Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference, Release 5.1.x
DHCP Commands
Downloads: This chapterpdf (PDF - 1.66MB) The complete bookPDF (PDF - 6.84MB) | Feedback

DHCP Commands

Contents

DHCP Commands

This chapter describes the Cisco IOS XR software commands used to configure and monitor Dynamic Host Configuration Protocol (DHCP) features on Cisco ASR 9000 Series Aggregation Services Routers.

For detailed information about DHCP concepts, configuration tasks, and examples, refer to the Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide.

bootfile

To configure the boot file, use the bootfile command in the DHCPv4 server profile submode. To deconfigure, use the no form of this command.

bootfile boot-file-name

no bootfile boot-file-name

Syntax Description

boot-file-name

Name of the boot file.

Command Default

None

Command Modes

DHCPv4 Server Profile

Command History

Release Modification

Release 5.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation
ip-services

read, write

Example

This is a sample output from the bootfile command:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile P1 server
RP/0/RSP0/CPU0:router(config-dhcpv4-server-profile)# bootfile b1

Related Commands

Command

Description

broadcast-flag policy check

Configures DHCPv4 Server to only broadcast BOOTREPLY packets.

clear dhcp ipv4 server binding

To clear all client bindings in server, use the clear dhcp ipv4 server binding command in EXEC mode.

clear dhcp ipv4 server binding [ location node-ID ] [ interface type interface-path-ID] [ vrf vrf-name] [ ip-address address] [ mac-address address]

Syntax Description

location node-ID

Clears detailed client binding information for a specified node.

interface type interface-path-ID

Clears client binding by interface.

Specifies the interface type. For more information, use the question mark ( ? ) online help function.

Physical interface or virtual interface. Use the show interfaces command to see a list of all interfaces currently configured on the router.
Note    For more information about the syntax for the router, use the question mark ( ? ) online help function.
vrf vrf-name

Clears client binding by vrf name.

ip-address address

Clears detailed client binding information per IP address.

mac-address address

Clears detailed client binding information per mac-address.

Command Default

None

Command Modes

EXEC

Command History

Release Modification

Release 5.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation
ip-services

execute

Example

This is a sample output from the clear dhcp ipv4 server binding command:


RP/0/RSP0/CPU0:router# clear dhcp ipv4 server binding

Related Commands

Command

Description

Clears DHCP server statistics.

clear dhcp ipv4 server statistics

To clear DHCP server statistics, use the clear dhcp ipv4 server statistics command in EXEC mode.

clear dhcp ipv4 server statistics[ [ raw [ all] [ include-zeroes] [ location node-ID ] ]

Syntax Description

raw

Clears debug statistics.

all

Clears debug statistics for base mode.

include-zeroes

Clears debug statistics that are zero.

location node-ID

Clears DHCP server statistics information for a specified node.

Command Default

None

Command Modes

EXEC

Command History

Release Modification

Release 5.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation
ip-services

execute

root-system

read, write

Example

This is a sample output from the clear dhcp ipv4 server statistics command:


RP/0/RSP0/CPU0:router# clear dhcp ipv4 server statistics 

Related Commands

Command

Description

Clears all client bindings in server.

clear dhcp ipv4 snoop binding

To clear snoop bindings, use the clear dhcp ipv4 snoop binding command in EXEC mode.

clear dhcp ipv4 snoop binding [ bridge-domain name ] [ mac-address mac-address ]

Syntax Description

bridge-domain

(Optional) Clears DHCP snoop bindings for a specific bridge domain.

name

(Optional) Bridge domain name

mac-address

(Optional) Clears DHCP snoop bindings for a specified MAC address.

mac-address

(Optional) MAC address.

Command Default

Clears all snoop bindings.

Command Modes

EXEC

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read, write

The following is an example of the clear dhcp snoop binding command removing binding for bridge domain ISP1:


RP/0/RSP0/CPU0:router# clear dhcp ipv4 snoop binding bridge-domain ISP1

database (DHCPv6 Binding)

To enable Dynamic Host Configuration Protocol IPv6 (DHCPv6) binding database write to the system persistent memory, use the database command in the DHCP IPv6 configuration mode. To disable the DHCPv6 binding table write and to delete the binding table write files from the file system, use the no form of this command.

database [proxy] [ full-write-interval full-write-interval ] [ incremental-write-interval incremental-write-interval ]

no database

Syntax Description

proxy

Enables DHCPv6 proxy binding database write to the system file system.

full-write-interval

Sets the interval for a full file write.

full-write-interval

Full file write interval in minutes. The range is from 0 to 1440. The default value is 10.

incremental-write-interval

Sets the interval for an incremental file write.

incremental-write-interval

Incremental file write interval in minutes. The range is from 0 to 1440. The default value is 1.

Command Default

If the command is executed without the keywords full-write-interval or incremental-write-interval, then the default values of these write intervals are used.

Command Modes

DHCP IPv6 configuration

Command History

Release Modification

Release 4.3.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

All instances of the previous files are deleted after a full persistent binding file write.

The files are written to the file system even if DHCP has no bindings. The incremental file is written even if no new bindings are found in the binding table.

The incremental file does not track deleted bindings. If a binding is deleted and then a system reload occurs before the next full file write, then that binding may reappear when the binding table is recovered from the file system. In this case, the user has to reapply the command to delete the binding. If the binding was deleted because of lease expiry, then it is again deleted when the binding table is recovered from the file system.

The selection of the file system to be used is fixed and not configurable. The file cannot be stored to an external system. Only one file system is used, and if access to this file system fails, then the DHCP binding table backup to file system does not function and an error is logged.

Task ID

Task ID Operation

ip-services

read, write

This example shows how to enable DHCPv6 binding database write to the system persistent memory:

RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# dhcp ipv6
RP/0/RSP0/CPU0:router(config-dhcpv6)# database proxy full-write-interval 15 incremental-write-interval 5

Related Commands

show dhcp ipv6 database

Displays the binding database information for Dynamic Host Configuration Protocol for IPv6 (DHCPv6).

default-router

To configure the name of the default-router or the IP address, use the default-router command in the DHCPv4 server profile submode. To deconfigure the name of the default-router or the IP address, use the no form of this command.

default-router address1address2... address8

no default-router address1address2... address8

Syntax Description

address1address2...address8

Name of the router or IP address.

Command Default

None

Command Modes

DHCPv4 Server Profile

Command History

Release Modification

Release 5.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation
ip-services

read, write

Example

This is a sample output from the default-router command:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile P1 server
RP/0/RSP0/CPU0:router(config-dhcpv4-server-profile)# default-router 10.20.1.2

Related Commands

Command

Description

bootfile

Configures the boot file.

broadcast-flag policy check

Configures DHCPv4 Server to only broadcast BOOTREPLY packets.

dhcp ipv4

To enable Dynamic Host Configuration Protocol (DHCP) for IPv4 and to enter DHCP IPv4 configuration mode, use the dhcp ipv4 command in Global Configuration mode. To disable DHCP for IPv4 and exit the DHCP IPv4 configuration mode, use the no form of this command.

dhcp ipv4

no dhcp ipv4

Syntax Description

This command has no keywords or arguments.

Command Modes

None

Command Modes

Global Configuration
mode

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Release 4.2.0

This command was supported for BNG.

Usage Guidelines

Use the dhcp ipv4 command to enter DHCP IPv4 configuration mode.

Task ID

Task ID

Operations

ip-services

read, write

This example shows how to enable DHCP for IPv4:


RP/0/RSP0/CPU0:router# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)#

dhcp ipv4 none

To disable DHCP snooping on a specific port, use the dhcp ipv4 none command in l2vpn bridge group bridge-domain interface configuration mode.

dhcp ipv4 none

Syntax Description

This command has no keywords or arguments.

Command Default

No default behavior or values

Command Modes

l2vpn bridge group bridge-domain interface configuration

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read, write

The following example shows how to disable DHCP snooping on GigabitEthernet interface 0/0/0/0:


RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# interface gigabitethernet 0/0/0/0
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-if)# dhcp ipv4 none

Related Commands

Command

Description

show dhcp ipv4 snoop binding

Displays DHCP relay agent status specific to a relay profile.

duplicate-mac-allowed

To allow duplicate client MAC addresses across different VLANS and interfaces, use the duplicate-mac-allowed command in the DHCP IPv4 configuration mode. To disallow duplicate client MAC addresses, use the no form of this command.

duplicate-mac-allowed

no duplicate-mac-allowed

Syntax Description

This command has no keywords or arguments.

Command Default

By default, duplicate MAC address support is disabled.

Command Modes

DHCP IPv4 configuration

Command History

Release Modification
Release 4.3.2

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

DHCPv4 supports duplicate client MAC addresses across different VLANS and interfaces. You can enable duplicate MAC addresses on relay, proxy, server, and snoop DHCP modes. To enable duplicate client MAC addresses, use the duplicate-mac-allowed command in DHCP IPv4 configuration mode.

Do not enable the duplicate-mac-allowed command for mobile subscribers.

Task ID

Task ID Operation
ip-services

read, write

Example

This examples shows how to allow duplicate client MAC addresses across different VLANS and interfaces, using the duplicate-mac-allowed command:


RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# duplicate-mac-allowed
RP/0/RSP0/CPU0:router(config-dhcpv4)#

Related Commands

Command

Description

dhcp ipv4

Enables Dynamic Host Configuration Protocol (DHCP) for IPv4 and enters DHCP IPv4 configuration mode.

giaddr policy

To configure how Dynamic Host Configuration Protocol (DHCP) IPv4 Relay processes BOOTREQUEST packets that already contain a nonzero giaddr attribute, use the giaddr policy command in DHCP IPv4 profile relay configuration submode. To restore the default giaddr policy, use the no form of this command.

giaddr policy { replace | drop }

no giaddr policy { replace | drop }

Syntax Description

replace

Replaces the existing giaddr value with a value that it generates.

drop

Drops the packet that has an existing nonzero giaddr value.

Command Default

DHCP IPv4 relay retains the existing nonzero giaddr value in the DHCP IPv4 packet received from a client value .

Command Modes

DHCP IPv4 profile relay configuration

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Usage Guidelines

The giaddr policy command affects only the packets that are received from a DHCP IPv4 client that have a nonzero giaddr attribute.

Task ID

Task ID

Operations

ip-services

read, write

The following example shows how to use the giaddr policy command:


RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relay
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# giaddr policy drop

Related Commands

Command

Description

dhcp ipv4

Enables DHCP for IPv4 and enters DHCP IPv4 configuration mode.

helper-address

Configures the DHCP relay agent to relay packets to a specific DHCP Server.

profile (DHCP)

Configures a relay profile for the DHCP IPv4 component.

relay information check

Configures a DHCP server to validate the relay agent information option in forwarded BOOTREPLY messages.

relay information option

Enables the system to insert a DHCP relay agent information option in forwarded BOOTREQUEST messages to a DHCP server.

relay information option allow-untrusted

Configures the DHCP component to not drop BOOTREQUEST messages that have the relay information option set and the giaddr set to zero.

Configures how a relay agent processes BOOTREQUEST messages that already contain a relay information option.

helper-address

To configure the Dynamic Host Configuration Protocol (DHCP) IPv4 and IPv6 relay agent to relay BOOTREQUEST packets to a specific DHCP server, use the helper-address command in an appropriate configuration mode. Use the no form of this command to clear the address.

helper-address [ vrf vrf-name ] [ address] [ giaddr gateway-address]

no helper-address [ vrf vrf-name ] [ address] [ giaddr gateway-address]

Syntax Description

vrf-name

(Optional) Specifies the name of a particular VRF.

address

IPv4 and Pv6 address in four part, dotted decimal format.

giaddr gateway-address

Specifies the gateway address to use in packets relayed to server.

Command Default

Helper address is not configured.

Command Modes

DHCP IPv4 profile relay configuration

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Release 4.2.0

This command was supported for BNG.

Release 4.3.0

The support for IPv6 was added in BNG.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

A maximum of upto eight helper addresses can be configured.

Task ID

Task ID

Operations

ip-services

read, write

This example shows how to set the helper-address for a VRF using the helper-address command DHCP IPv4 profile relay configuration mode:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relay
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# helper-address vrf v1 10.10.10.1

This example shows how to set the helper-address for a VRF using the helper-address command DHCP IPv4 profile proxy configuration mode:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client proxy
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# helper-address vrf v1 10.10.10.1 giaddr 10.10.10.10

Related Commands

Command

Description

dhcp ipv4

Enables Dynamic Host Configuration Protocol (DHCP) for IPv4 and enters DHCP IPv4 configuration mode.

relay information check

Configures a DHCP server to validate the relay agent information option in forwarded BOOTREPLY messages.

relay information option

Enables the system to insert a DHCP relay agent information option in forwarded BOOTREQUEST messages to a DHCP server.

relay information option allow-untrusted

Configures the DHCP component to not drop BOOTREQUEST messages that have the relay information option set and the giaddr set to zero.

relay information policy

Configures how a relay agent processes BOOTREQUEST messages that already contain a relay information option.

lease (DHCPv4 Server)

To configure the lease for an IP address assigned from the pool, use the lease command in the DHCPv4 server profile submode. To deconfigure, use the no form of this command.

lease{ infinite | days minutes seconds}

no lease{ infinite | days minutes seconds}

Syntax Description

infinite

Configures an infinite lease.

days minutes seconds

Configures lease for the specified number of hours, minutes, and seconds.

Command Default

None

Command Modes

DHCPv4 Server Profile

Command History

Release Modification

Release 5.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation
ip-services

read, write

Example

This is a sample output from the lease command:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile P1 server
RP/0/RSP0/CPU0:router(config-dhcpv4-server-profile)# lease infinite

Related Commands

Command

Description

bootfile

Configures the boot file.

broadcast-flag policy check

Configures DHCPv4 Server to only broadcast BOOTREPLY packets.

limit lease

To configure the limit on a lease per-circuit-id, per-interface, or per-remote-id, use the limit lease command in the DHCPv4 server profile submode. To deconfigure, use the no form of this command.

limit lease { per-circuit-id | per-interface | per-remote-id } value

no limit lease { per-circuit-id | per-interface | per-remote-id } value

Syntax Description

per-circuit-id

Inserts the limit lease type circuit-id.

per-interface

Inserts the limit lease type interface.

per-remote-id

Inserts the limit lease type remote-id.

value

Value of limit lease count. Range is from 1 to 240000.

Command Default

None

Command Modes

DHCPv4 Server Profile

Command History

Release Modification

Release 5.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation
ip-services

read, write

Example

This is a sample output from the limit lease command:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile P1 server
RP/0/RSP0/CPU0:router(config-dhcpv4-server-profile)# limit lease per-circuit-id 23

Related Commands

Command

Description

bootfile

Configures the boot file.

broadcast-flag policy check

Configures DHCPv4 Server to only broadcast BOOTREPLY packets.

netbios-name-server

To configure NetBIOS name servers, use the netbios-name-server command in the DHCPv4 server profile submode. To deconfigure, use the no form of this command.

netbios-name server address1address2... address8

no netbios-name server address1address2... address8

Syntax Description

address1address2...address8

Name of the server or IP address.

Command Default

None

Command Modes

DHCPv4 Server Profile

Command History

Release Modification

Release 5.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation
ip-services

read, write

Example

This is a sample output from the netbios-name-server command:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile P1 

server
RP/0/RSP0/CPU0:router(config-dhcpv4-server-profile)# 

netbios-name-server 10.20.3.5

Related Commands

Command

Description

bootfile

Configures the boot file.

broadcast-flag policy check

Configures DHCPv4 Server to only broadcast BOOTREPLY packets.

netbios-node-type

To configure the type of NetBIOS node, use the netbios-node-type command in the DHCPv4 server profile submode. To deconfigure, use the no form of this command.

netbios-node-type { number | b-node | h-node | m-node | p-node }

Syntax Description

number

Hexadecimal number.

b-node

broadcast node.

h-node

hybrid node.

m-node

mixed node.

p-node

peer-to-peer node.

Command Default

None

Command Modes

DHCPv4 Server Profile

Command History

Release Modification

Release 5.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation
ip-services

read, write

Example

This is a sample output from the bootfile command:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile P1 

server
RP/0/RSP0/CPU0:router(config-dhcpv4-server-profile)# 

netbios-node-type p-node

Related Commands

Command

Description

bootfile

Configures the boot file.

broadcast-flag policy check

Configures DHCPv4 Server to only broadcast BOOTREPLY packets.

option

To configure the DHCP option code, use the option command in the DHCPv4 server profile submode. To deconfigure, use the no form of this command.

option option-code{ ascii string | hex string | ip address }

no option option-code{ ascii string | hex string | ip address }

Syntax Description

option-code

Specifies the DHCP option code.

ascii string

Specifies the data as an NVT ASCII string.

hex string

Specifies the data as a hex string.

ip address

Specifes the hostname or the IP Address.

Command Default

None

Command Modes

DHCPv4 Server Profile

Command History

Release Modification

Release 5.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation
ip-services

read, write

Example

This is a sample output from the option command:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile P1 server
RP/0/RSP0/CPU0:router(config-dhcpv4-server-profile)# option 23 ip 10.20.34.56

Related Commands

Command

Description

bootfile

Configures the boot file.

broadcast-flag policy check

Configures DHCPv4 Server to only broadcast BOOTREPLY packets.

pool

To configure the Distributed Address Pool Service(DAPS) pool name, use the pool command in the DHCPv4 server profile submode. To deconfigure, use the no form of this command.

pool pool-name

no pool pool-name

Syntax Description

pool-name

Specifes the DAPS pool name.

Command Default

None

Command Modes

DHCPv4 Server Profile

Command History

Release Modification

Release 5.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation
ip-services

read, write

Example

This is a sample output from the pool command:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile P1 server
RP/0/RSP0/CPU0:router(config-dhcpv4-server-profile)# pool pool1

Related Commands

Command

Description

bootfile

Configures the boot file.

broadcast-flag policy check

Configures DHCPv4 Server to only broadcast BOOTREPLY packets.

profile (DHCP)

To configure a DHCP relay profile, DHCP snooping profile, or a DHCP proxy profile for the Dynamic Host Configuration Protocol (DHCP) IPv4 component and to enter the profile mode, use the profile command in DHCP IPv4 configuration mode. To disable this feature and exit the profile mode, use the no form of this command.

profile name { relay | snoop | proxy | server }

no profile name { relay | snoop | proxy | server }

Syntax Description

name

Name that uniquely identifies the relay or snoop profile.

relay

Configures a DHCP relay profile. A DHCP relay agent is a host that forwards DHCP packets between clients and servers. When the clients and servers are not on the same physical subnet, the relay agents are used to forward requests and replies between them.

A DHCP relay agent is any host that forwards DHCP packets between clients and servers. Relay agents are used to forward requests and replies between clients and servers when they are not on the same physical subnet. Relay agent forwarding is distinct from the normal forwarding of an IP router, where IP datagrams are switched between networks rather transparently. By contrast, relay agents receive DHCP messages and then generate a new DHCP message to send out on another interface. The relay agent sets the gateway IP address (giaddr field of the DHCP packet) and, if configured, adds the relay agent information option (option82) in the packet and forwards it to the DHCP server. The reply from the server is forwarded back to the client after removing option 82.

The Cisco IOS DHCP relay agent supports the use of unnumbered interfaces, including use of smart relay agent forwarding. For DHCP clients connected through the unnumbered interfaces, the DHCP relay agent automatically adds a static host route once the DHCP client obtains an address, specifying the unnumbered interface as the outbound interface. The route is automatically removed once the lease time expires or when the client releases the address.

snoop

Configures a DHCP snoop profile. DHCP snooping is a DHCP security feature that provides security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding table.

DHCP snooping is a DHCP security feature that provides security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding table. An untrusted message is a message that is received from outside the network or firewall and that can cause traffic attacks within your network.

The DHCP snooping binding table contains the MAC address, IP address, lease time, binding type, VLAN number, and interface information that corresponds to the local untrusted interfaces of a switch. It does not contain information regarding hosts interconnected with a trusted interface. An untrusted interface is an interface that is configured to receive messages from outside the network or firewall. A trusted interface is an interface that is configured to receive only messages from within the network.

DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. It also gives you a way to differentiate between untrusted interfaces connected to the end-user and trusted interfaces connected to the DHCP server or another switch.

proxy

Configures a DHCP proxy profile.

The DHCP proxy performs all the functions of a relay and also provides some additional functions. The DHCP proxy conceals DHCP server details from DHCP clients. The DHCP proxy modifies the DHCP replies such that the client considers the proxy to be the server. In this state, the client interacts with the proxy as if it is the DHCP server.

The DHCP proxy passes IP configuration information between the client and server. It also keeps track of the client's addresses and lease time. It is used when DHCP client and DHCP server are present on different networks.

server

Configures a DHCP server profile.

DHCP server allocates network addresses and passes IP configuration parameters to dynamically configured hosts.

When a client initiates a DHCP Discover request on it local Ethernet segment, the DHCP Server sends a notification to Distributed Address Pool (DAPS) component requesting it allocate addresses to clients from a specified pool. The DAPS selects the client address from the specified pool and returns the address to the DHCP Server. The DHCP Server sends the allocated address through a DHCP OFFER message to the client. The Client chooses one of the OFFER messages for configuration, and responds with a broadcast REQUEST, thereby informing the Server that the OFFER message was acceptable. The Server commits the binding of the Client and its IP Address to persistent storage and responds with an acknowledgement message. The Client commits the IP address and configuration parameters, which includes lease time.

The pool is configured under server-profile-mode and server-profile-class-sub-mode. Class based pool selection is always given priority over profile pool selection.

Command Default

None

Command Modes

DHCP IPv4 configuration

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Release 4.0.0

The proxy keyword was added.

Release 5.1

The server keyword was added.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read, write

This example shows how to use the profile command for a relay profile:

RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relay
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)#


This example shows how to use the profile command for a proxy profile:
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile profile1 proxy
RP/0/RSP0/CPU0:router(config-dhcpv4-proxy-profile)#


This example shows how to use the profile command for a server profile:
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile TEST server
(config-dhcpv4-server-profile)#


Related Commands

Command

Description

dhcp ipv4

Enters DHCP IPv4 configuration mode.

Configures how a relay agent processes BOOTREQUEST messages that already contain a nonzero giaddr attribute.

Configures the DHCP relay agent to relay packets to a specific DHCP server.

relay information check

Configures a DHCP server to validate the relay agent information option in forwarded BOOTREPLY messages.

relay information option

Enables the system to insert a DHCP relay agent information option in forwarded BOOTREQUEST messages to a DHCP server.

relay information option allow-untrusted

Configures the DHCP component to not drop BOOTREQUEST messages that have the relay information option set and the giaddr set to zero.

Configures how a relay agent processes BOOTREQUEST messages that already contain a relay information option.

vrf (relay profile)

Specifies a relay profile on a VRF.

relay information authenticate

To specify relay agent information option to the policy plane for authentication purposes, use the relay information authenticate command in the DHCP IPv4 proxy profile configuration mode. To disable the relay option, use the no form of this command.

relay information authenticate { received | inserted }

no relay information authenticate { received | inserted }

Syntax Description

received

Authenticate using received relay agent information option.

inserted

Authenticate using inserted relay agent information option.

Command Default

None

Command Modes

DHCP IPv4 proxy profile configuration

Command History

Release

Modification

Release 4.3.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read, write

This example shows how to specify the received relay agent information option for authentication using the relay information authenticate command in DHCP IPv4 proxy profile configuration mode:
RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile myprofile proxy
RP/0/RSP0/CPU0:router(config-dhcpv4-proxy-profile)# relay information authenticate received

Related Commands

Command

Description

dhcp ipv4

Enables Dynamic Host Configuration Protocol (DHCP) for IPv4 and enters DHCP IPv4 configuration mode.

relay information check

Configures a DHCP server to validate the relay agent information option in forwarded BOOTREPLY messages.

relay information option

Enables the system to insert a DHCP relay agent information option in forwarded BOOTREQUEST messages to a DHCP server.

relay information option allow-untrusted

Configures the DHCP component to not drop BOOTREQUEST messages that have the relay information option set and the giaddr set to zero.

relay information policy

Configures how a relay agent processes BOOTREQUEST messages that already contain a relay information option.

relay information check

To configure a Dynamic Host Configuration Protocol (DHCP) IPv4 Relay to validate the relay agent information option in forwarded BOOTREPLY messages, use the relay information check command in DHCP IPv4 relay profile configuration submode. To disable this feature, use the no form of this command.

relay information check

no relay information check

Syntax Description

This command has no keywords or arguments.

Command Default

DHCP validates the relay agent information option.

Command Modes

DHCP IPv4 relay profile configuration

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Release 4.2.0

This command was supported for BNG.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read, write

basic-services

read, write

This example shows how to use the relay information check command:

RP/0/RSP0/CPU0:router#config 
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relay
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# relay information check 

Related Commands

Command

Description

dhcp ipv4

Enables DHCP for IPv4 and enters DHCP IPv4 configuration mode.

giaddr policy

Configures how a relay agent processes BOOTREQUEST messages that already contain a nonzero giaddr attribute.

helper-address

Configures the DHCP relay agent to relay packets to a specific DHCP Server.

relay information option

Enables the system to insert a DHCP relay agent information option in forwarded BOOTREQUEST messages to a DHCP server.

relay information option allow-untrusted

Configures the DHCP component to not drop BOOTREQUEST messages that have the relay information option set and the giaddr set to zero.

Configures how a relay agent processes BOOTREQUEST messages that already contain a relay information option.

relay information option

To configure Dynamic Host Configuration Protocol (DHCP) IPv4 relay or DHCP snooping Relay to insert relay agent information option in forwarded BOOTREQUEST messages to a DHCP server, use the relay information option command in DHCP IPv4 relay profile relay configuration or DHCP IPv4 profile snoop submode. To disable inserting relay information into forwarded BOOTREQUEST messages, use the no form of this command.

relay information option

no relay information option

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes


            DHCP IPv4
            relay
            profile
            relay
            configuration
        

DHCP IPv4 profile snoop configuration

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Release 4.2.0

This command was supported for BNG.

Usage Guidelines

The relay information option command automatically adds the circuit identifier suboption and the remote ID suboption to the DHCP relay agent information option.

The relay information option command enables a DHCP server to identify the user (for example, cable access router) sending the request and initiate appropriate action based on this information. By default, DHCP does not insert relay information.

If the information option command is enabled, DHCP snooping mode does not set the giaddr field in the DHCP packet.

The upstream DHCP server or DHCP relay interface must be configured to accept this type of packet using the relay information option allow-untrusted configuration. This configuration prevents the server or relay from dropping the DHCP message.

Task ID

Task ID

Operations

ip-services

read, write

basic-services

read, write

This example shows how to use the relay information option command:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relay
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# relay information option

Related Commands

Command

Description

dhcp ipv4

Enables DHCP for IPv4 and enters DHCP IPv4 configuration mode.

giaddr policy

Configures how a relay agent processes BOOTREQUEST messages that already contain a nonzero giaddr attribute.

helper-address

Configures the DHCP relay agent to relay packets to a specific DHCP Server.

profile (DHCP)

Configures a relay profile for the DHCP IPv4 component.

relay information check

Configures a DHCP server to validate the relay agent information option in forwarded BOOTREPLY messages.

relay information option allow-untrusted

Configures the DHCP component to not drop BOOTREQUEST messages that have the relay information option set and the giaddr set to zero.

Configures how a relay agent processes BOOTREQUEST messages that already contain a relay information option.

relay information option allow-untrusted

To configure the Dynamic Host Configuration Protocol (DHCP) IPv4 relay or DHCP snooping Relay not to drop discard BOOTREQUEST packets that have the relay information option set and the giaddr set to zero, use the relay information option allow-untrusted command in DHCP IPv4 relay profile configuration submode or DHCP IPv4 profile snoop configuration submode. To restore the default behavior, which is to discard the BOOTREQUEST packets that have the relay information option and set the giaddr set to zero, use the no form of this command.

relay information option allow-untrusted

no relay information option allow-untrusted

Syntax Description

This command has no keywords or arguments.

Command Default

The packet is dropped if the relay information is set and the giaddr is set to zero.

Command Modes


            DHCP IPv4
            relay
            profile
            relay
            configuration
        

DHCP IPv4 profile snoop configuration

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Release 4.2.0

This command was supported for BNG.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

According to RFC 3046, relay agents (and servers) receiving a DHCP packet from an untrusted circuit with giaddr set to zero but with a relay agent information option already present in the packet shall discard the packet and increment an error count. This configuration prevents the server or relay from dropping the DHCP message.

Task ID

Task ID

Operations

ip-services

read, write

basic-services

read, write

This example shows how to use the relay information option allow-untrusted command:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relay 
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# relay information option allow-untrusted

Related Commands

Command

Description

dhcp ipv4

Enables DHCP for IPv4 and enters DHCP IPv4 configuration mode.

giaddr policy

Configures how a relay agent processes BOOTREQUEST messages that already contain a nonzero giaddr attribute.

helper-address

Configures the DHCP relay agent to relay packets to a specific DHCP Server.

profile (DHCP)

Configures a relay profile for the DHCP IPv4 component.

relay information check

Configures a DHCP server to validate the relay agent information option in forwarded BOOTREPLY messages.

relay information option

Enables the system to insert a DHCP relay agent information option in forwarded BOOTREQUEST messages to a DHCP server.

Configures how a relay agent processes BOOTREQUEST messages that already contain a relay information option.

relay information policy

To configure how the Dynamic Host Configuration Protocol (DHCP) IPv4 relay processes BOOTREQUEST packets that already contain a relay information option, use the relay information policy command in DHCP IPv4 relay profile configuration submode. To restore the default relay information policy, use the no form of this command.

relay information policy { drop | keep }

no relay information policy { drop | keep }

Syntax Description

drop

Directs the DHCP IPv4 Relay to discard BOOTREQUEST packets with the existing relay information option.

keep

Directs the DHCP IPv4 Relay not to discard a BOOTREQUEST packet that is received with an existing relay information option and to keep the existing relay information option value.

Command Default

The DHCP IPv4 Relay does not discard a BOOTREQUEST packet that has an existing relay information option. The option and the existing relay information option value is replaced.

Command Modes

DHCP IPv4 relay profile configuration

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Release 4.2.0

This command was supported for BNG.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read, write

basic-services

read, write

This is sample output from executing the relay information policy command:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relay
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# relay information policy keep

Related Commands

Command

Description

dhcp ipv4

Enables DHCP for IPv4 and enters DHCP IPv4 configuration mode.

Configures how a relay agent processes BOOTREQUEST messages that already contain a nonzero giaddr attribute.

helper-address

Configures the DHCP relay agent to relay packets to a specific DHCP Server.

profile (DHCP)

Configures a relay profile for the DHCP IPv4 component.

relay information check

Configures a DHCP server to validate the relay agent information option in forwarded BOOTREPLY messages.

relay information option

Enables the system to insert a DHCP relay agent information option in forwarded BOOTREQUEST messages to a DHCP server.

relay information option allow-untrusted

Configures the DHCP component to not drop BOOTREQUEST messages that have the relay information option set and the giaddr set to zero.

requested-ip-address-check

To verify whether a client has inserted Option 50 (Requested-IP-Address), use requested-ip-address-check command in the DHCPv4 server profile submode. To disable this feature, use the no form of this command.

requested-ip-address-check

no requested-ip-address-check

Syntax Description

This command has no keywords or arguments.

Command Default

By default, requested-ip-address-check is disabled.

Command Modes

DHCPv4 Server Profile

Command History

Release Modification

Release 5.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

If the requested-ip-address-check is enabled, ingress RELEASE/RENEW packets are dropped.

Task ID

Task ID Operation
ip-services

read, write

Example

This is a sample output from the requested-ip-address-check command:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile P1 server
RP/0/RSP0/CPU0:router(config-dhcpv4-server-profile)# requested-ip-address-check disable

Related Commands

Command

Description

bootfile

Configures the boot file.

broadcast-flag policy check

Configures DHCPv4 Server to only broadcast BOOTREPLY packets.

secure-arp

To allow DHCP to add an ARP cache entry when DHCP assigns an IP address to a client in IP subscriber sessions, use the secure-arp command in DHCP IPv4 profile proxy configuration or DHCP IPv4 server profile mode. To disallow DHCP to add an ARP cache entry when DHCP assigns an IP address to a client, use the no form of this command.

secure-arp

no secure-arp

Syntax Description

This command has no keywords or arguments.

Command Default

By default, secure ARP support is disabled.

Command Modes

DHCP IPv4 proxy profile configuration

DHCP IPv4 Server Profile

Command History

Release Modification

Release 5.1.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

In standalone DHCP sessions, the DHCP server adds an ARP entry when it assigns an IP address to a client. However, for IP subscriber sessions, DHCP server does not add an ARP entry. Although ARP establishes correspondences between network addresses, an untrusted device can spoof IP an address not assigned to it posing a security threat for IP subscriber sessions.

Secure ARP allows DHCP to add an ARP cache entry when DHCP assigns an IP address to a client in IP subscriber sessions. This is to prevent untrusted devices from spoofing IP addresses not assigned to them. Secure ARP is disabled by default.

Task ID

Task ID Operation
ip-services

read, write

Example

This examples shows how to allow DHCP to add an ARP cache entry when DHCP assigns an IP address to a client using the secure-arp command in DHCP IPv4 server profile configuration:


RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile profile1 server
RP/0/RSP0/CPU0:router(config-dhcpv4-server-profile)# secure-arp
RP/0/RSP0/CPU0:router(config-dhcpv4-server-profile)#

sessions mac throttle

To enable DHCP sessions MAC throttling functionality, use the sessions mac throttle command in an appropriate DHCP profile configuration mode. To disable DHCP sessions MAC throttling functionality, use the no form of this command.

sessions mac throttle limit request-period block-period

no sessions mac throttle

Syntax Description

limit

Number of DISCOVER packets or SOLICIT packets at which the sessions are to be throttled. The range is from 1 to 65535.

request-period

Time interval, in seconds, during which DISCOVER packets or SOLICIT packets are allowed. The range is from 1 to 100.

block-period

Time interval during which no more DISCOVER packets or SOLICIT packets from the same MAC address are accepted.

Command Default

Disabled.

Command Modes

DHCP IPv4 server profile submode

DHCP IPv4 proxy profile submode

DHCP IPv6 proxy profile submode

Command History

Release Modification
Release 5.1.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The packet type for DHCP IPv4 is DISCOVER and the packet type for DHCP IPv6 is SOLICIT.

Task ID

Task ID Operation

ip-services

read, write

This example shows how to configure a sessions MAC throttle in DHCP IPv4 server profile submode with a throttle limit of 100 DISCOVER packets, a request period of 50 seconds and a blocking period of 60 seconds:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4 profile p1 server
RP/0/RSP0/CPU0:router(config-dhcpv4-server-profile)# sessions mac throttle 100 50 60 

This example shows how to configure a sessions MAC throttle in DHCP IPv6 proxy profile submode with a throttle limit of 300 SOLICIT packets, a request period of 60 seconds and a blocking period of 40 seconds:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv6 profile p2 proxy
RP/0/RSP0/CPU0:router(config-dhcpv6-proxy-profile)# sessions mac throttle 300 60 40 

show dhcp ipv4 proxy interface

To display the proxy interface information for Dynamic Host Configuration Protocol (DHCP) IPv4, use the show dhcp ipv4 proxy interface command in EXEC mode.

show dhcp ipv4 proxy interface [ interface-type interface-name ] [detail]

Syntax Description

interface-type

Type of the proxy interface.

interface-name

Name of the proxy interface.

detail

Displays the detailed information of proxy interface.

Command Default

None

Command Modes

EXEC mode

Command History

Release Modification

Release 4.2.0

This command was supported for BNG.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

ip-services

read

This is a sample output from the show dhcp ipv4 proxy interface command:

RP/0/RSP0/CPU0:router# show dhcp ipv4 proxy interface bundle-Ether 70.16 detail
Sat Jan  5 14:25:53.484 UTC

Interface:          Bundle-Ether70.16
VRF:                default
Mode:               Proxy
Profile Name:       proxy1
Lease Limit:        per circuit id from AAA 2

Lease Count Details:
Circuit id from AAA                                               Count
c2                                                                1

This table describes the significant fields shown in the display.

Table 1 show dhcp ipv4 proxy interface Command Field Descriptions

Field

Description

Lease Limit

Specifies the lease limit value sent from AAA server.

Count

Specifies the number of sessions on the router having the specific Circuit-ID received from the AAA server.

show dhcp ipv4 relay profile

To display Dynamic Host Configuration Protocol (DHCP) relay agent status, use the show dhcp ipv4 relay profile command in EXEC mode.

show dhcp ipv4 relay profile

Syntax Description

This command has no keywords or arguments.

Command Default

No default behavior or values

Command Modes

EXEC

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

This command displays the relay profiles created for DHCP IPv4.

Task ID

Task ID

Operations

ip-services

read

The following is sample output from the show dhcp ipv4 relay profile command:

RP/0/RSP0/CPU0:router# show dhcp ipv4 relay profile

DHCP IPv4 Relay Profiles
--------------------------
r1
r2

Related Commands

Command

Description

show dhcp ipv4 relay profile name

Displays Dynamic Host Configuration Protocol (DHCP) relay agent status, specific to a relay profile.

show dhcp ipv4 relay profile name

To display Dynamic Host Configuration Protocol (DHCP) relay agent status, specific to a relay profile, use the show dhcp ipv4 relay profile name command in EXEC mode.

show dhcp ipv4 relay profile [ name]

Syntax Description

name

(Optional) Name that uniquely identifies the relay profile.

Command Default

If name is not specified, displays a list of configured DHCP profile names.

No default behavior or values

Command Modes

EXEC

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read

The following is sample output from the show dhcp ipv4 relay profile name command:

RP/0/RSP0/CPU0:router# show dhcp ipv4 relay profile name r1

DHCP IPv4 Relay Profile r1:

Helper Addresses:
10.10.10.1, vrf default
Information Option: Disabled
Information Option Allow Untrusted: Disabled
Information Option Policy: Replace
Information Option Check: Disabled
Giaddr Policy: Keep
Broadcast-flag Policy: Ignore

VRF References:
default
Interface References:
FINT0_RSP0_CPU0
MgmtEth0_RSP0_CPU0_0

show dhcp ipv4 relay statistics

To display the Dynamic Host Configuration Protocol (DHCP) IPv4 relay agent packet statistics information for VPN routing and forwarding (VRF) instances, use the show dhcp ipv4 relay statistics command in EXEC mode.

show dhcp [ vrf { vrf-name | default } ] ipv4 relay statistics

Syntax Description

vrf vrf-name

(Optional) Name that uniquely identifies the VRF.

default

(Optional) Displays the relay statistics information for the default VRF.

Command Default

No default behavior or values

Command Modes

EXEC

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read

The following is sample output from the show dhcp ipv4 relay statistics command when none of the optional keywords or arguments are used command :

RP/0/RSP0/CPU0:router# show dhcp ipv4 relay statistics

                  Bridge              |      RX       |      TX       |       DR      |
---------------------------------------------------------------------------------------
 default                              |            0  |            0  |            0  |

The following is sample output from the show dhcp ipv4 relay statistics command using the vrf and default keywords:

RP/0/RSP0/CPU0:router# show dhcp vrf default ipv4 relay statistics
Sun Apr 6 07:10:35.873 UTC

DHCP IPv4 Relay Statistics for VRF default:

     TYPE         |    RECEIVE    |    TRANSMIT   |     DROP      |
-------------------------------------------------------------------
DISCOVER          |            0  |            0  |            0  |
OFFER             |            0  |            0  |            0  |
REQUEST           |            0  |            0  |            0  |
DECLINE           |            0  |            0  |            0  |
ACK               |            0  |            0  |            0  |
NAK               |            0  |            0  |            0  |
RELEASE           |            0  |            0  |            0  |
INFORM            |            0  |            0  |            0  |
LEASEQUERY        |            0  |            0  |            0  |
LEASEUNASSIGNED   |            0  |            0  |            0  |
LEASEUNKNOWN      |            0  |            0  |            0  |
LEASEACTIVE       |            0  |            0  |            0  |
BOOTP-REQUEST     |            0  |            0  |            0  |
BOOTP-REPLY       |            0  |            0  |            0  |
BOOTP-INVALID     |            0  |            0  |            0  |

show dhcp ipv4 server binding

To display DHCP client bindings for server, use the show dhcp ipv4 server binding command in EXEC mode.

show dhcp ipv4 server binding [ detail ] [ location node-ID ] [ interface type interface-path-ID] [ vrf vrf-name] [ ip-address address] [ mac-address address]

Syntax Description

detail

Displays detailed client binding information for all clients.

location node-ID

Displays detailed client binding information for a specified node.

interface type interface-path-ID

Displays client binding by interface.

Specifies the interface type. For more information, use the question mark (?) online help function.

Physical interface or virtual interface. Use the show interfaces command to see a list of all interfaces currently configured on the router.
Note    For more information about the syntax for the router, use the question mark (?) online help function.
vrf vrf-name

Displays client binding by vrf name.

ip-address address

Displays detailed client binding information per IP address or mac-address.

mac-address address

Displays detailed client binding information per mac-address.

Command Default

None

Command Modes

EXEC

Command History

Release Modification

Release 5.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation
ip-services

read

Example

This is a sample output from the show dhcp ipv4 server binding command:


RP/0/RSP0/CPU0:router# show dhcp ipv4 server binding detail

MAC Address:        	ca01.3fcd.0000
VRF:                		default
IP Address:         		10.10.10.6
Gateway IP Address: 	0.0.0.0
Server IP Address:  	11.11.11.3
ReceivedCircuit ID: 			-
InsertedCircuit ID: 			-
ReceivedRemote ID:  			-
InsertedRemote ID: 			-
Profile:            			foo
State:              		BOUND_DPM_CONNECTED
Client Lease:                    				600 secs (00:10:00)
Client Lease Remaining: 				442 secs (00:07:22)
Client ID:         		 0x00-0x76-0x6C-0x61-0x6E-0x31-0x30-0x30
Interface:          		GigabitEthernet0/1/0/0.100
VLAN:               		None
Subscriber Label:   	0x0

Related Commands

Command

Description

Displays DHCP server profile information.

Display DHCP server statistics.

show dhcp ipv4 server profile

To display DHCP server profile information, use the show dhcp ipv4 server profile command in EXEC mode.

show dhcp ipv4 server profile name profile-name [ location node-ID ]

Syntax Description

profile-name

Name of the profile.

location node-ID

Displays detailed DHCP server profile information for a specified node.

Command Default

None

Command Modes

EXEC

Command History

Release Modification

Release 5.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation
ip-services

read

Example

This is a sample output from the show dhcp ipv4 server profile command:

RP/0/RSP0/CPU0:router# show dhcp ipv4 server profile name foo 

Profile: 		foo
VRF References:
Interface References:	GigabitEthernet0/2/0/0

Related Commands

Command

Description

Displays DHCP client bindings for server.

Display DHCP server statistics.

show dhcp ipv4 server statistics

To display DHCP server statistics, use the show dhcp ipv4 server statistics command in EXEC mode.

show dhcp ipv4 server statistics[ [ raw [ all] [ include-zeroes] [ location node-ID ] ]

Syntax Description

raw

Displays debug statistics.

all

Displays debug statistics for base mode.

include-zeroes

Displays debug statistics that are zero.

location node-ID

Displays DHCP server statistics information for a specified node.

Command Default

None

Command Modes

EXEC

Command History

Release Modification

Release 5.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation
ip-services

read

Example

This is a sample output from the show dhcp ipv4 server statistics command:


RP/0/RSP0/CPU0:router# show dhcp ipv4 server statistics 

Related Commands

Command

Description

Displays DHCP client bindings for server.

Displays DHCP server profile information.

show dhcp ipv4 snoop binding

To show information concerning DHCP snooping bindings, use the show dhcp ipv4 snoop binding command in EXEC mode.

show dhcp ipv4 snoop binding [ mac-address mac-address | summary ]

Syntax Description

mac-address mac- address

(Optional) Displays the details of DHCP snooping client bindings associated with the specified MAC address.

summary

(Optional) displays the total number of DHCP snooping client bindings.

Command Default

Displays brief information about all DHCP snooping client bindings

Command Modes

EXEC

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read

The following example shows output from the dhcp ipv4 snoop binding command for all MAC addresses:

RP/0/RSP0/CPU0:router# show dhcp ipv4 snoop binding
Sun Apr  6 05:58:07.741 UTC

 MAC            IP                         Lease                                       Bridge
 Address        Address         State      Remaining  Interface                        Domain
-------------- --------------- ---------- ---------- -------------------------------- ---------
0000.6402.0102 192.128.0.1     BOUND      2499       Gi0/2/0/20.111                   mgmtEth
0000.6402.0103 192.128.0.2     BOUND      2499       Gi0/2/0/20.111                   mgmtEth
0000.6402.0104 192.128.0.3     BOUND      2499       Gi0/2/0/20.111                   mgmtEth
0000.6402.0105 192.128.0.4     BOUND      2499       Gi0/2/0/20.111                   mgmtEth
0000.6402.0106 192.128.0.5     BOUND      2499       Gi0/2/0/20.111                   mgmtEth
0000.6402.0107 192.128.0.6     BOUND      2499       Gi0/2/0/20.111                   mgmtEth
0000.6402.0108 192.128.0.7     BOUND      2499       Gi0/2/0/20.111                   mgmtEth
0000.6402.0109 192.128.0.8     BOUND      2499       Gi0/2/0/20.111                   mgm:mhd
0000.6402.010a 192.128.0.9     BOUND      2499       Gi0/2/0/20.111                   mgm:mhd
0000.6402.010b 192.128.0.10    BOUND      2499       Gi0/2/0/20.111                   mgm:mhd

The following example shows output from the dhcp ipv4 snoop binding command using the optional summary keyword:

RP/0/RSP0/CPU0:router# show dhcp ipv4 snoop binding summary
Sun Apr  6 06:45:03.878 UTC

Number of IPv4 DHCP Snoop bindings: 10

The following example shows output from the dhcp ipv4 snoop binding command using a specific MAC address:

RP/0/RSP0/CPU0:router# show dhcp ipv4 snoop binding mac-address 0000.6402.0102
Sun Apr  6 06:45:03.878 UTC

MAC Address:         0000.6402.0102
  IP Address:        192.128.0.1
  Client ID:         0064
  Profile:           s1
  State:             BOUND
  Lease (sec):       3600
Remaining (sec):     2833
Bridge Domain:       mgm:mhd
Interface:           GigabitEthernet0/2/0/10.111

Related Commands

Command

Description

clear dhcp ipv4 snoop binding

Clears DHCP snooping bindings.

show dhcp ipv4 snoop statistics

Displays statistics for a specific bridge-domain.

show dhcp ipv6 database

To display the DHCPv6 database state, use the show dhcp ipv6 database command in EXEC mode.

show dhcp ipv6 database [ location node-id]

Syntax Description

locationnode-id

(Optional) Location of a particular IPv4 access list. The node-id argument is entered in the rack/slot/module notation.

Command Default

By default, the database file on the RP node is displayed.

Command Modes

EXEC

Command History

Release Modification
Release 4.3.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation
ip-services

read

Example

This example show how to display the DHCPv6 database state:


RP/0/RSP0/CPU0:router# show dhcp ipv6 database 

Database:
Current file version:                1
Full file:
  write interval:                    10 seconds
  last file name:                    /harddiska:/dhcp/dhcpv6_srpb_1_even
  last write time:                   Apr-02-2010-08:35:47
  write count:                       10
  failed write count:                0
  record count:                      1000
  last write error:                  -
  last write error timestamp:        -
Incremental file:
  write interval:                    1 second
  last file name:                    /harddiska:/dhcp/dhcpv6_srpb_1_odd_inc
  last write time:                   Apr-02-2010-08:34:47
  write count:                       81
  failed write count:                0
  record count:                      373
  last write error:                  -
  last write error timestamp:        -


Related Commands

Command

Description

database

Enables DHCP binding database storage to the file system.

show dhcp ipv4 snoop statistics

To display statistics for a specific bridge domain, use the show dhcp ipv4 snoop statistics command in EXEC mode.

show dhcp ipv4 snoop statistics [ bridge-domain bridge-domain-name ]

Syntax Description

bridge-domain bridge-domain- name

(Optional) Specifies a specific bridge-domain.

Command Default

Displays a table of DHCP snooping receive (RX), transmit (TX), and drop (DR) packet statistics for each bridge domain.

Command Modes

EXEC

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that incoudes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read

The following shows output from the show dhcp ipv4 snoop statistics command, showing a table of DHCP snooping RX, TX, and DR packet statistics for each bridge domain:

RP/0/RSP0/CPU0:router# show dhcp ipv4 snoop statistics
Sun Apr  6 05:55:57.524 UTC

              Bridge                          |       RX       |      TX       |       DR      |
------------------------------------------------------------------------------------------------
 mgm:mhd                                      |          964   |          964  |            0  |

The following shows output from the show dhcp ipv4 snoop statistics command, showing a table of DHCP snooping RX, Tx, and Drop packet statistics for a specific bridge domain:

RP/0/RSP0/CPU0:router# show dhcp ipv4 snoop statistics bridge-domain mgm:mhd
Sun Apr  6 05:57:03.600 UTC

DNCP IPv4 Snoop Statistics for Bridge mgm:mhd:

     TYPE         |    RECEIVE    |    TRANSMIT   |     DROP      |
-------------------------------------------------------------------
 DISCOVER         |          111  |          111  |            0  |
 OFFER            |          111  |          111  |            0  |
 REQUEST          |          371  |          371  |            0  |
 DECLINE          |            0  |            0  |            0  |
 ACK              |          371  |          371  |            0  |
 NAK              |            0  |            0  |            0  |
 RELEASE          |            0  |            0  |            0  |
 INFORM           |            0  |            0  |            0  |
 LEASEQUERY       |            0  |            0  |            0  |
 LEASEUNASSIGNED  |            0  |            0  |            0  |
 LEASEUNKNOWN     |            0  |            0  |            0  |
 LEASACTIVE       |            0  |            0  |            0  |
 BOOTP-REQUEST    |            0  |            0  |            0  |
 BOOTP-REPLY      |            0  |            0  |            0  |
 BOOTP-INVALID    |            0  |            0  |            0  |

Related Commands

Command

Description

show dhcp ipv4 snoop binding

Displays details of a specific DHCP snooping profile.

show dhcp ipv6 proxy interface

To display the proxy interface information for Dynamic Host Configuration Protocol (DHCP), use the show dhcp ipv6 proxy interface command in EXEC mode.

show dhcp ipv6 proxy interface { type | interface-path-id } { location | location }

Syntax Description

type

Interface type. For more information, use the question mark (?) online help function.

interface-path-id

Physical interface or virtual interface.

Note   

Use the show interfaces command to see a list of all interfaces currently configured on the router.

For more information about the syntax for the router, use the question mark ( ? ) online help function.

location

Displays the node location by Interface.

location

Displays the fully qualified location specification of an interface.

Command Default

None

Command Modes

EXEC mode

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

ip-services

read

This is a sample output from the show dhcp ipv6 proxy interface command:


RP/0/RSP0/CPU0:router# show dhcp ipv6 proxy interface 

Tue Sep  4 19:14:54.056 UTC
Codes: Amb - Ambiguous VLAN, B - Base, R - Relay, P - Proxy,
       SR - Server, S - Snoop, C - Client, INV - Invalid
       CID - Circuit Id, RID - Remote Id, INTF - Interface

Interface              Mode Profile Name                             Amb Lease Limit
------------------------------------------------------------------------------------
BE1.100                P    pxy1                                     No  None
BE1.200                P    pxy1                                     No  None
BE1.250                P    pxy1                                     Yes None
BE1.400                P    pxy1                                     Yes None


show dhcp vrf ipv4 server statistics

To display DHCP server statistics for the default vrf or a specific vrf, use the show dhcp vrf ipv4 server statistics command in EXEC mode.

show dhcp vrf { default | vrf-name} [ location node-ID ]

Syntax Description

default

Display DHCP server statistics for the default vrf.

vrf-name

Display DHCP server statistics for a specific vrf.

location node-ID

Displays DHCP server statistics information for a specified node.

Command Default

None

Command Modes

EXEC

Command History

Release Modification

Release 5.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation
ip-services

read

Example

This is a sample output from the show dhcp vrf default ipv4 server statistics command:


RP/0/RSP0/CPU0:router# show dhcp vrf default ipv4 server statistics 

Related Commands

Command

Description

time-server

To configure the time server, use the time-server command in the DHCPv4 server profile submode. To deconfigure, use the no form of this command.

time-server address1address2... address8

no time-server address1address2... address8

Syntax Description

address1address2...address8

Name of the server or IP address.

Command Default

None

Command Modes

DHCPv4 Server Profile

Command History

Release Modification

Release 5.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation
ip-services

read, write

Example

This is a sample output from the time-server command:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile P1 server
RP/0/RSP0/CPU0:router(config-dhcpv4-server-profile)# time-server 10.20.3.8

Related Commands

Command

Description

bootfile

Configures the bootfile.

broadcast-flag policy check

Configures DHCPv4 Server to only broadcast BOOTREPLY packets.

trusted

To configure a DHCP snooping profile to supported trusted sources, use the trusted command in DCHP IPv4 Profile Snoop configuration mode. To restore the interface to the default behavior, us the no form of the command.

trusted

no trusted

Command Default

By default, the DHCP snooping profile is for untrusted sources.

Command Modes

DHCP IPv4 Snoop Profile configuration mode

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

A bridge port can be configured to be trusted by assigning this DHCP snooping profile to a bridge port or a bridge-domain.

DHCP snooping selectively forwards DHCP DISCOVER and DHCP REQUEST messages to trusted interfaces only, thereby preventing often malicious hosts from seeing the DHCP exchanges.

Task ID

Task ID

Operations

ip-services

read

The following example shows how to configure the snoop profile named trustedServerProfile to be trusted:

RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile trestedServerProfile snoop
RP/0/RSP0/CPU0:router(config-dhcpv4-snoop-profile)# trusted

Related Commands

Command

Description

relay information option

Allows the insertion of a DHCP relay agent information option in forwarded BOOTREQUEST messages on a DHCP server.

relay information option allow-untrusted

Configures the DHCP component to not drop BOOTREQUEST messages that have the relay information option set and giaddr set to zero.

vrf (relay profile)

To configure a relay profile on a VPN routing and forwarding (VRF) instance, use the vrf (relay profile) command in Dynamic Host Configuration Protocol (DHCP) IPv4 configuration mode. To disable this feature, use the no form of this command.

vrf { vrf-name { relay | server } profile-name | default | all }

no vrf { vrf-name { relay | server } profile-name | default | all }

Syntax Description

vrf-name

User-defined name for the VRF.

relay

Specifies a relay profile.

server

Specifies a server profile.

profile-name

Specifies a name for the profile.

default

Specifies a profile for the default VRF.

all

Specifies a profile for all VRFs. This option is not available for server profiles.

Command Default

If default is selected, then the configuration defaults to VRF.

Command Modes

DHCP IPv4 configuration

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Release 5.1

The server keyword was added.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read, write

The following example shows how to set the relay profile for all VRFs:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# vrf all
The following example shows how to set the server profile for all VRFs:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# vrf V1 server profile TEST

Related Commands

Command

Description

dhcp ipv4

Enables DHCP for IPv4 and enters DHCP IPv4 configuration mode.

Configures how a relay agent processes BOOTREQUEST messages that already contain a nonzero giaddr attribute.

Configures the DHCP relay agent to relay packets to a specific DHCP Server.

profile (DHCP)

Configures a relay profile for the DHCP IPv4 component.

relay information check

Configures a DHCP server to validate the relay agent information option in forwarded BOOTREPLY messages.

relay information option

Enables the system to insert a DHCP relay agent information option in forwarded BOOTREQUEST messages to a DHCP server.

relay information option allow-untrusted

Configures the DHCP component to not drop BOOTREQUEST messages that have the relay information option set and the giaddr set to zero.

Configures how a relay agent processes BOOTREQUEST messages that already contain a relay information option.