KB ID 0001168 Dtd 23/03/16
Cisco documentation calls this a ‘DHCP Relay’, and uses the command IP-Helper, and I usually call this DHCP Helper, just to confuse everyone. To be fair the term DHCP Relay is an industry standard, it’s not particular to Cisco (as you will see later when I Wireshark the traffic).
So If you are reading this you have a DHCP server and you want to use it to lease addresses to clients that are on a different network segment (layer 2, or layer3).
To do that you need an agent to be on the same network segment as the client listening for DHCP requests, when it receives one it talks to the DHCP server on the clients behalf and gets the correct address.
Example 1 Cisco Router
Here we need to lease two different DHCP scopes to two different network segments, R1 will act as the IP-Helper for both of those networks, R2 and R3 will get their IP addresses from the correct DHCP scope.
This works because each (client facing) interface on R1 has an IP-Helper address defined that points to the DHCP server.
So How Does It Know Which Scope To Lease From? This is because the Router supplies the IP address of a RELAY AGENT, which is just the IP address of the physical interface that intercepted the DHCP request. When it asks for an IP address from the DHCP server, the Server leases an address from the same range, (again I’ve tracked all this in Wireshark below).
IP-Helper Router Configuration
R1 Config ! interface GigabitEthernet0/0 description Uplink to DHCP Server ip address 10.2.2.254 255.255.255.0 negotiation auto ! interface GigabitEthernet2/0 description Uplink to 192_168_2_0 ip address 192.168.2.1 255.255.255.0 ip helper-address 10.2.2.10 negotiation auto ! interface GigabitEthernet3/0 description Uplink to 192_168_3_0 ip address 192.168.3.1 255.255.255.0 ip helper-address 10.2.2.10 negotiation auto ! ip route 0.0.0.0 0.0.0.0 10.2.2.10 ! R2 Config ! interface GigabitEthernet2/0 description Uplink to R1 ip address dhcp negotiation auto ! ip route 0.0.0.0 0.0.0.0 GigabitEthernet2/0 ! R3 Config ! interface GigabitEthernet3/0 description Uplink to R1 ip address dhcp negotiation auto ! ip route 0.0.0.0 0.0.0.0 GigabitEthernet3/0 !
You can see this works because the DHCP server has matching scopes for both network segments. (Yes one of my test servers is 2003, you’re going to see some Windows XP in a minute!
Well that’s fine for routers, but what about machines? They send a DHCP Discover just like any other client. I’ve replaced one of the routers with an actual machine.
With its network card set to DHCP you will again get a lease from the correct scope, because the Router brokered it for us.
Back on the DHCP server you can see the lease to the windows XP machine entered in the current scope leases, It knows the name of the client because (as you will see below) the relay agent (Router) passed that information (along with the MAC address of the client) to the DHCP server.
Example 2 Cisco Switches
OK, I did the routers first because I find it easier to explain things at layer 3. Not that you can’t create sub interfaces on the router, add those sub interfaces to VLANs, and run DHCP relays from them. But in most cases you will be setting up DHCP helpers on switches. Here the principle is the same but you define the ip-helper on the VLAN, (unless it’s routed port then treat it the same as a router interface). Let’s modern things up a bit, and use a 2012 R2 DHCP server, and some Windows 8 clients.
I need to lease addresses from my second scope to clients in VLAN 200, (the other client and server are in the same VLAN, so that will just work. (Remember a VLAN is a broadcast domain, and DHCP is using broadcasts).
And my client, (DHCP Client in VLAN 200) gets the correct IP.
IP-Helper Switch Configuration (VLANS)
SW1 Config interface FastEthernet1/0/1 description Uplink to DHCP Server switchport access vlan 100 switchport mode access spanning-tree pordtfast ! interface FastEthernet1/0/4 description Uplink 192_168_200_0 switchport access vlan 200 switchport mode access spanning-tree pordtfast ! interface FastEthernet1/0/5 description Uplink 192_168_100_0 switchport access vlan 100 switchport mode access spanning-tree portfast ! interface Vlan200 ip address 192.168.200.1 255.255.255.0 ip helper-address 192.168.100.10 ! IF YOU HAVE MULTIPLE/FAILOVER IP-HELPERS OR SPLIT SCOPES YOU CAN ADD A SECOND ADDRESS LIKE SO; ! interface Vlan200 ip address 192.168.200.1 255.255.255.0 ip helper-address 192.168.100.10 ip helper-address 192.168.100.15 !
Analysing (Packet-Sniffing) DHCP Relay Sequence with Wireshark
Other packet sniffers are available, but I’ve got a soft spot for Wireshark. To filter DHCP traffic you can use the following ‘filter’.
DHCP works by using four messages, (which I remember using the acronym DORA: Discover, Offer, Request, Acknowledge). If you sniff the traffic on the DHCP server, you can watch this process being brokered by your DHCP Relay Agent.
And just to prove it’s not all ‘smoke and mirrors’, here’s the client with the leased address, showing a matching MAC address, and hostname.
Related Articles, References, Credits, or External Links