IP Addressing: DHCP Configuration Guide, Cisco IOS XE Gibraltar 16.12.x
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Cisco routers running Cisco IOS XE software include Dynamic Host Configuration Protocol (DHCP) server and relay agent software.
A DHCP relay agent is any host that forwards DHCP packets between clients and servers. This module describes the concepts
and tasks needed to configure the Cisco IOS XE DHCP relay agent.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information,
see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module,
and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature
Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for Configuring the DHCP Relay Agent
Before you configure the DHCP relay agent, you should understand the concepts documented in the “DHCP Overview” module.
The Cisco IOS XE DHCP server and relay agent are enabled by default. You can verify if they have been disabled by checking
your configuration file. If they have been disabled, the noservicedhcp command will appear in the configuration file. Use the servicedhcp command to reenable the functionality if necessary.
The Cisco IOS XE DHCP relay agent will be enabled on an interface only when the iphelper-address is configured. This command enables the DHCP broadcast to be forwarded to the configured DHCP server.
Information About the DHCP Relay Agent
DHCP Relay Agent
Overview
A DHCP relay agent
is any host that forwards DHCP packets between clients and servers. Relay
agents are used to forward requests and replies between clients and servers
when they are not on the same physical subnet. Relay agent forwarding is
distinct from the normal forwarding of an IP device, where IP datagrams are
switched between networks somewhat transparently. By contrast, relay agents
receive DHCP messages and then generate a new DHCP message to send out on
another interface. The relay agent sets the gateway IP address (giaddr field of
the DHCP packet) and, if configured, adds the relay agent information option
(option82) in the packet and forwards it to the DHCP server. The reply from the
server is forwarded back to the client after removing option 82.
The DHCP relay
agent supports the use of unnumbered interfaces. An unnumbered interface can
“borrow” the IP address of another interface already configured on the device,
which conserves network and address space. For DHCP clients connected though
the unnumbered interfaces, the DHCP relay agent automatically adds a static
host route once the DHCP client obtains an address, specifying the unnumbered
interface as the outbound interface. The route is automatically removed once
the lease time expires or when the client releases the address.
Packet Forwarding Address
DHCP clients need to use User Datagram Protocol (UDP) broadcasts to send their initial DHCPDISCOVER messages because they
don’t have information about the network to which they are attached. If the client is on a network segment that does not include
a server, UDP broadcasts normally are not forwarded because most routers are configured to not forward broadcast traffic.
You can remedy this situation by configuring the interface of your router that is receiving the broadcasts to forward certain
classes of broadcasts to a helper address. You can use more than one helper address per interface.
When a router forwards these address assignment/parameter requests, it is acting as a DHCP relay agent. The Cisco router
implementation of the DHCP relay agent is provided via the
iphelper-address interface configuration command.
In the figure below, the DHCP client broadcasts a request for an IP address and additional configuration parameters on its
local LAN. Router B, acting as a DHCP relay agent, picks up the broadcast and generates a new DHCP message to send out on
another interface. As part of this DHCP message, the relay agent inserts the IP address of the interface containing the
iphelper-address command into the gateway IP address (giaddr) field of the DHCP packet. This IP address enables the DHCP server to determine
which subnet should receive the offer and identify the appropriate IP address range to offer. The DHCP relay agent sends the
local broadcast, via IP unicast, to the DHCP server address 172.16.1.2 specified by the
iphelper-address interface configuration command.
Relay Agent Information Option
Automatic DHCP address allocation is typically based on an IP address, whether it be the gateway IP address (giaddr field
of the DHCP packet) or the incoming interface IP address. In some networks, it is necessary to use additional information
to further determine which IP addresses to allocate. By using the relay agent information option (option 82), the Cisco IOS
XE relay agent can include additional information about itself when forwarding client-originated DHCP packets to a DHCP server.
Cisco IOS XE supports this functionality by using the
ipdhcprelayinformationoption command. The relay agent will automatically add the circuit identifier suboption and the remote ID suboption to the relay
agent information option and forward them to the DHCP server.
The DHCP server can use this information to assign IP addresses, perform access control, and set quality of service (QoS)
and security policies (or other parameter-assignment policies) for each subscriber of a service provider network.
Note
When CTS role-based enforcement is enabled, broadcast packets are dropped if the default policy is deny all. To allow the
DHCP snooping broadcast packets, the default policy must have an ACE to permit the DHCP broadcast traffic.
The figure below shows how the relay agent information option is inserted into the DHCP packet as follows:
The DHCP client generates a DHCP request and broadcasts it on the network.
The DHCP relay agent intercepts the broadcast DHCP request packet and inserts the relay agent information option (option
82) in the packet. The relay agent information option contains the related suboptions.
The DHCP relay agent unicasts the DHCP packet to the DHCP server.
The DHCP server receives the packet and uses the suboptions to assign IP addresses and other configuration parameters and
forwards them back to the client.
The relay agent strips off the suboption fields of the packet while forwarding to the client.
Relay Agent Information Reforwarding Policy
A DHCP relay agent may receive a message from another DHCP relay agent that already contains relay information. By default,
the relay information from the previous relay agent is replaced. If this behavior is not suitable for your network, you can
use the ipdhcprelayinformationpolicy {drop | keep | replace} global configuration command to change it.
To ensure the correct operation of the reforwarding policy, make sure to disable the relay agent information check by using
the noipdhcprelayinformationcheck global configuration command.
DHCP Relay Agent Support for MPLS VPNs
DHCP relay support for Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) enables a network administrator
to conserve address space by allowing overlapping addresses. The relay agent can support multiple clients on different VPNs,
and many of these clients from different VPNs can share the same IP address.
Configuring VPNs involves an adjustment to the usual DHCP host IP address designation. VPNs use private address spaces that
might not be unique across the Internet.
In some environments, a relay agent resides in a network element that also has access to one or more MPLS VPNs. A DHCP server
that provides service to DHCP clients on those different VPNs must locate the VPN in which each client resides. The network
element that contains the relay agent typically captures the VPN association of the DHCP client and includes this information
in the relay agent information option of the DHCP packet.
DHCP relay support for MPLS VPNs allows the relay agent to forward this necessary VPN-related information to the DHCP server
using the following three suboptions of the DHCP relay agent information option:
VPN identifier
Subnet selection
Server identifier override
The VPN identifier suboption is used by the relay agent to tell the DHCP server the VPN for every DHCP request it passes
on to the DHCP server, and it is also used to properly forward any DHCP reply that the DHCP server sends back to the relay
agent. The VPN identifier suboption contains the VPN ID configured on the incoming interface to which the client is connected.
If you configure the VRF name but not the VPN ID, the VRF name is used as the VPN identifier suboption. If the interface is
in global routing space, the VPN suboptions are not added.
The subnet selection suboption allows the separation of the subnet where the client resides from the IP address used to communicate
with the relay agent. In typical DHCP processing, the gateway address specifies both the subnet on which a DHCP client resides
and the IP address that the server can use to communicate with the relay agent. Situations exist where the relay agent needs
to specify the subnet on which a DHCP client resides that is different from the IP address the server can use to communicate
with the relay agent. The subnet selection suboption is included in the relay agent information option and passed on to the
DHCP server. The gateway address is changed to the outgoing interface of the relay agent toward the DHCP server. The DHCP
server uses this gateway address to send reply packets back to the relay agent.
The server identifier override suboption value is copied in the reply packet from the DHCP server instead of the normal server
ID address. The server identifier override suboption contains the incoming interface IP address, which is the IP address on
the relay agent that is accessible from the client. Using this information, the DHCP client sends all renew and release packets
to the relay agent. The relay agent adds all of the VPN suboptions and then forwards the renew and release packets to the
original DHCP server.
After adding these suboptions to the DHCP relay agent information option, the gateway address is changed to the outgoing
interface of the relay agent toward the DHCP server. When the packets are returned from the DHCP server, the relay agent removes
the relay agent information options and forwards the packets to the DHCP client on the correct VPN.
The figure below shows a VPN scenario where the DHCP relay agent and DHCP server can recognize the VPN that each client resides
within. DHCP client 1 is part of VPN green and DHCP client 2 is part of VPN red and both have the same private IP address
192.168.1.0/24. Because the clients have the same IP address, the DHCP relay agent and DHCP server use the VPN identifier,
subnet selection, and server identifier override suboptions of the relay agent information option to distinguish the correct
VPN of the client.
DHCP Relay Support for Option 82 Encapsulation
When two relay agents are relaying messages between the DHCP client and
DHCP server, the second relay agent (closer to the server), by default,
replaces the first option 82 information with its own option 82. The remote ID
and circuit ID information from the first relay agent is lost. In some
deployment scenarios, it is necessary to maintain the initial option 82 from
the first relay agent, in addition to the option 82 from the second relay
agent. For example, an Intelligent Service Gateway (ISG) acting as a second
relay agent is connected to a Layer 2 device. The Layer 2 device connects to
the household and identifies the household with its own option 82.
The DHCP Relay Option 82 Encapsulation feature allows the second relay
agent to encapsulate option 82 information in a received message from the first
relay agent if it is also configured to add its own option 82 information. This
configuration allows the DHCP server to use option 82 information from both
relay agents. The DHCP server can use the VPN information from the second relay
agent along with the option 82 information from the first relay agent to send
correct address assignments and other configuration parameters for the client
devices based on the VRF, option 60, and encapsulated option 82. The reply
message from the DHCP server to the DHCP client traverses the same path as the
request messages through the two relay agents to the DHCP client.
Figure 4 shows the processing that occurs on the two relay agents and
the DHCP server when this feature is configured:
The DHCP client generates a
DHCP message (including option 60) and broadcasts it on the network.
The first DHCP relay agent
intercepts the broadcast DHCP request packet and inserts its own option 82 in
the packet.
The relay agent
automatically adds the circuit ID suboption and the remote ID suboption to
option 82 and forwards them to the second relay agent.
The second relay agent
encapsulates the first relay agent’s option 82 and inserts its own option 82.
The gateway IP address
(giaddr) is set to the incoming interface on the second relay agent and the
original giaddr from the first relay agent is encapsulated.
The second DHCP relay agent
unicasts the DHCP packet to the DHCP server.
The DHCP server receives
the packet and uses the VPN suboption information from the second relay, along
with the option 82 information from the first relay agent, to assign IP
addresses and other configuration parameters and forwards the packet back to
the second relay agent.
When the second relay agent
receives the reply message from the server, it restores the encapsulated option
82 and prior giaddr from the first relay agent. The reply message is then sent
to the prior giaddr.
The option 82 is stripped
off of the packet by the first relay agent before forwarding to the client.
How to Configure the DHCP Relay Agent
Specifying the Packet
Forwarding Address
Perform this task
to configure the DHCP relay agent to forward packets to a DHCP server.
SUMMARY STEPS
enable
configureterminal
interfacetypenumber
iphelper-addressaddress
DETAILED STEPS
Command or Action
Purpose
Step 1
enable
Example:
Device> enable
Enables
privileged EXEC mode.
Enter
your password if prompted.
Step 2
configureterminal
Example:
Device# configure terminal
Enters global
configuration mode.
Step 3
interfacetypenumber
Example:
Device(config)# interface GigabitEthernet0/0/0
Configures an
interface and enters interface configuration mode.
Step 4
iphelper-addressaddress
Example:
Device(config-if)# ip helper-address 172.16.1.2
Forwards UPD
broadcasts, including BOOTP and DHCP.
The
addressargument can be a specific DHCP server
address, or it can be the network address if other DHCP servers are on the
destination network segment. Using the network address enables other servers to
respond to DHCP requests.
If you
have multiple servers, you can configure one helper address for each server.
Note
If Intelligent Wireless Access Gateway (IWAG) router is relaying DHCP packets to external DHCP server, it requires to configure
DHCP relay pool instead of ip helper address under subscriber interface to be stateful.
ipdhcp poolDHCP_Relay_pool_name
ip dhcp pool relay_pool1
relay source 10.56.151.76
relay destination 10.48.155.76
Configuring Relay Agent Information Option Support
Perform this task to enable support for the DHCP relay agent information option.
Note
If an
ipdhcprelayinformation command is configured in global configuration mode but not configured in interface configuration mode, the global configuration
is applied to all interfaces.
If an
ipdhcprelayinformation command is configured in both global configuration mode and interface configuration mode, the interface configuration command
takes precedence over the global configuration command. However, the global configuration is applied to interfaces without
the interface configuration.
If an
ipdhcprelayinformation command is not configured in global configuration mode but is configured in interface configuration mode, only the interface
with the configuration option applied is affected. All other interfaces are not impacted by the configuration.
See the "Configuring Relay Agent Information Option Support per Interface" section for more information on per-interface
support for the relay agent information option.
>
SUMMARY STEPS
enable
configureterminal
ipdhcprelayinformationoption
ipdhcprelayinformationcheck
ipdhcprelayinformationpolicy{drop|keep|replace}
ipdhcprelayinformationtrust-all
end
showipdhcprelayinformationtrusted-sources
DETAILED STEPS
Command or Action
Purpose
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode.
Enter your password if prompted.
Step 2
configureterminal
Example:
Router# configure terminal
Enters global configuration mode.
Step 3
ipdhcprelayinformationoption
Example:
Router(config)# ip dhcp relay information option
Enables the system to insert the DHCP relay agent information option (option-82 field) in forwarded BOOTREQUEST messages
to a DHCP server.
This function is disabled by default.
Step 4
ipdhcprelayinformationcheck
Example:
Router(config)# ip dhcp relay information check
(Optional) Configures DHCP to check that the relay agent information option in forwarded BOOTREPLY messages is valid.
By default, DHCP checks that the option-82 field in DHCP reply packets it receives from the DHCP server is valid. If an invalid
message is received, the relay agent drops it. If a valid message is received, the relay agent removes the option-82 field
and forwards the packet. Use the
ipdhcprelayinformationcheck command to reenable this functionality if it has been disabled.
Step 5
ipdhcprelayinformationpolicy{drop|keep|replace}
Example:
Router(config)# ip dhcp relay information policy replace
(Optional) Configures the reforwarding policy for a DHCP relay agent (what a relay agent should do if a message already contains
relay information).
See the "Relay Agent Information Reforwarding Policy" section for more information.
Step 6
ipdhcprelayinformationtrust-all
Example:
Router(config)# ip dhcp relay information trust-all
(Optional) Configures all interfaces on a router as trusted sources of the DHCP relay information option.
By default, if the gateway address is set to all zeros in the DHCP packet and the relay agent information option is already
present in the packet, the DHCP relay agent will discard the packet. Use the
ipdhcprelayinformationtrust-allcommand to override this behavior and accept the packets.
This command is useful if there is a switch in between the client and the relay agent that may insert option 82. Use this
command to ensure that these packets do not get dropped.
You can configure an individual interface as a trusted source of the DHCP relay information option by using the
ipdhcprelayinformationtrusted interface configuration mode command.
Step 7
end
Example:
Router(config)# end
Returns to privileged EXEC mode.
Step 8
showipdhcprelayinformationtrusted-sources
Example:
Router# show ip dhcp relay information trusted-sources
(Optional) Displays all interfaces configured to be a trusted source for the DHCP relay information option.
Configuring Relay Agent Information Option Support per Interface
Perform this task to enable support for the DHCP relay agent information option (option 82) on a per interface basis.
The interface configuration allows the subscribers with different DHCP option 82 requirements on different interfaces to
be reached from one Cisco router.
Before you begin
Read the “Restrictions” and "Relay Agent Information Reforwarding Policy" sections to understand how DHCP processes the relay
agent information option for global configurations.
Note
If an
ipdhcprelayinformation command is configured in global configuration mode but not configured in interface configuration mode, the global configuration
is applied to all interfaces.
If an
ipdhcprelayinformation command is configured in both global configuration mode and interface configuration mode, the interface configuration command
takes precedence over the global configuration command. However, the global configuration is applied to interfaces without
the interface configuration.
If an
ipdhcprelayinformation command is not configured in global configuration mode but is configured in interface configuration mode, only the interface
with the configuration option applied is affected. All other interfaces are not impacted by the configuration.
Repeat Steps 3 through 7 to configure relay agent information settings on different interfaces.
DETAILED STEPS
Command or Action
Purpose
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode.
Enter your password if prompted.
Step 2
configureterminal
Example:
Router# configure terminal
Enters global configuration mode.
Step 3
interfacetypenumber
Example:
Router(config)# interface GigabitEthernet0/0/0
Configures an interface and enters interface configuration mode.
Step 4
ipdhcprelayinformationoption-insert[none]
Example:
Router(config-if)# ip dhcp relay information option-insert
Enables the system to insert the DHCP relay agent information option (option-82 field) in forwarded BOOTREQUEST messages
to a DHCP server.
This function is disabled by default. However, if support for the relay agent information option is configured in global
configuration mode, but not in interface configuration mode, the interface inherits the global configuration.
The
ipdhcprelayinformationoption-insertnone interface configuration command is saved in the running configuration. This command takes precedence over any global relay
agent information configuration.
Step 5
ipdhcprelayinformationcheck-reply[none]
Example:
Router(config-if)# ip dhcp relay information check-reply
Configures a DHCP server to validate the relay information option in forwarded BOOTREPLY messages.
By default, DHCP checks that the option-82 field in DHCP reply packets it receives from the DHCP server is valid. If an invalid
message is received, the relay agent drops it. If a valid message is received, the relay agent removes the option-82 field
and forwards the packet. Use the
ipdhcprelayinformationcheck-reply command to reenable this functionality if it has been disabled.
The
ipdhcprelayinformationcheck-replynone interface configuration command option is saved in the running configuration. This command takes precedence over any global
relay agent information configuration.
Router(config-if)# ip dhcp relay information policy-action replace
Configures the information reforwarding policy for a DHCP relay agent (what a relay agent should do if a message already
contains relay information).
Step 7
exit
Example:
Router(config-if)# exit
Exits interface configuration mode.
Step 8
Repeat Steps 3 through 7 to configure relay agent information settings on different interfaces.
(Optional)
Configuring the Subscriber
Identifier Suboption of the Relay Agent Information Option
Perform this task
to enable an Internet service provider (ISP) to add a unique identifier to the
subscriber-identifier suboption of the relay agent information option.
The unique
identifier enables an ISP to identify a subscriber, to assign specific actions
to that subscriber (for example, assignment of host IP address, subnet mask,
and domain name system DNS), and to trigger accounting.
Before the
introduction of this feature, if a subscriber moved, each ISP had to be
informed of the change and all ISPs had to reconfigure the DHCP settings for
the affected customers at the same time. Even if the service was not changed,
every move involved administrative changes in the ISP environment. With the
introduction of this feature, if a subscriber moves from one Network Access
Server to another, there is no need for a change in the configuration on the
part of the DHCP server or ISP.
Before you begin
You should
configure the unique identifier for each subscriber.
The new
configurable subscriber-identifier option should be configured on the interface
connected to the client. When a subscriber moves from one interface to the
other, the interface configuration should also be changed.
The server should
be able to recognize the new suboption.
SUMMARY STEPS
enable
configureterminal
ipdhcprelayinformationoption
interfacetypenumber
ipdhcprelayinformationoptionsubscriber-idstring
DETAILED STEPS
Command or Action
Purpose
Step 1
enable
Example:
Device> enable
Enables
privileged EXEC mode.
Enter
your password if prompted.
Step 2
configureterminal
Example:
Device# configure terminal
Enters global
configuration mode.
Step 3
ipdhcprelayinformationoption
Example:
Device(config)# ip dhcp relay information option
Enables the
system to insert the DHCP relay agent information option (option-82 field) in
forwarded BOOTREQUEST messages to a DHCP server.
This
function is disabled by default.
Step 4
interfacetypenumber
Example:
Device(config)# interface atm4/0/0
Configures an
interface and enters interface configuration mode.
Step 5
ipdhcprelayinformationoptionsubscriber-idstring
Example:
Device(config-if)# ip dhcp relay information option subscriber-id newsubscriber123
Specifies
that a DHCP relay agent add a subscriber identifier suboption to the relay
information option.
The
string
argument can be up to a maximum of 50 characters and can be alphanumeric.
Note
If more
than 50 characters are configured, the string is truncated.
Note
The
ipdhcprelayinformationoptionsubscriber-idcommand is disabled by default to
ensure backward capability.
Configuring DHCP Relay
Agent Support for MPLS VPNs
Perform this task
to configure DHCP relay agent support for MPLS VPNs.
Before you begin
Before
configuring DHCP relay support for MPLS VPNs, you must configure standard MPLS
VPNs.
SUMMARY STEPS
enable
configureterminal
ipdhcprelayinformationoptionvpn
interfacetypenumber
iphelper-addressvrfname [global]
address
DETAILED STEPS
Command or Action
Purpose
Step 1
enable
Example:
Device> enable
Enables
privileged EXEC mode.
Enter
your password if prompted.
Step 2
configureterminal
Example:
Device# configure terminal
Enters global
configuration mode.
Step 3
ipdhcprelayinformationoptionvpn
Example:
Device(config)# ip dhcp relay information option vpn
Enables the
system to insert VPN suboptions into the DHCP relay agent information option in
forwarded BOOTREQUEST messages to a DHCP server and sets the gateway address to
the outgoing interface toward the DHCP server.
The VPN
suboptions are also added to the BOOTP broadcast packets when the command is
configured.
Step 4
interfacetypenumber
Example:
Device(config)# interface GigabitEthernet0/0/0
Configures an
interface and enters interface configuration mode.
Step 5
iphelper-addressvrfname [global]
address
Example:
Device(config-if)# ip helper-address vrf blue 172.27.180.232
Forwards UDP
broadcasts, including BOOTP, received on an interface.
If the
DHCP server resides in a different VPN or global space that is different from
the VPN, then the
vrfname or
global
options allow you to specify the name of the VRF or global space in which the
DHCP server resides.
Setting the Gateway Address
of the DHCP Broadcast to a Secondary Address Using Smart Relay Agent
Forwarding
You only need to
configure helper addresses on the interface where the UDP broadcasts that you
want to forward to the DHCP server are being received. You only need to
configure the
ipdhcpsmart-relay command if you have secondary
addresses on that interface and you want the device to step through each IP
network when forwarding DHCP requests. If smart relay agent forwarding is not
configured, all requests are forwarded using the primary IP address on the
interface.
If the
ipdhcpsmart-relay command is configured, the relay agent
counts the number of times that the client retries sending a request to the
DHCP server when there is no DHCPOFFER message from the DHCP server. After
three retries, the relay agent sets the gateway address to the secondary
address. If the DHCP server still does not respond after three more retries,
then the next secondary address is used as the gateway address.
This
functionality is useful when the DHCP server cannot be configured to use
secondary pools.
SUMMARY STEPS
enable
configureterminal
ipdhcpsmart-relay
exit
DETAILED STEPS
Command or Action
Purpose
Step 1
enable
Example:
Device> enable
Enables
privileged EXEC mode.
Enter
your password if prompted.
Step 2
configureterminal
Example:
Device# configure terminal
Enters global
configuration mode.
Step 3
ipdhcpsmart-relay
Example:
Device(config)# ip dhcp smart-relay
Allows the
DHCP relay agent to switch the gateway address (giaddr field of a DHCP packet)
to a secondary address when there is no DHCPOFFER message from a DHCP server.
Step 4
exit
Example:
Device(config)# exit
Returns to
privileged EXEC mode.
Configuring Relay Agent Information Option Encapsulation Support
Perform this task to enable support for the encapsulation of the DHCP relay agent information option (option 82).
SUMMARY STEPS
enable
configureterminal
ipdhcprelayinformationoption
ipdhcprelayinformationoptionvpn
ipdhcprelayinformationpolicyencapsulate
interfacetypenumber
ipdhcprelayinformationpolicy-actionencapsulate
DETAILED STEPS
Command or Action
Purpose
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode.
Enter your password if prompted.
Step 2
configureterminal
Example:
Router# configure terminal
Enters global configuration mode.
Step 3
ipdhcprelayinformationoption
Example:
Router(config)# ip dhcp relay information option
Enables the system to insert the DHCP relay agent information option (option-82 field) in forwarded BOOTREQUEST messages to
a DHCP server.
This function is disabled by default.
Step 4
ipdhcprelayinformationoptionvpn
Example:
Router(config)# ip dhcp relay information option vpn
(Optional) Enables the system to insert VPN suboptions into the DHCP relay agent information option in forwarded BOOTREQUEST
messages to a DHCP server and sets the gateway address to the outgoing interface toward the DHCP server.
The VPN suboptions are also added to the BOOTP broadcast packets when the command is configured.
Step 5
ipdhcprelayinformationpolicyencapsulate
Example:
Router(config)# ip dhcp relay information policy encapsulate
Enables the system to encapsulate the DHCP relay agent information option (option-82 field) received from a prior relay agent
in forwarded BOOTREQUEST messages to a DHCP server.
Option 82 information from both relay agents will be forwarded to the DHCP server.
Step 6
interfacetypenumber
Example:
Router(config)# interface FastEthernet0/0
(Optional) Configures an interface and enters interface configuration mode.
If you configure the ipdhcprelayinformation command in global configuration mode, there is no need to configure the command in interface configuration mode unless you
want a different configuration to apply on specific interfaces.
Step 7
ipdhcprelayinformationpolicy-actionencapsulate
Example:
Router(config-if)# ip dhcp relay information policy-action encapsulate
(Optional) Enables the system to encapsulate the DHCP relay agent information option (option-82 field) received on an interface
from a prior relay agent in forwarded BOOTREQUEST messages to a DHCP server on an interface.
This function is disabled by default. This command has precedence over any global configuration. However, if support for the
relay agent information option encapsulation support is configured in global configuration mode, but not in interface configuration
mode, the interface inherits the global configuration.
Troubleshooting the DHCP
Relay Agent
Perform this task
to troubleshoot the DHCP relay agent.
The
showiproutedhcp command is useful to help you understand any
problems with the DHCP relay agent adding routes to clients from unnumbered
interfaces. All routes added to the routing table by the DHCP server and relay
agent are displayed.
SUMMARY STEPS
enable
showiproutedhcp
showiproutedhcpip-address
showiproutevrfvrf-namedhcp
cleariproute [vrfvrf-name]
dhcp [ip-address]
DETAILED STEPS
Command or Action
Purpose
Step 1
enable
Example:
Device> enable
Enables
privileged EXEC mode.
Enter
your password if prompted.
Step 2
showiproutedhcp
Example:
Device# show ip route dhcp
Displays all
routes added by the DHCP server and relay agent.
Step 3
showiproutedhcpip-address
Example:
Device# show ip route dhcp 172.16.1.3
Displays all
routes added by the DHCP server and relay agent associated with an IP address.
Step 4
showiproutevrfvrf-namedhcp
Example:
Device# show ip route vrf red dhcp
Displays all
routes added by the DHCP server and relay agent associated with the named VRF.
Step 5
cleariproute [vrfvrf-name]
dhcp [ip-address]
Example:
Device# clear ip route dhcp
Removes
routes from the routing table added by the DHCP server and relay agent for the
DHCP clients on unnumbered interfaces.
Configuration Examples for the DHCP Relay Agent
Example Configuring the DHCP Relay Agent and Relay Agent Information Option Support
The following example shows how to enable the DHCP server, the relay agent, and the insertion and removal of the DHCP relay
information option (option 82). Note that the Cisco IOS XE DHCP server is enabled by default. In this example, the DHCP server
was disabled:
!reenables the DHCP server
service dhcp
ip dhcp relay information option
!
interface GigabitEthernet 0/0/0
ip address 192.168.100.1 255.255.255.0
ip helper-address 10.55.11.3
Example Configuring the DHCP Relay Agent and Relay Agent Information Option Support per Interface
The following example shows that for subscribers being serviced by the same aggregation router, the relay agent information
option needs to be processed differently for Asynchronous Transfer Mode (ATM) subscribers than for Gigabit Ethernet digital
subscribers. For ATM subscribers, the relay agent information option is configured to be removed from the packet by the relay
agent before forwarding to the client. For Gigabit Ethernet subscribers, the connected device provides the relay agent information
option, and it is configured to remain in the packet and be forwarded to the client.
ip dhcp relay information trust-all
interface Loopback0
ip address 10.16.0.1 255.255.255.0
!
interface ATM 3/0/0
no ip address
!
interface ATM 3/0/0
ip helper-address 10.16.1.2
ip unnumbered loopback0
ip dhcp relay information option-insert
!
interface Loopback1
ip address 10.18.0.1 255.255.255.0
!
interface GigabitEthernet0/0/0
no ip address
!
interface GigabitEthernet 0/0/1
encap dot1q 123
ip unnumbered loopback1
ip helper-address 10.18.1.2
ip dhcp relay information policy-action keep
Example Configuring the Subscriber Identifier Suboption
The following example shows how to add a unique identifier to the subscriber-identifier suboption of the relay agent information
option.
ip dhcp relay information option
!
interface Loopback0
ip address 10.1.1.129 255.255.255.192
!
interface ATM 4/0/0
no ip address
!
interface ATM 4/0/1 point-to-point
ip helper-address 10.16.1.2
ip unnumbered Loopback0
ip dhcp relay information option subscriber-id newperson123
atm route-bridged ip
pvc 88/800
encapsulation aal5snap
Example Configuring DHCP Relay Agent Support for MPLS VPNs
In the following example, the DHCP relay agent receives a DHCP request on Gigabit Ethernet interface 0/0/0 and sends the request
to the DHCP server located at IP helper address 10.44.23.7, which is associated with the VRF named red:
ip dhcp relay information option vpn
!
interface GigabitEthernet 0/0/0
ip helper-address vrf red 10.44.23.7
!
Example Configuring DHCP Smart Relay Agent Forwarding
In the following example, the router will forward the DHCP broadcast received on Gigabit Ethernet interface 0/0 to the DHCP
server (10.55.11.3), inserting 192.168.100.1 in the giaddr field of the DHCP packet. If the DHCP server has a scope or pool
configured for the 192.168.100.0/24 network, it will respond; otherwise it will not respond.
Because the ipdhcpsmart-relay global configuration command is configured, if the router sends three requests using 192.168.100.1 in the giaddr field, and
doesn't get a response, it will move on and start using 172.16.31.254 in the giaddr field instead. Without the smart relay
functionality, the route only uses 192.168.100.1 in the giaddr field.
ip dhcp smart-relay
!
interface GigabitEthernet0/0/0
ip address 192.168.100.1 255.255.255.0
ip address 172.16.31.254 255.255.255.0
ip helper-address 10.55.11.3
!
Clarifications and Extensions for the Bootstrap Protocol
RFC 2131
Dynamic Host Configuration Protocol
RFC 2685
Virtual Private Networks Identifier
RFC 3046
DHCP Relay Information Option
Technical Assistance
Description
Link
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving
technical issues with Cisco products and technologies.
To receive security and technical information about your products, you can subscribe to various services, such as the Product
Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.
Feature Information for the Cisco IOS XE DHCP Relay Agent
The following table provides release information about the feature or features described in this module. This table lists
only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise,
subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco
Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for the Cisco IOS XE DHCP Relay Agent
Feature Name
Releases
Feature Configuration Information
DHCP Relay Option 82 per Interface Support
Cisco IOS XE Release 2.1
Cisco IOS XE Release 3.9S
This feature enables support for the DHCP relay agent information option (option 82) on a per interface basis. The interface
configuration allows different DHCP servers, with different DHCP option 82 requirements to be reached from one Cisco router.
The following commands were introduced by this feature:
ipdhcprelayinformationcheck-reply,
ipdhcprelayinformationoption-insert,
ipdhcprelayinformationpolicy-action.
DHCP Subscriber Identifier Suboption of Option 82
Cisco IOS XE Release 2.1
This feature enables an ISP to add a unique identifier to the subscriber-identifier suboption of the relay agent information
option.
The following command was introduced by this feature:
ipdhcprelayinformationoptionsubscriber-id.
DHCP Relay MPLS VPN Support
Cisco IOS XE Release 2.1
Cisco IOS XE Release 3.9S
DHCP relay support for MPLS VPNs enables a network administrator to conserve address space by allowing overlapping addresses.
The relay agent can support multiple clients on different VPNs, and many of these clients from different VPNs can share the
same IP address.
The following commands were modified by this feature:
ipdhcprelayinformationoption,
iphelperaddress.
DHCP Relay Agent Support for Unnumbered Interfaces
Cisco IOS XE Release 2.1
Cisco IOS XE Release 3.9S
The Cisco IOS XE DHCP relay agent supports the use of unnumbered interfaces.
DHCP Relay Option 82 Encapsulation
Cisco IOS XE Release 3.1S
This feature allows a second DHCP relay agent to encapsulate the relay agent information option (option 82) from a prior
relay agent, add its own option 82, and forward the packet to the DHCP server. The DHCP server can use the VPN information
from the second relay agent along with the option 82 information from the first relay agent to send correct address assignments
and other configuration parameters for the client devices based on the VRF, option 60, and encapsulated option 82.
The following commands were added or modified by this feature:
ipdhcprelayinformationpolicy,
ipdhcprelayinformationpolicy-action.
Glossary
client--A host trying to configure its interface (obtain an IP address)
using DHCP or BOOTP protocols.
DHCP--Dynamic Host Configuration Protocol.
giaddr--Gateway IP address. The giaddr field of the DHCP message
provides the DHCP server with information about the IP address subnet on which
the client is to reside. It also provides the DHCP server with an IP address
where the response messages are to be sent.
MPLS--Multiprotocol Label Switching. Emerging industry standard upon
which tag switching is based.
relayagent--A device that forwards DHCP and BOOTP messages between a server
and a client on different subnets.
server--DHCP or BOOTP server.
VPN--Virtual Private Network. Enables IP traffic to use tunneling to
travel securely over a public TCP/IP network.
VRF--VPN routing and forwarding instance. A VRF consists of an IP
routing table, a derived forwarding table, a set of interfaces that use the
forwarding table, and a set of rules and routing protocols that determine what
goes into the forwarding table. In general, a VRF includes the routing
information that defines a customer VPN site that is attached to a PE device.
Each VPN instantiated on the PE device has its own VRF.