are stripped off of the packet by the relay agent while forwarding the packet to the client.
Figure 2 Operation of the Relay Agent Information Option


A DHCP relay agent may receive a message from another DHCP relay agent that already contains relay information. By default, the relay information from the previous relay agent is replaced. If this behavior is not suitable for your network, you can use the ip dhcp relay information policy {drop | keep | replace} global configuration command to change it.

To ensure the correct operation of the reforwarding policy, disable the relay agent information check by using the no ip dhcp relay information check global configuration command.

Before You Begin

It is important to understand how DHCP options work. See the "DHCP Overview" module for more information.


Note


  • If the ip dhcp relay information command is configured in global configuration mode but not configured in interface configuration mode, the global configuration is applied to all interfaces.
  • If the ip dhcp relay information command is configured in both global configuration mode and interface configuration mode, the interface configuration command takes precedence over the global configuration command. However, the global configuration is applied to interfaces without the interface configuration.
  • If the ip dhcp relay information command is not configured in global configuration mode but is configured in interface configuration mode, only the interface with the configuration option applied is affected. All other interfaces are not impacted by the configuration.

See the "Configuring Relay Agent Information Option Support per Interface" section for more information on per-interface support for the relay agent information option.



SUMMARY STEPS

1.    enable

2.    configure terminal

3.    ip dhcp relay information option

4.    ip dhcp relay information check

5.    ip dhcp relay information policy {drop | keep | replace}

6.    ip dhcp relay information trust-all

7.    end

8.    show ip dhcp relay information trusted-sources


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Device> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Device# configure terminal

 

Enters global configuration mode.

 
Step 3
ip dhcp relay information option


Example:

Device(config)# ip dhcp relay information option

 

Enables the system to insert the DHCP relay agent information option (option-82 field) in BOOTREQUEST messages forwarded to a DHCP server.

  • This function is disabled by default.
 
Step 4
ip dhcp relay information check


Example:

Device(config)# ip dhcp relay information check

 

(Optional) Configures DHCP to check whether the relay agent information option in forwarded BOOTREPLY messages is valid.

  • By default, DHCP verifies whether the option-82 field in DHCP reply packets that it receives from the DHCP server is valid. If an invalid message is received, the relay agent drops the packet. If a valid message is received, the relay agent removes the option-82 field and forwards the packet. Use the ip dhcp relay information check command to reenable this functionality if it has been disabled.
 
Step 5
ip dhcp relay information policy {drop | keep | replace}


Example:

Device(config)# ip dhcp relay information policy replace

 

(Optional) Configures the reforwarding policy (that specifies what a relay agent should do if a message already contains relay information) for a DHCP relay agent.

 
Step 6
ip dhcp relay information trust-all


Example:

Device(config)# ip dhcp relay information trust-all

 

(Optional) Configures all interfaces on a router as trusted sources of the DHCP relay information option.

  • By default, if the gateway address is set to all zeros in the DHCP packet and the relay agent information option is already present in the packet, the DHCP relay agent will discard the packet. Use the ip dhcp relay information trust-all command to override this behavior and accept the packets.
  • This command is useful if there is a switch placed between the client and the relay agent that may insert option 82. Use this command to ensure that these packets do not get dropped.
  • You can configure an individual interface as a trusted source of the DHCP relay information option by using the ip dhcp relay information trusted interface configuration mode command.
 
Step 7
end


Example:

Device(config)# end

 

Returns to privileged EXEC mode.

 
Step 8
show ip dhcp relay information trusted-sources


Example:

Device# show ip dhcp relay information trusted-sources

 

(Optional) Displays all interfaces that are configured to be a trusted source for the DHCP relay information option.

 

Configuring Per-Interface Support for the Relay Agent Information Option

The interface configuration allows a Cisco router to reach subscribers with different DHCP option 82 requirements on different interfaces.

Before You Begin

It is important to understand how DHCP options work. See the "DHCP Overview" module for more information.


Note


  • If the ip dhcp relay information command is configured in global configuration mode but not configured in interface configuration mode, the global configuration is applied to all interfaces.
  • If the ip dhcp relay information command is configured in both global configuration mode and interface configuration mode, the interface configuration command takes precedence over the global configuration command. However, the global configuration is applied to interfaces without the interface configuration.
  • If the ip dhcp relay information command is not configured in global configuration mode but is configured in interface configuration mode, only the interface on which the configuration option is applied is affected. All other interfaces are not impacted by the configuration.


SUMMARY STEPS

1.    enable

2.    configure terminal

3.    interface type number

4.    ip dhcp relay information option-insert [none]

5.    ip dhcp relay information check-reply [none]

6.    ip dhcp relay information policy-action {drop | keep | replace}

7.    exit

8.    Repeat Steps 3 through 7 to configure relay agent information settings on different interfaces.


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Device> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Device# configure terminal

 

Enters global configuration mode.

 
Step 3
interface type number


Example:

Device(config)# interface FastEthernet0/0

 

Configures an interface and enters interface configuration mode.

 
Step 4
ip dhcp relay information option-insert [none]


Example:

Device(config-if)# ip dhcp relay information option-insert

 

Enables the system to insert the DHCP relay agent information option (option-82 field) in forwarded BOOTREQUEST messages to a DHCP server.

  • This function is disabled by default. However, if support for the relay agent information option is configured in global configuration mode, but not configured in interface configuration mode, the interface inherits the global configuration.
  • The ip dhcp relay information option-insert none interface configuration command is saved in the running configuration. This command takes precedence over any global relay agent information configuration.
 
Step 5
ip dhcp relay information check-reply [none]


Example:

Device(config-if)# ip dhcp relay information check-reply

 

Configures a DHCP server to validate the relay information option in forwarded BOOTREPLY messages.

  • By default, DHCP verifies whether the option-82 field in the DHCP reply packets that it receives from the DHCP server is valid. If an invalid message is received, the relay agent drops the packet. If a valid message is received, the relay agent removes the option-82 field and forwards the packet. Use the ip dhcp relay information check-reply command to reenable this functionality if it has been disabled.
  • The ip dhcp relay information check-reply none interface configuration command option is saved in the running configuration. This command takes precedence over any global relay agent information configuration.
 
Step 6
ip dhcp relay information policy-action {drop | keep | replace}


Example:

Device(config-if)# ip dhcp relay information policy-action replace

 

Configures the information reforwarding policy (that specifies what a relay agent should do if a message already contains relay information) for a DHCP relay agent.

 
Step 7
exit


Example:

Device(config-if)# exit

 

Exits interface configuration mode.

 
Step 8
Repeat Steps 3 through 7 to configure relay agent information settings on different interfaces.  

--

 

Configuring the Subscriber Identifier Suboption of the Relay Agent Information Option

Perform this task to enable an ISP to add a unique identifier to the subscriber identifier suboption of the relay agent information option. The unique identifier enables an ISP to identify a subscriber, assign specific actions to that subscriber (for example, assignment of the host IP address, subnet mask, and domain name system [DNS]), and trigger accounting.

Before the introduction of the subscriber identifier suboption, if a subscriber moved from one Network Access Server to another, each ISP had to be informed of the change and all ISPs had to reconfigure the DHCP settings for the affected customers at the same time. Even if the service was not changed, every move involved administrative changes in the ISP environment. With the introduction of the subscriber identifier suboption, if a subscriber moves from one Network Access Server to another, there is no need for a change in the configuration on the DHCP server or the ISPs.

Before You Begin

You should configure a unique identifier for each subscriber.

The new configurable subscriber identifier suboption should be configured on the interface that is connected to the client. When a subscriber moves from one Network Access Server to another, the interface configuration should also be changed.

The server should be able to recognize the new suboption.


SUMMARY STEPS

1.    enable

2.    configure terminal

3.    ip dhcp relay information option

4.    interface type number

5.    ip dhcp relay information option subscriber-id string

6.    end


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Device> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Device# configure terminal

 

Enters global configuration mode.

 
Step 3
ip dhcp relay information option


Example:

Router(config)# ip dhcp relay information option

 

Enables the system to insert the DHCP relay agent information option (option-82 field) in forwarded BOOTREQUEST messages to a DHCP server.

  • This function is disabled by default.
 
Step 4
interface type number


Example:

Device(config)# interface atm4/0.1

 

Configures an interface and enters interface configuration mode.

 
Step 5
ip dhcp relay information option subscriber-id string


Example:

Device(config-if)# ip dhcp relay information option subscriber-id newsubscriber123

 

Specifies that a DHCP relay agent add a subscriber identifier suboption to the relay information option.

Note    The ip dhcp relay information option subscriber-id command is disabled by default to ensure backward capability.
 
Step 6
end


Example:

Device(config-if)# end

 

Returns to privileged EXEC mode.

 

Configuring DHCP Relay Class Support for Client Identification

DHCP relay class support for client identification allows the Cisco relay agent to forward client-generated DHCP messages to different DHCP servers based on the content of the following four options:

  • Option 60: vendor class identifier
  • Option 77: user class
  • Option 124: vendor-identifying vendor class
  • Option 125: vendor-identifying vendor-specific information

Each option identifies the type of client that is sending the DHCP message.

Relay pools provide a method to define DHCP pools that are not used for address allocation. These relay pools can specify that DHCP messages from clients on a specific subnet should be forwarded to a specific DHCP server. These relay pools can be configured with relay classes inside the pool that help determine the forwarding behavior.

For example, after receiving the option in a DHCP DISCOVER message, the relay agent will match and identify the relay class from the relay pool and then direct the DHCP DISCOVER message to the DHCP server associated with that identified relay class.

In an example application, a Cisco router acting as a DHCP relay agent receives DHCP requests from two VoIP services (H.323 and the Session Initiation Protocol [SIP]). The requesting devices are identified by option 60.

Both VoIP services have a different back-office infrastructure, so they cannot be serviced by the same DHCP server. Requests for H.323 devices must be forwarded to the H.323 server, and requests from SIP devices must be forwarded to the SIP server. The solution is to configure the relay agent with relay classes that are configured to match option 60 values sent by the client devices. Based on the option value, the relay agent will match and identify the relay class, and forward the DHCP DISCOVER message to the DHCP server associated with the identified relay class.

The Cisco IOS DHCP server examines the relay classes that are applicable to a pool and then uses the exact match class regardless of the configuration order. If the exact match is not found, the DHCP server uses the first default match found.

Before You Begin

It is important to understand how DHCP options work. See the "DHCP Overview" module for more information.

You must know the hexadecimal value of each byte location in the options to be able to configure the option hex command. The format may vary from product to product. Contact the relay agent vendor for this information.


SUMMARY STEPS

1.    enable

2.    configure terminal

3.    ip dhcp class class-name

4.    option code hex hex-pattern [*][mask bit-mask-pattern]

5.    exit

6.    Repeat Steps 3 through 5 for each DHCP class that you need to configure.

7.    ip dhcp pool name

8.    relay source ip-address subnet-mask

9.    class class-name

10.    relay target [vrf vrf-name | global] ip-address

11.    exit

12.    Repeat Steps 9 through 11 for each DHCP class that you need to configure.


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Device> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Device# configure terminal

 

Enters global configuration mode.

 
Step 3
ip dhcp class class-name


Example:

Device(config)# ip dhcp class SIP

 

Defines a DHCP class and enters DHCP class configuration mode.

 
Step 4
option code hex hex-pattern [*][mask bit-mask-pattern]


Example:

Device(dhcp-class)# option 60 hex 010203

 

Enables the relay agent to make forwarding decisions based on DHCP options inserted in the DHCP message.

 
Step 5
exit


Example:

Device(dhcp-class)# exit

 

Exits DHCP class configuration mode.

 
Step 6
Repeat Steps 3 through 5 for each DHCP class that you need to configure.  

--

 
Step 7
ip dhcp pool name


Example:

Device(config)# ip dhcp pool ABC

 

Configures a DHCP pool on a DHCP server and enters DHCP pool configuration mode.

 
Step 8
relay source ip-address subnet-mask


Example:

Device(dhcp-config)# relay source 10.2.0.0 255.0.0.0

 

Configures the relay source.

  • This command is similar to the network command in a normal DHCP network pool, because it restricts the use of the address pool to packets arriving on the interface whose configured IP address and mask match the relay source configuration.
 
Step 9
class class-name


Example:

Device(dhcp-config)# class SIP

 

Associates a class with a DHCP pool and enters DHCP pool class configuration mode.

 
Step 10
relay target [vrf vrf-name | global] ip-address


Example:

Device(config-dhcp-pool-class)# relay target 10.21.3.1

 

Configures an IP address for a DHCP server to which packets are forwarded.

 
Step 11
exit


Example:

Device(config-dhcp-pool-class)# exit

 

Exits DHCP pool class configuration mode.

 
Step 12
Repeat Steps 9 through 11 for each DHCP class that you need to configure.  

--

 

Configuring DHCP Relay Agent Support for MPLS VPNs

DHCP relay support for Multiprotocol Label Switching (MPLS) VPNs enables a network administrator to conserve address space by allowing overlapping addresses. The relay agent can support multiple clients on different VPNs, and many of these clients from different VPNs can share the same IP address.

Configuring VPNs involves an adjustment to the usual DHCP host IP address designation. VPNs use private address spaces that might not be unique across the Internet.

In some environments, a relay agent resides in a network element that also has access to one or more MPLS VPNs. A DHCP server that provides service to DHCP clients on those different VPNs must locate the VPN in which each client resides. The network element that contains the relay agent typically captures the VPN association of the DHCP client and includes this information in the relay agent information option of the DHCP packet.

DHCP relay support for MPLS VPNs allows the relay agent to forward this necessary VPN-related information to the DHCP server using the following three suboptions of the DHCP relay agent information option:

  • VPN identifier
  • Subnet selection
  • Server identifier override

The VPN identifier suboption is used by the relay agent to inform the DHCP server about the VPN for every DHCP request that the relay agent passes on to the DHCP server; the VPN identifier suboption is also used to properly forward any DHCP reply that the DHCP server sends back to the relay agent. The VPN identifier suboption contains the VPN ID configured on the incoming interface to which the client is connected. If you configure the VPN routing and forwarding (VRF) name but not the VPN ID, the VRF name is used as the VPN identifier suboption. If the interface is in the global routing space, VPN suboptions are not added.

The subnet selection suboption allows the separation of the subnet, where the client resides, from the IP address used to communicate with the relay agent. In typical DHCP processing, the gateway address specifies both the subnet on which a DHCP client resides and the IP address that the server can use to communicate with the relay agent. Situations exist where the relay agent needs to specify the subnet on which a DHCP client resides that is different from the IP address that the server can use to communicate with the relay agent. The subnet selection suboption is included in the relay agent information option and passed on to the DHCP server. The gateway address is changed to the outgoing interface of the relay agent toward the DHCP server. The DHCP server uses this gateway address to send reply packets back to the relay agent.

The server identifier override suboption value is copied in the reply packet from the DHCP server instead of the normal server ID address. The server identifier override suboption contains the incoming interface IP address, which is the IP address on the relay agent that is accessible from the client. Using this information, the DHCP client sends all renew and release packets to the relay agent. The relay agent adds all the VPN suboptions to the packets and forwards the packets to the original DHCP server.

After adding these suboptions to the DHCP relay agent information option, the gateway address is changed to the outgoing interface of the relay agent toward the DHCP server. When the packets are returned from the DHCP server, the relay agent removes the relay agent information options from the packets and forwards the packets to the DHCP client on the correct VPN.

The figure below shows a VPN scenario where the DHCP relay agent and DHCP server can recognize the VPN within which each client resides. DHCP client 1 is part of VPN green, and DHCP client 2 is part of VPN red, and both have the same private IP address 192.168.1.0/24. Because the clients have the same IP address, the DHCP relay agent and DHCP server use the VPN identifier, subnet selection, and server identifier override suboptions of the relay agent information option to distinguish the correct VPN of the client.

Figure 3 VPN DHCP Configuration


Before You Begin

Before configuring DHCP relay support for Multiprotocol Label Switching (MPLS) VPNs, you must configure standard MPLS VPNs.


Note


  • If the ip dhcp relay information option vpn global configuration command is configured and the ip dhcp relay information option vpn-id interface configuration command is not configured, the global configuration is applied to all interfaces.
  • If the ip dhcp relay information option vpn global configuration command is configured and the ip dhcp relay information option vpn-id interface configuration command is also configured, the interface configuration command takes precedence over the global configuration command. However, the global configuration is applied to interfaces without the interface configuration.
  • If the ip dhcp relay information option vpn global configuration command is not configured and the ip dhcp relay information option vpn-id interface configuration command is configured, only the interface on which the configuration option is applied is affected. All other interfaces are not impacted by the configuration.


SUMMARY STEPS

1.    enable

2.    configure terminal

3.    ip dhcp relay information option vpn

4.    interface type number

5.    ip helper-address vrf name [global] address

6.    ip dhcp relay information option vpn-id [none]

7.    end


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Device> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Device# configure terminal

 

Enters global configuration mode.

 
Step 3
ip dhcp relay information option vpn


Example:

Device(config)# ip dhcp relay information option vpn

 

Enables the system to insert VPN suboptions into the DHCP relay agent information option in forwarded BOOTREQUEST messages to a DHCP server and sets the gateway address to the outgoing interface toward the DHCP server.

  • The VPN suboptions are also added to the BOOTP broadcast packets when the command is configured.
 
Step 4
interface type number


Example:

Device(config)# interface FastEthernet0/0

 

Configures an interface and enters interface configuration mode.

 
Step 5
ip helper-address vrf name [global] address


Example:

Device(config-if)# ip helper-address vrf vrf1 172.27.180.232

 

Forwards UDP broadcasts, including BOOTP, received on an interface.

  • If the DHCP server resides in a different VRF or global space that is different from the VPN, the vrf name or global options allow you to specify the name of the VRF or the global space in which the DHCP server resides.
 
Step 6
ip dhcp relay information option vpn-id [none]


Example:

Device(config-if)# ip dhcp relay information option vpn-id

 

(Optional) Enables the system to insert VPN suboptions into the DHCP relay agent information option in forwarded BOOTREQUEST messages to a DHCP server and sets the gateway address to the outgoing interface toward the DHCP server.

  • The VPN suboptions are also added to the BOOTP broadcast packets when the command is configured.
  • The ip dhcp relay information option vpn-id none command allows you to disable the VPN functionality on the interface. The only time you need to use this command is when the ip dhcp relay information option vpn global configuration command is configured and you want to override the global configuration.
  • The no ip dhcp relay information option vpn-id command removes the configuration from the running configuration. In this case, the interface inherits the global configuration, which may or may not be configured to insert VPN suboptions.
 
Step 7
end


Example:

Device(config-if)# end

 

Returns to privileged EXEC mode.

 

Configuring Support for Relay Agent Information Option Encapsulation

When two relay agents are relaying messages between the DHCP client and the DHCP server, the relay agent closer to the server, by default, replaces the first option 82 information with its own option 82. The remote ID and circuit ID information from the first relay agent is lost. In some deployment scenarios, it is necessary to maintain the initial option 82 from the first relay agent, in addition to the option 82 from the second relay agent, for example, in a situation where an Intelligent Services Gateway (ISG) acting as a second relay agent is connected to a Layer 2 device. The Layer 2 device connects to the household and identifies the household with its own option 82.

The DHCP Relay Option 82 Encapsulation feature allows the second relay agent to encapsulate option 82 information in a received message from the first relay agent if the second relay agent is configured to add its own option 82 information. This configuration allows the DHCP server to use option 82 information from both relay agents. The DHCP server can use the VPN information from the second relay agent, along with the option 82 information from the first relay agent, to send correct address assignments and other configuration parameters for the client devices based on the VRF, option 60, and encapsulated option 82. The reply message from the DHCP server to the DHCP client traverses the same path as the request messages through the two relay agents to the DHCP client.

The figure below shows the processing that occurs on the two relay agents and the DHCP server when this feature is configured:

  1. The DHCP client generates a DHCP message (including option 60) and broadcasts it on the network.
  2. The first DHCP relay agent intercepts the broadcast DHCP request packet and inserts its own option 82 in the packet.
  3. The relay agent automatically adds the circuit ID suboption and the remote ID suboption to option 82 and forwards them to the second relay agent.
  4. The second relay agent encapsulates the first relay agent's option 82 and inserts its own option 82.
  5. The gateway IP address (giaddr) is set to the incoming interface on the second relay agent and the original giaddr from the first relay agent is encapsulated.
  6. The second DHCP relay agent unicasts the DHCP packet to the DHCP server.
  7. The DHCP server receives the packet and uses the VPN suboption information from the second relay agent, along with the option 82 information from the first relay agent, to assign IP addresses and other configuration parameters and forwards the packet back to the second relay agent.
  8. When the second relay agent receives the reply message from the server, it restores the encapsulated option 82 and prior giaddr from the first relay agent. The reply message is then sent to the prior giaddr.
  9. The first relay agent strips option 82 off from the packet before forwarding the packet to the client.
Figure 4 Processing DHCP Relay Agent Information Option Encapsulation Support


SUMMARY STEPS

1.    enable

2.    configure terminal

3.    ip dhcp relay information option

4.    ip dhcp relay information option vpn

5.    ip dhcp relay information policy encapsulate

6.    interface type number

7.    ip dhcp relay information policy-action encapsulate

8.    end


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Device> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Device# configure terminal

 

Enters global configuration mode.

 
Step 3
ip dhcp relay information option


Example:

Device(config)# ip dhcp relay information option

 

Enables the system to insert the DHCP relay agent information option (option-82 field) in forwarded BOOTREQUEST messages to a DHCP server.

  • This function is disabled by default.
 
Step 4
ip dhcp relay information option vpn


Example:

Device(config)# ip dhcp relay information option vpn

 

(Optional) Enables the system to insert VPN suboptions into the DHCP relay agent information option in forwarded BOOTREQUEST messages to a DHCP server and sets the gateway address to the outgoing interface toward the DHCP server.

  • The VPN suboptions are also added to the BOOTP broadcast packets when the command is configured.
 
Step 5
ip dhcp relay information policy encapsulate


Example:

Device(config)# ip dhcp relay information policy encapsulate

 

Enables the system to encapsulate the DHCP relay agent information option (option-82 field) received from a prior relay agent in forwarded BOOTREQUEST messages to a DHCP server.

  • Option 82 information from both relay agents will be forwarded to the DHCP server.
 
Step 6
interface type number


Example:

Device(config)# interface FastEthernet0/0

 

(Optional) Configures an interface and enters interface configuration mode.

  • If you configure the global configuration command, there is no need to configure the interface configuration command unless you want to apply a different configuration on a specific interface.
 
Step 7
ip dhcp relay information policy-action encapsulate


Example:

Device(config-if)# ip dhcp relay information policy-action encapsulate

 

(Optional) Enables the system to encapsulate the DHCP relay agent information option (option-82 field) received on an interface from a prior relay agent in forwarded BOOTREQUEST messages to a DHCP server on an interface.

  • This function is disabled by default. This command has precedence over the global configuration command. However, if the relay agent information option encapsulation support is configured in global configuration mode, but not in interface configuration mode, the interface inherits the global configuration.
 
Step 8
end


Example:

Device(config-if)# end

 

Returns to privileged EXEC mode.

 

Setting the Gateway Address of the DHCP Broadcast to a Secondary Address Using Smart Relay Agent Forwarding

You only need to configure helper addresses on the interface where the UDP broadcasts that you want to forward to the DHCP server are being received. You only need to configure the ip dhcp smart-relay command if you have secondary addresses on that interface and you want the router to step through each IP network when forwarding DHCP requests. If smart relay agent forwarding is not configured, all requests are forwarded using the primary IP address on the interface.

If the ip dhcp smart-relay command is configured, the relay agent counts the number of times that the client retries sending a request to the DHCP server when there is no DHCPOFFER message from the DHCP server. After three retries, the relay agent sets the gateway address to the secondary address. If the DHCP server still does not respond after three more retries, then the next secondary address is used as the gateway address.

This functionality is useful when the DHCP server cannot be configured to use secondary pools.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    ip dhcp smart-relay

4.    exit


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Device> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Device# configure terminal

 

Enters global configuration mode.

 
Step 3
ip dhcp smart-relay


Example:

Device(config)# ip dhcp smart-relay

 

Allows the DHCP relay agent to switch the gateway address (giaddr field of a DHCP packet) to a secondary address when there is no DHCPOFFER message from a DHCP server.

 
Step 4
exit


Example:

Device(config)# exit

 

Returns to privileged EXEC mode.

 

Configuring Support for Private and Standard Suboption Numbers

Some features that are not standardized will use the private Cisco relay agent suboption numbers. After the features are standardized, the relay agent suboptions are assigned the Internet Assigned Numbers Authority (IANA) numbers. Cisco software supports both private and IANA numbers for these suboptions.

Perform this task to configure the DHCP client to use private or IANA standard relay agent suboption numbers.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    ip dhcp compatibility suboption link-selection {cisco | standard}

4.    exit


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Device> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Device# configure terminal

 

Enters global configuration mode.

 
Step 3
ip dhcp compatibility suboption link-selection {cisco | standard}


Example:

Device(config)# ip dhcp compatibility suboption link-selection standard

 

Configures the DHCP client to use private or IANA standard relay agent suboption numbers.

 
Step 4
exit


Example:

Device(config)# exit

 

(Optional) Exits global configuration mode and returns to privileged EXEC mode.

 

Troubleshooting the DHCP Relay Agent

The show ip route dhcp command is useful to help troubleshoot issues with the DHCP relay agent that adds routes to clients from unnumbered interfaces. This command displays all routes added to the routing table by the DHCP server and the relay agent.

SUMMARY STEPS

1.    enable

2.    show ip route dhcp

3.    show ip route dhcp ip-address

4.    show ip route vrf vrf-name dhcp

5.    clear ip route [vrf vrf-name] dhcp [ip-address]


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Device> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
show ip route dhcp


Example:

Device# show ip route dhcp

 

Displays all routes added by the Cisco IOS DHCP server and relay agent.

 
Step 3
show ip route dhcp ip-address


Example:

Device# show ip route dhcp 172.16.1.3

 

Displays all routes added by the Cisco IOS DHCP server and relay agent associated with the specified IP address.

 
Step 4
show ip route vrf vrf-name dhcp


Example:

Device# show ip route vrf vrf1 dhcp

 

Displays all routes added by the Cisco IOS DHCP server and relay agent associated with the named VRF.

 
Step 5
clear ip route [vrf vrf-name] dhcp [ip-address]


Example:

Device# clear ip route dhcp

 

Removes routes from the routing table added by the DHCP server and relay agent for DHCP clients on unnumbered interfaces.

 

Configuration Examples for the Cisco IOS DHCP Relay Agent

Example: Configuring Support for the Relay Agent Information Option

The following example shows how to enable the DHCP server, the relay agent, and the insertion and removal of the DHCP relay information option (option 82). Note that the Cisco IOS DHCP server is enabled by default. In this example, the DHCP server is disabled:

! Reenables the DHCP server.
service dhcp
ip dhcp relay information option
!
interface ethernet0/0
 ip address 192.168.100.1 255.255.255.0
 ip helper-address 10.55.11.3

Example: Configuring Per-Interface Support for the Relay Agent Information Option

The following example shows that for subscribers who are being serviced by the same aggregation router, the relay agent information option for ATM subscribers must be processed differently from that for Ethernet digital subscribers. For ATM subscribers, the relay agent information option is configured to be removed from the packet by the relay agent before forwarding the packet to the client. For Ethernet subscribers, the connected device provides the relay agent information option, and the option is configured to remain in the packet and be forwarded to the client.

ip dhcp relay information trust-all
interface Loopback0
 ip address 10.16.0.1 255.255.255.0
!
interface ATM3/0
 no ip address
!
interface ATM3/0.1
 ip helper-address 10.16.1.2
 ip unnumbered loopback0
 ip dhcp relay information option-insert
!
interface Loopback1
 ip address 10.18.0.1 255.255.255.0
!
interface Ethernet4
 no ip address
!
interface Ethernet4/0.1
 encapsulation dot1q 123
 ip unnumbered loopback1
 ip helper-address 10.18.1.2
 ip dhcp relay information policy-action keep

Example: Configuring the Subscriber Identifier Suboption of the Relay Agent Information Option

The following example shows how to add a unique identifier to the subscriber-identifier suboption of the relay agent information option:

ip dhcp relay information option
!
interface Loopback0 
 ip address 10.1.1.129 255.255.255.192 
!
interface ATM4/0 
 no ip address 
!
interface ATM4/0.1 point-to-point
 ip helper-address 10.16.1.2
 ip unnumbered Loopback0
 ip dhcp relay information option subscriber-id newperson123
 atm route-bridged ip
 pvc 88/800
 encapsulation aal5snap

Example: Configuring DHCP Relay Class Support for Client Identification

In the following example, DHCP messages are received from DHCP clients on subnet 10.2.2.0. The relay agent will match and identify the relay class from the relay pool and forward the DHCP message to the appropriate DHCP server identified by the relay target command.

!
ip dhcp class H323
 option 60 hex 010203
!
ip dhcp class SIP
 option 60 hex 040506
! 
! The following is the relay pool:
ip dhcp pool pool1
 relay source 10.2.2.0 255.255.255.0
 class H323
  relay target 192.168.2.1
  relay target 192.168.3.1
!
 class SIP
  relay target 192.168.4.1

Example: Configuring DHCP Relay Agent Support for MPLS VPNs

In the following example, the DHCP relay agent receives a DHCP request on Ethernet interface 0/1 and sends the request to the DHCP server located at IP helper address 10.44.23.7, which is associated with the VRF named vrf1:

ip dhcp relay information option vpn
!
interface ethernet 0/1
 ip helper-address vrf vrf1 10.44.23.7
!

Example: Configuring Support for Relay Agent Information Option Encapsulation

In the following example, DHCP relay agent 1 is configured globally to insert the relay agent information option into the DHCP packet. DHCP relay agent 2 is configured to add its own relay agent information option, including the VPN information, and to encapsulate the relay agent information option received from DHCP relay agent 1. The DHCP server receives the relay agent information options from both the relay agents, uses this information to assign IP addresses and other configuration parameters, and forwards them back to the client.

DHCP Relay Agent 1

ip dhcp relay information option 

DHCP Relay Agent 2

ip dhcp relay information option
ip dhcp relay information option vpn
ip dhcp relay information option encapsulation

Example: Setting the Gateway Address of the DHCP Broadcast to a Secondary Address Using Smart Relay Agent Forwarding

In the following example, the router will forward the DHCP broadcast received on Ethernet interface 0/0 to the DHCP server (10.55.11.3), by inserting 192.168.100.1 in the giaddr field of the DHCP packet. If the DHCP server has a scope or pool configured for the 192.168.100.0/24 network, the server will respond; otherwise, it will not respond.

Because the ip dhcp smart-relay global configuration command is configured, if the router sends three requests using 192.168.100.1 in the giaddr field and does not get a response, the router will move on and start using 172.16.31.254 in the giaddr field instead. Without the smart relay functionality, the router uses only 192.168.100.1 in the giaddr field.

ip dhcp smart-relay
!
interface ethernet0/0
 ip address 192.168.100.1 255.255.255.0
 ip address 172.16.31.254 255.255.255.0
 ip helper-address 10.55.11.3
!

Additional References

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Commands List, All Releases

DHCP commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples

Cisco IOS IP Addressing Services Command Reference

DHCP conceptual information

"DHCP Overview" module in the IP Addressing: DHCP Configuration Guide

DHCP server configuration

"Configuring the Cisco IOS DHCP Server" module in the IP Addressing: DHCP Configuration Guide

DHCP client configuration

"Configuring the Cisco IOS DHCP Client" module in the IP Addressing: DHCP Configuration Guide

DHCP server on-demand address pool manager configuration

"Configuring the DHCP Server On-Demand Address Pool Manager" module in the IP Addressing: DHCP Configuration Guide

DHCP advanced features

"Configuring DHCP Services for Accounting and Security" module in the IP Addressing: DHCP Configuration Guide

DHCP enhancements for edge-session management configuration

"Configuring DHCP Enhancements for Edge-Session Management" module in the IP Addressing: DHCP Configuration Guide

DHCP options

"DHCP Options" appendix in the Network Registrar User's Guide, Release 6.1.1

DHCP for IPv6

"Implementing DHCP for IPv6" module in the IP Addressing: DHCP Configuration Guide

Standards and RFCs

Standard/RFC Title

RFC 951

Bootstrap Protocol (BOOTP)

RFC 1542

Clarifications and Extensions for the Bootstrap Protocol

RFC 2131

Dynamic Host Configuration Protocol

RFC 2685

Virtual Private Networks Identifier

RFC 3046

DHCP Relay Information Option

RFC 5460

DHCPv6 Bulk Leasequery

Technical Assistance

Description Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for the Cisco IOS DHCP Relay Agent

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 1 Feature Information for the Cisco IOS DHCP Relay Agent
Feature Name Releases Feature Information

DHCP Class Support for Client Identification

12.4(11)T

The DHCP Class Support for Client Identification feature enhances the DHCP class mechanism to support options 60, 77, 124, and 125. These options identify the type of client that is sending the DHCP message. The DHCP relay agent can make forwarding decisions based on the content of the options in the DHCP message sent by the client.

The following command was introduced by this feature: option hex.

DHCP Relay MPLS VPN Support

12.2(8)

12.2(28)SB

12.2(33)SRC

DHCP relay support for MPLS VPNs enables a network administrator to conserve address space by allowing overlapping addresses. The relay agent can support multiple clients on different VPNs, and many of these clients from different VPNs can share the same IP address.

The following commands were modified by this feature: ip dhcp relay information option, and ip helper address.

DHCP Relay Option 82 Encapsulation

12.2(33)SRD

This feature allows a second DHCP relay agent to encapsulate the relay agent information option (option 82) from a prior relay agent, to add its own option 82, and to forward the packet to the DHCP server. The DHCP server can use the VPN information from the second relay agent, along with the option 82 information from the first relay agent, to send correct address assignments and other configuration parameters for the client devices based on the VRF, option 60, and encapsulated option 82.

The following commands were modified by this feature: ip dhcp relay information policy, and ip dhcp relay information policy-action.

DHCP Relay Option 82 per Interface Support

12.2(31)SB2

12.2(33)SRC

12.4(6)T

This feature enables support for the DHCP relay agent information option (option 82) on a per-interface basis. The interface configuration allows different DHCP servers, with different DHCP option 82 requirements to be reached from one Cisco router.

The following commands were introduced by this feature: ip dhcp relay information check-reply, ip dhcp relay information option-insert, and ip dhcp relay information policy-action.

DHCP Subscriber Identifier Suboption of Option 82

12.2(28)SB

12.2(33)SRB

12.3(14)T

This feature enables an ISP to add a unique identifier to the subscriber-identifier suboption of the relay agent information option.

The following command was introduced by this feature: ip dhcp relay information option subscriber-id.

DHCPv4 Relay per Interface VPN ID Support

12.4(11)T

The DHCPv4 Relay per Interface VPN ID Support feature allows the Cisco IOS DHCP relay agent to be configured per interface to override the global configuration of the ip dhcp relay information option vpn command. This feature allows subscribers with different relay information option VPN ID requirements on different interfaces to be reached from one Cisco router.

The following command was introduced by this feature: ip dhcp relay information option vpn-id.

DHCPv6 Bulk Lease Query

15.1(1)S

The Cisco IOS DHCPv6 relay agent supports bulk lease query in accordance with RFC 5460.

The following commands were introduced or modified by this feature: debug ipv6 dhcp relay and ipv6 dhcp-relay bulk-lease.

Glossary

client--A host that is trying to configure its interface (obtain an IP address) using DHCP or BOOTP protocols.

DHCP--Dynamic Host Configuration Protocol. A network protocol that automatically provides an IP host with an IP address and other related configuration information (for example, subnet mask and default gateway).

giaddr--gateway IP address. The giaddr field of the DHCP message provides the DHCP server with information about the IP address subnet on which the client is to reside. It also provides the DHCP server with an IP address where the response messages are to be sent.

MPLS--Multiprotocol Label Switching. Industry standard upon which tag switching is based.

relay agent--A router that forwards DHCP and BOOTP messages between a server and a client on different subnets.

server--A DHCP or BOOTP server.

VPN--Virtual Private Network. Enables IP traffic to use tunneling to travel securely over a public TCP/IP network.

VRF--VPN routing and forwarding instance. A VRF consists of an IP routing table, a derived forwarding table, a set of interfaces that use the forwarding table, and a set of rules and routing protocols that determine what goes into the forwarding table. In general, a VRF includes the routing information that defines a customer VPN site that is attached to a Provider Edge (PE) router. Each VPN that is instantiated on the PE router has its own VRF.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2012 Cisco Systems, Inc. All rights reserved.