Dynamic Host Configuration Protocol (DHCP)

Dynamic Host Configuration Protocol (DHCP) assigns IP addresses to hosts. It allows

easier administration and works well in small to even very large network environments.
All types of hardware can be used as a DHCP server, including a Cisco router.

There is a lot of information a DHCP server can provide to a host when the host is
requesting an IP address from the DHCP server. Here’s a list of the information a DHCP
server can provide:

 IP address
 Subnet mask
 Domain name
 Default gateway (routers)
 DNS
 WINS information

A DHCP server can give us even more information than this, but the items in the list are
the most common. A client that sends out a DHCP Discover message in order to receive
an IP address sends out a broadcast at both layer 2 and layer 3. The layer 2 broadcast is
all Fs in hex, which looks like this: FF:FF:FF:FF:FF:FF. The layer 3 broadcast is
255.255.255.255, which means all networks and all hosts. DHCP is connectionless, which
means it uses User Datagram Protocol (UDP) at the Transport layer.

The following is the four-step process a client takes to receive an IP address from a DHCP
server:

I. The DHCP client broadcasts a DHCP Discover message looking for a DHCP server
(Port 67).
II. The DHCP server that received the DHCP Discover message sends a unicast
DHCP Offer message back to the host.
III. The client then broadcasts to the server a DHCP Request message asking for the
offered IP address and possibly other information.
IV. The server finalizes the exchange with a unicast DHCP Acknowledgment
message.

The figure in the next page clearly shows how the communication can be taking place in
order to get (assign) IP address and other network configuration detail information from
DHCP client and DHCP server using a four steps of communication between DHCP
client and server.
DHCP Conflicts
A DHCP address conflict occurs when two hosts use the same IP address. During IP
address assignment, a DHCP server checks for conflicts using the ping program to test
the availability of the address before it is assigned from the pool. If no host replies, then
the DHCP server assumes that the IP address is not already allocated. This helps the
server know that it is providing a good address, but what about the host? To provide
extra protection against the all-so terrible IP conflict issue, the host can broadcast for its
own address.

A host uses something called a gratuitous ARP to help avoid a possible duplicate address.
The DHCP client sends an ARP broadcast out on the local LAN or VLAN using its newly
assigned address to solve conflicts before they occur. So, if an IP address conflict is
detected, the address is removed from the DHCP pool (scope), and it is all-so-important
to remember that the address will not be assigned to a host until the administrator
resolves the conflict by hand.
Automatic Private IP Addressing (APIPA)
What happens if you have a few hosts connected together with a switch or hub and you
don’t have a DHCP server? You can add IP information by hand (this is called static IP
addressing), but Windows provides what is called Automatic Private IP Addressing
(APIPA), a feature of later Windows operating systems.

With APIPA, clients can automatically self-configure an IP address and subnet mask
when a DHCP server isn’t available. The IP address range for APIPA is 169.254.0.1
through 169.254.255.254. The client also configures itself with a default class B subnet
mask of 255.255.0.0.

However, when you’re in your corporate network working and you have a DHCP server
running, and your host shows that it is using this IP address range, this means that either
your DHCP client on the host is not working or the server is down or can’t be reached
because of a network issue.

How to Configure a Cisco Router as a DHCP Server

When using the router as a DHCP server to provide IP addresses and related information
to DHCP clients.

Syntax

Router(config)#ip dhcp pool dhcp-pool-name

Router(dhcp-config)#network network-address subnetmask
Router(dhcp-config)#dns-server dns-server-address
Router(dhcp-config)#default-router default-gateway-address
Router(dhcp-config)#domain-name domain
Router(dhcp-config)#netbios-name-server netbios-serveraddress
Router(dhcp-config)#lease days hours minutes
Router(dhcp-config)#lease infinite
Router(config)#ip dhcp excluded-address excluded-ipaddress
Router(config)#ip dhcp excluded-address start-ip-address end-ip-address
Router(config)#service dhcp
Router(config)#no service dhcp

Where:

 ip dhcp pool command is used to create a dhcp pool

 dhcp-pool-name is the DHCP pool name,
 network-address is the network address to be used by the DHCP pool
  subnetmask is the subnet mask for the network (you can replace the subnet mask
by (/prefix) to provide the subnet mask).
 You can use commands like dns-server, default-router, domain-name, netbios-
name-server, and lease to configure the following parameters DNS server address,
default gateway IP address, domain name, IP address of the NETBIOS name
server, lease time (either a predefined days, hours and minutes or infinite)
respectively.
 excluded-address1 excluded-ipaddress is a command used to exclude a single
address from the pool.
 start-ip-address2 is the first address in the range to be excluded from the pool and
 end-ip-address is the last excluded address in the range.

Note: commands domain-name, netbios-name-server and lease are optional and not
available in all router versions.

Example: consider the figure shown below to configure the DHCP router to assign IP
address and other configuration information to the DHCP clients.

1
Configure the IP addresses to be excluded from the pool. This is usually done to avoid the conflicts caused by the
DHCP with servers and printers. Remember to give all servers and network printers’ static IP addresses in the same
range of the DHCP pool. Afterward, exclude these addresses from the pool to avoid conflicts.
2
This command is used to exclude multiple ip addresses from the pool. Therefore, you can’t repeat the steps so
many times to exclude a set of IP addresses from the address pool.
DHCP Router Configuration
Router(config)#ip dhcp pool LSNET //DHCP configuration for left network
Router(dhcp-config)#net 212.25.10.64 255.255.255.192
Router(dhcp-config)#default-router 212.25.10.65
Router(dhcp-config)#dns 10.10.10.10
Router(dhcp-config)#ex
Router(config)#ip dhcp pool CNET //DHCP configuration for Central Network
Router(dhcp-config)#net 100.32.0.0 255.248.0.0
Router(dhcp-config)#defa 100.32.0.1
Router(dhcp-config)#dns 10.10.10.10
Router(dhcp-config)#ex
Router(config)#ip dhcp pool RSNET //DHCP configuration for Right Network
Router(dhcp-config)#net 172.22.16.0 255.255.254.0
Router(dhcp-config)#def 172.22.16.1
Router(dhcp-config)#dns 10.10.10.10
Router(dhcp-config)#ex
Router(config)#ex

Commands used to exclude the first3 valid IP address and the last valid IP address from
the above three DHCP pools in DHCP Router.

Router(config)#ip dhcp excluded-address 212.25.10.65

Router(config)#ip dhcp excluded-address 212.25.10.126
Router(config)#ip dhcp excluded-address 100.32.0.1
Router(config)#ip dhcp excluded-address 100.39.255.254
Router(config)#ip dhcp excluded-address 172.22.16.1
Router(config)#ip dhcp excluded-address 172.22.17.254
Router(config)#ip dhcp excluded-address 172.22.17.0 172.22.17.2544

3
Most of the time we can use this IP address to the default gateway. Therefore, you should excluded this address
using the above command.
4
The last command is used to exclude 255 valid IP addresses from the right side network by specifying the beginning
and last exclude IP-addresses.
You can use the following commands to check the DHCP operation on the router:
Router#show ip dhcp binding
This command shows the current bindings of addresses given to clients.
Router#show ip dhcp pool
This command shows the DHCP pool detail information.
Router # show ip dhcp conflict
This command is used to see the detail ip address conflict in the time of dynamic IP
assignment to hosts.
Example 1: the following sample output shows the ip address binding detail in DHCP
Router. The diagram show hosts IP address, Physical address (MAC), Lease time and
type of IP address assignment.

Example 2: the example shown below describes the DHCP pool detail configuration in
DHCP router.
Example 3: the following diagram shows the dynamic IP address assignment conflict on
DHCP Router. The information shows conflicted IP address (es), method of detecting the
conflict, detection time and virtual routing and forwarding (VRF5) information6.

Configuring a DHCP server

If you have a DHCP server other than the router and you would like the router to pass
the DHCP requests (DHCP relay) to this DHCP server laying outside the LAN. You can
use the following commands on the given interface (sub-interface when you are working
in VLAN’s) on the router used as a DHCP relay.

Syntax

Router (config)#interface type no

Router(config-if)#ip helper-address dhcp-server-address

Where

 interface type no command is used to specify the given interface type and its
specific identification no (like gigabit 0/0 or serial 0/1/0).
 ip helper-address is a command used to forward any dynamic IP address requests
using a DHCP protocol to the dedicated DHCP server computer in other LAN or
in the same network with the clients.
 Dhcp-server-address specifies the static IP address of the DHCP server computer
assigned for this service.

5
This information is found if and only if you can you’re an intermediate device at the time of DHCP configuration.
However, in our sample configuration the router itself is responsible to DHCP services to the clients. Therefore, the
VRF information becomes empty (blank).
6
In order to reduce IP address conflicting in DHCP you can exclude addresses that are assigned static for server,
default-gateway, printers and other devices from the DHCP address pool.
After configuring the router, you are also configure the DHCP server by activate the
DHCP service on the given server. The following example clearly describe how the
configuration can be done in the router and DHCP server.

Example: configure the DHCP service on the logical network topology diagram shown
below.

DHCP Gateway Router Configuration7

Router (config)#interface g0/0

Router (config-if)#ip helper-address 175.11.8.2
Router (config-if)#ex
Router (config)#interface g0/1
Router (config-if)#ip helper-address 175.11.8.2
Router (config-if)#ex
Router (config)#

7
This configuration is done by assuming all basic router configuration activities were did in the given router
interfaces (i.e. interface’s IP address, turn up the router ports, and other configuration.)
DHCP server Configuration
1. Click on the server computer system. And assign default-gateway, static IP and
subnet mask addresses. Show the following picture:

2. Click on the service tab, then click on DHCP (from the list of services available in
the left side of the dialog box). Turn on the DHCP service and configure other
requirements based on the given network topology. The following diagram shows
the detail configuration:
 3. Click on every computer system and change Gateway/ IPv4 addressing into
DHCP mode.
Virtual Local Area Network (VLAN)

A VLAN is a logical grouping of network users and resources connected to

administratively defined ports on a switch. When you create VLANs, you’re given the
ability to create smaller broadcast domains within a layer 2 switched (since switches only
support one broadcast domain by default) internetwork by assigning different ports on
the switch to different sub-networks. A VLAN is treated like its own subnet or broadcast
domain, meaning that frames broadcast onto the network are only switched between the
ports logically grouped within the same VLAN.

Hubs have only one collision domain, it allows one host to have a possibility in order to
transmit a data in the network to other hosts at a time. This situation create a huge waiting
time for every hosts’ in the network to gate a time to transmit data. Switch can improve
forwarding data to the required port (s) by increasing the collision domains in the
switches (i.e. the total number of collision domains in switch is equivalent with the total
number of ports in the device).

VLANs can solve many of the problems associated with layer 2 switching, here’s a short
list of ways VLANs simplify network management:

 Network adds, moves, and changes are achieved with ease by just configuring a
port into the appropriate VLAN.
 A group of users that need an unusually high level of security can be put into its
own VLAN so that users outside of the VLAN can’t communicate with them.
 As a logical grouping of users by function, VLANs can be considered independent
from their physical or geographic locations.
 VLANs greatly enhance network security.
 VLANs increase the number of broadcast domains while decreasing their size.
  VLANs simplifies network troubleshooting
 VLANs guaranteed a fair bandwidth distribution among different groups of users
in the network.
 VLANs enhance a network flexibility and scalability

There are two different types of links in a switched environment:

Access ports: it is a port belongs to and carries the traffic of only one VLAN8. Traffic is
both received and sent in native formats with no VLAN tagging whatsoever. Anything
arriving on an access port is simply assumed to belong to the VLAN assigned to the port.

Trunk Ports: it is a port assigned to carry multiple VLANs communications (data) at a

time. A trunk link is a (100- or 1000Mbps) point-to-point link between two switches,
between a switch and router, or even between a switch and server, and it carries the traffic
of multiple VLANs at a time.

8
A switch port to be either an access port or a trunk port—not both. So you’ve got to choose one or the other and
know that if you make it an access port, that port can be assigned to one VLAN only.
This frame identification (frame tagging) method uniquely assigns a user-defined ID
(VLAN ID) to each frame. The system works as follows: each switch that the frame
reaches must first identify the VLAN ID from the frame tag. It then finds out what to do
with the frame by looking the filter table. If the frame reaches a switch that has another
trunked link, the frame will be forwarded out the trunk-link port. Once the frame reaches
an exit that’s determined by the forward/filter table to be an access link matching the
frame’s VLAN ID, the switch will remove the VLAN identifier9.

Routing between VLANs

If you want hosts or any other IP-addressable device to communicate between VLANs,
you just have to have a layer 3 device. You have two options to forwarding (transmitting
packets from one broadcast domain to other) data from one VLAN to the other VLANs.
The following diagram shows two modes10 of VLAN routing using a layer 3 device
(specifically router).

9
Trunk ports will support both tagged and untagged traffic simultaneously. The trunk port is assigned a default port
VLAN ID (mostly VLAN 1) for a VLAN that all untagged traffic will travel on.
10
Figure A shows VLAN routing using different router ports for each VLANs in the switch, where as in Figure B you
can use one trunk port to link the entire VLANs in the switch to the router for the purpose of inter-VLAN data
transmission.
Configuring VLANs

Syntax

Switch>enable
Switch #configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch (config)#vlan VLAN-ID
Switch(config-vlan)#name VLAN-name
Switch(config-vlan)#exit
Where:
 VLAN command is used create a new VLAN on the switch with a given VLAN-
ID.
 Name command is used to set a name for the given VLAN.
After creating a required number of VLANs based on the specification (requirements) of
the network. Then you can change the default configurations of switches ports VLAN to
the suggested VLAN with the following port management and configuration commands
in Cisco switch.

Syntax (for one switch port)

Switch(config)#interface type/no
Switch(config-if)#switchport mode access/trunk
Switch(config-if)#switchport access vlan vlan-id

Syntax (for many switch ports)

Switch(config)#interface range start_type/no-end_type/no
Switch(config-if)#switchport mode access/trunk
Switch(config-if)#switchport access vlan vlan-id
Where:
 Switchport mode command is used to define the type of the port (it can be either
an access port or a trunk port, not both).
  Interface (interface range) used to access a specific (group) port (s) in the switch
by specifying port type (i.e. Ethernet, FastEthernet or GigabitEthernet) and
number.
 Switchport access vlan command is used to assign an access port to a specific
VLAN in the switch (mostly specified by a VLAN ID).
Example: the network topology diagram shown below demonstrate the VLAN
configuration and router-on-stick inter-VLAN routing. The configuration can be done as
follows:

Addressing Table
VLAN Network address Subnet mask Member hosts
VLAN 10 192.168.1.0 255.255.255.0 PC4, PC0 and Laptop2
VLAN 20 192.168.11.0 255.255.255.0 Laptop0, Laptop3 and PC2
VLAN 30 192.168.21.0 255.255.255.0 PC1, PC3 and Laptop1
Default- 192.168.1.1 (VLAN 10) 255.255.255.0
gateways 192.168.11.1 (VLAN 20) 255.255.255.0
192.168.21.1 (VLAN 30) 255.255.255.0
All hosts Valid IP address 255.255.255.0
Switches configuration
The following commands should be written in all switches (Switch0, Switch1 and
Switch2) in the above network topology diagram:

VLAN creation
Switch#
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch (config)#vlan 10
Switch (config-vlan)#name CSE
Switch (config)#vlan 20
Switch (config-vlan)#name Civil
Switch (config)#vlan 30
Switch (config-vlan)#name Electrical
Assigning Access Interfaces to a specific VLANs’
Changing the property of ports fa0/1-fa0/8 and assign the ports to VLAN 10
Switch(config)#interface range fa0/1-fa0/8
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Changing the property of ports fa0/9-fa0/16 and assign the ports to VLAN 20
Switch(config)#interface range fa0/9-fa0/16
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20
Changing the property of ports fa0/17-fa0/24 and assign the ports to VLAN 30
Switch(config)#interface range fa0/17-fa0/24
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 30

Configuring a Trunk ports

Switch(config)#interface g0/1
 Switch(config-if)#switchport mode trunk
Switch(config)#interface g0/2
Switch(config-if)#switchport mode trunk

Configuring a Switch Connected to Router

Switch(config)#interface fa0/24
Switch(config-if)#switchport mode trunk

Router-on-Stick Configuration

Syntax
Router (config-if)#no ip address
Router (config-if)#interface int-type interface-number/subinterface-number
Router (config-subif)#encapsulation encapsulation-type vlan-number
Router(config-subif)#ip address ip-address subnetmask

Where:

 No ip address used to remove ip address from the given router port.

 Subinterface-number represents the logical interface number. You can use any
number here, but it is a good practice to use the same number of the VLAN 11 that
you will assign to this logical interface.
 encapsulation-type is the encapsulation type you are using for the VLANs (e.g., isl
or dot1q which is 802.1Q).
 vlan-number is the VLAN number that this logical interface will be assigned to.
 ip-address and subnetmask are the IP address and the subnet mask, respectively,
you want to use.

11
Configure static or dynamic routing in the way you need it. Treat the logical interfaces the exact same way you
treat the physical interfaces when doing the routing.
If you want some VLANs (i.e., networks) not to participate in the routing, you can either not include them in the
routing protocol or not assign a logical interface for them.
VLAN-Router configuration
Router>en
Router#conf t
Router(config-if)#interface gigabitEthernet 0/0
Router(config-if)#no ip add
Router(config-if)#interface gigabitEthernet 0/0.10
Router(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0.10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.10, changed
state to up
Router(config-subif)#encapsulation dot1Q 10
Router(config-subif)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#interface gigabitEthernet 0/0.20
Router(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0.20, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.20, changed
state to up
Router(config-subif)#encapsulation dot1Q 20
Router(config-subif)#ip address 192.168.11.1 255.255.255.0
Router(config-subif)#interface gigabitEthernet 0/0.30
Router(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0.30, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.30, changed
state to up
Router(config-subif)#encapsulation dot1Q 30
Router(config-subif)#ip address 192.168.21.1 255.255.255.0
Sample output from the VLAN configuration in router and switch
1. Static routing table of the subinterfaces in the router.

2. VLANs detail information in the given switch.

3. Trunk ports information

4. Interface and sub-interfaces configuration details on the router.

5. Detail information of G0/1 trunk interface on the switch:

6. Detail information of G0/1 trunk interface on the switch: