Router Installation and Configuration Manual/Configuring DHCP Services

From ImageStream Router Documentation

Jump to: navigation, search

Contents

Introduction

This chapter describes how to configure the ImageStream router to act as a DHCP client or a DHCP relay by using SAND's dhcp commands in the main WAN interface configuration file.
This chapter covers the following topics:
  • Network interface as a DHCP client
  • DHCP relay services
  • Router as a DHCP server
Before configuring DHCP services, you must first configure your WAN interfaces and make the appropriate cabling connection for your needs. Refer to the hardware installation guide for your ImageStream product for information on making the WAN connection. See Chapter 7, Router Installation and Configuration Manual/Configuring a Synchronous Serial WAN Interface the Command Reference for more detailed command descriptions and instructions.
After logging in, the main menu is displayed (your menu may look slightly different):
ISis-Router main menu 
1. Configuration menu 
2. Show interface status 
3. Advanced 
4. Router software management 
5. Backup/Restore 
6. halt/reboot 
0. Log off 
Select the menu option 1, Configuration menu, and press Enter to configure the router. The next menu should appear (your menu may look slightly different):
Configuration menu 
1. AAA (Password) Configuration 
2. Global configuration 
3. Network interface configuration 
4. Firewall and QOS configuration 
5. Service configuration 
6. Dynamic routing configuration 
7. Save configuration to flash 
0. ISis-Router main menu 
From the "Configuration menu", select menu option 6, Network interface configuration, and press Enter. This will open the ImageStream router's primary configuration file, the wan.conf in the default editor. The wan.conf file is also accessible from the command line in the /usr/local/sand directory.

Configuring an Interface as a DHCP Client

Some routers, especially those connected to broadband Internet connections via an Ethernet port, may obtain an IP address from a DHCP server. To change the IP address and netmask of the interface to a dynamically assigned address, modify the ip address command to instruct the router to act as a DHCP client on this interface. The syntax of this DHCP client command is:
ip address dhcp [ client-id   { your-client-id }] [ client-name { your-client-name }] [ ignore-default ] [ ignore-nameservers ] 
The client-id and client-name commands are optional. If your DHCP server, or your broadband provider, require a client ID or name, specify either one or both of these optional parameters as necessary. The ignore-default option ignores the default gateway and ignore-nameservers ignores the nameservers as specified by the DHCP server.
Using the default configuration below, we set the Ethernet0 IP address to be a dynamic IP address. When the router boots, or when the SAND service is reloaded, the router will make a DHCP request on the Ethernet0 device and wait for a response from the DHCP server. The DHCP client will accept an IP address, netmask, default gateway IP, DNS server addresses, and domain name if supplied by the DHCP server.
! 
 interface Ethernet0 
 description Dynamic IP connection duplex auto 
 speed auto 
 ip address dhcp
! 
The example above uses the device Ethernet0, but the ip address dhcp command is valid on any network interface, including Serial, Tunnel, Bonder, frame relay subinterfaces, ATM subinterfaces and hardware multiplexing subinterfaces.
The 4.4.0-85 distribution adds the ability to run a custom script from /etc/udhcpc.script. This allows users to add special rules or routes with a dynamic IP. The /etc/udhcpc.script example provides a template for users to plug in their own commands which reference the following variables:
$interface
  • Interface name
$ip
  • DHCP assigned IP address
$subnet
  • Subnet mask
$broadcast
  • Broadcast address

Configuring DHCP Relay Services

Networks that serve IP addresses from a single, centrally located DHCP server must have devices that relay DHCP address broadcast requests to the central DHCP server. Since DHCP/boot broadcasts cannot travel over unicast networks natively, ImageStream routers support DHCP relaying. The DHCP relaying client embedded in ImageStream's Enterprise Linux reformulates the DHCP broadcast request into a special unicast packet and relays this request to a specified DHCP server. The DHCP server replies with a special unicast packet with a DHCP address assignment. The router accepts this packet, recreates the regular DHCP address reply broadcast and relays it to the network where the original request was made.
To enable DHCP relaying on one or more interfaces, add the ip helper-address command to the global configuration section of the router's main configuration file (wan.conf). The global configuration section normally appears at the bottom of the file after all interface declarations. The placement of the ip helper-address commands in the global section is done by convention for ease of configuration management. The actual placement of the command in the file is not important to the operation of the command.
The syntax of this DHCP relay command is:
ip helper-address { DHCP server IP address } server-device { interface connected to DHCP server }
  [ interfaces <interface list>   ]   [ agent-id { agent-id } ]  [ gateway-ip { gateway-ip } ]
  [ debug ]
The interfaces and agent-id commands are optional. The interfaces command allows you to limit DHCP relaying to a specific list of interfaces. If your DHCP server requires an agent ID to identify the requesting network, specify the agent-id optional parameter. To enable syslog debugging, specify the debug option.
Starting in 4.4.0-78 a gateway-ip parameter was added to allow the relay agent to function in networks with multiple paths to the server. Either server-device or gateway-ip must be specified. If server-device is specified the relay agent will choose an IP address from the first client interface as the gateway ip in the relayed request and listen only on the server-device interface. In larger networks where there may be multiple paths to the DHCP server this can result in the relay agent not seeing replies which come in on a different interface.
For larger networks where multiple paths exist to the DHCP server, specify a unique gateway-ip address for each relay agent. This IP address should reside on the router and usually should be the gateway IP address from one of the client subnets.
In the configuration below, we will use the ip helper-address command to relay DHCP requests from all interfaces to a DHCP server connected on Ethernet0 at the IP address 192.168.100.7:
! 
 interface Ethernet0 
 description LAN segment #1 
 duplex auto 
 speed auto 
 ip address 192.168.100.1 255.255.255.0
!
interface Ethernet1 
 description LAN segment #2 
 ip address 192.168.10.1 255.255.255.0
!
interface Ethernet2
 description LAN segment #3
 ip address 192.168.1.1 255.255.255.0
!
interface Ethernet3
 description LAN segment - Dallas bridge
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface Serial0
 #NOC phone: 800-555-1212 - Our account #58935 interface Serial0 
 description Connection to New York encapsulation hdlc 
 bandwidth 1536000 
 ip address 25.0.0.1 255.255.255.252 
! 
interface Serial1 
description Connection to Mexico City encapsulation ppp 
bandwidth 1536000 
ip address 25.0.0.5 255.255.255.252
!
interface Serial2 
 description Connection to Dallas office encapsulation hdlc 
 bridge-group 1 
 bridge-group 1 spanning-disabled
!
interface bvi1
 ip address 30.0.0.1 255.255.255.0
!
ip helper-address 30.0.0.7 server-device bvi1 
In the example above, any DHCP requests received on Ethernet1, Ethernet2, Serial0 or bvi1 will be relayed to the DHCP server at 30.0.0.7, using the device bvi1.
Using regular expressions, it is possible to restrict DHCP relaying to only selected interfaces. The regular expression must be comma-delimited with no whitespace, and may use wildcards ('*'). Using the same WAN configuration, the ip helper-address command below limits DHCP relaying to Ethernet devices only. Serial0 is excluded in this example:
ip helper-address 192.168.100.7 server-device bvi1 interfaces Ethernet*,Serial0
Example using gateway-ip. The server will hand out 10.10.10.0/24 and 10.10.11.0/24 to the clients. We have 10.10.10.1/24 and 10.10.11.1/24 bound to the router. We can choose either 10.10.10.1 or 10.10.11.1 as the gateway-ip.
interface Ethernet0
 description This interface is on the server network
 ip address 192.168.100.1 255.255.255.0
!
interface Ethernet1
 description This is one client network
 ip address 10.10.10.1 255.255.255.0
!
interface Ethernet2
 description This is another client network
 ip address 10.10.11.1 255.255.255.0
!
ip helper address 192.168.100.7 gateway-ip 10.10.10.1 interfaces Ethernet1,Ethernet2 agent-id Plymouth

Configuring the Router as a DHCP Server

Basic Configuration

In this example, we are going to assume the following:
  • The router has an Ethernet IP address of 192.168.0.1 with a netmask of 255.255.255.0 .
  • The router will assign IP addresses from 192.168.0.20 through 192.168.0.254 (exclude addresses .1 through .19).
  • The IP address lease time will be 12 hours.
  • The clients will use 192.168.0.1 as the default gateway (default router).
  • The clients will use 192.168.0.10 and 192.168.0.11 as DNS servers.
  • The clients will use imagestream.com as their domain name.
  • The IP addresses used in this Technical Note are examples only. You will need to use an IP network given to you by your Internet Service Provider.
!
version 2.00
!
interface Ethernet0
 ip address 192.168.0.1 255.255.255.0
!
ip dhcp pool 0
 network 192.168.0.0 255.255.255.0
 ip dhcp excluded-address 192.168.0.1 192.168.0.19
 domain-name imagestream.com
 dns-server 192.168.0.10 192.168.0.11
 default-router 192.168.0.1
 lease 12 hours
! 
end

Advanced Configuration

In this example, we are going to assume the following:
  • The router has an Ethernet IP address of 192.168.0.1 with a netmask of 255.255.255.0 .
  • The router will assign IP addresses from 192.168.0.20 through 192.168.0.254 (exclude addresses .1 through .19).
  • The IP address lease time will be 10 minutes.
  • The clients will use 192.168.0.1 as the default gateway (default router).
  • The clients will use 192.168.0.10 and 192.168.0.11 as DNS servers.
  • The clients will use imagestream.com as their domain name.
  • The clients will use 192.168.0.12 as their NetBIOS server.
  • A client with the MAC address 00:30:64:02:AF:CC will be assigned 192.168.0.35.
  • A client with the MAC address 00:30:61:12:00:09 will be assigned 192.168.0.36.
The IP addresses used in this Technical Note are examples only. You will need to use an IP network given to you by your Internet Service Provider.
!
version 2.00
!
interface Ethernet0
 ip address 192.168.0.1 255.255.255.0
!
ip dhcp pool 0
 network 192.168.0.0 255.255.255.0
 ip dhcp excluded-address 192.168.0.1 192.168.0.19
 domain-name imagestream.com
 dns-server 192.168.0.10 192.168.0.11
 default-router 192.168.0.1
 lease 10 minutes
 netbios-name-server 192.168.0.12
 netbios-node-type h-node
 host 192.168.0.35 hardware-address 00:30:64:02:AF:CC
 host 192.168.0.36 hardware-address 00:30:61:12:00:09
! 
end

Troubleshooting

Configuration errors will be displayed in the router's event log (syslog). Enable event logging to obtain troubleshooting information from the router. For more detailed information a "ip dhcp debug" command can be used to enable detailed transaction logging for each client. This information will be logged to the router's event log.

tcpdump

Advanced users can use the following command from the command prompt to view all DHCP traffic on all interfaces:

ImageStream:/usr/local/sand# tcpdump -n -s0 -v -e -i Ethernet0 port 67 or port 68

Command description:

tcpdump: Program used to capture and display packets 
 -n: Don't resolve IP addresses to DNS names 
 -s0: Capture the entire packet - provides more information when used with -v 
 -v: Verbose - provide as much information as possible 
 -e: Display the ethernet MAC addresses 
 -i Ethernet0: Capture on the Ethernet0 interface. 
 port 67 or port 68: Capture only packets on the DHCP ports 

Sample output:

tcpdump: listening on Ethernet0
  23:03:14.706036 0:90:fb:9:20:4f ff:ff:ff:ff:ff:ff 0800 590: 0.0.0.0.68 >
  255.255.255.255.67: [udp sum ok] xid:0xb01cc42b vend-rfc1048
  DHCP:DISCOVER CID:[ether]00:90:fb:09:20:4f VC:"udhcp 0.9.9-pre2"
  PR:SM+DG+NS+HN+DN+BR+YD+YS+NTP (ttl 64, id 0, len 576)

  23:03:15.000739 0:e:c:a9:f8:cb 0:90:fb:9:20:4f 0800 342: 192.168.0.1.67 >
  192.168.0.254.68: [udp sum ok] xid:0xb01cc42b Y:192.168.0.254 vend-rfc1048
  DHCP:OFFER SID:192.168.0.1 LT:43200 SM:255.255.255.0 DG:192.168.0.1
  NS:192.168.0.10,192.168.0.11 DN:"imagestream.com" [tos 0x10] (ttl 16, id 0,
  len 328)

  23:03:15.001078 0:90:fb:9:20:4f ff:ff:ff:ff:ff:ff 0800 590: 0.0.0.0.68 >
  255.255.255.255.67: [udp sum ok] xid:0xb01cc42b vend-rfc1048
  DHCP:REQUEST CID:[ether]00:90:fb:09:20:4f VC:"udhcp 0.9.9-pre2"
  RQ:192.168.0.254 SID:192.168.0.1 PR:SM+DG+NS+HN+DN+BR+YD+YS+NTP (ttl 64, id 0,
  len 576)

  23:03:15.001244 0:e:c:a9:f8:cb 0:90:fb:9:20:4f 0800 342: 192.168.0.1.67 >
  192.168.0.254.68: [udp sum ok] xid:0xb01cc42b Y:192.168.0.254 vend-rfc1048
  DHCP:ACK SID:192.168.0.1 LT:43200 SM:255.255.255.0 DG:192.168.0.1
  NS:192.168.0.10,192.168.0.11 DN:"imagestream.com" [tos 0x10] (ttl 16, id 0,
  len 328)
Personal tools
Router software releases