When configured with "dhcp-server" on the target interfaces, mbox accepts client DHCP requests from users/clients coming from interface local network (the network connected to this interface), and issues DHCP address from the configured range to clients.

CONFIGURATION NOTES

• • You can run multiple "dhcp-server" instances. Each instance is attached to a local interface (physical or VLAN). It will automatically generate DHCP range based on Interface IP address setting (you can still optionally change DHCP options/range parameters later).

NOTE: One interface can have multiple IP addresses. But only the primary IP address can be used as the DHCP range. So if you need to configure multiple IP addresses for the same interface, please make sure the primary IP address (where DHCP scope will be based on) is configured first/ahead of other IP addresses.

• • dhcp-server must be explicitly enabled and each config changes requires restarting of the DHCP service (disable and enable).

NOTE: When running HA (two boxes running VRRP), both mbox will be actively issuing DHCP (even for the standby unit), so each box needs to cover half of the available range in order to avoid address duplicates; and you need to explicitly configure "router" command to specify VRRP virtual IP as the clients default gateway.

CONFIGURATION STEPS

• • configure network interfaces with IP address and mask

  • configure dhcp-server to start listening and issuing DHCP IP addresses

CONFIGURATION EXAMPLES (on HSG-1)

Below sample config snip shows normal dhcp-server configuration under interface setting

When hotspot service is enabled for the interface, dhcp-server command is applied under hotspot instance setting. Below config snip shows dhcp-server config when hotspot service is enabled for VLAN10 and VLAN20.

Useful troubleshooting commands:

When configured with "dhcp-pool", mbox can manage and issue DHCP IP addresses to non-attached or external networks. The remote/external network router will relay client DHCP requests to mbox, and as long as the relay agent IP belongs to a valid address pool, mbox will issue client IP from the respective address pool. In this case mbox acts as DHCP server for both local and remote network so that it's easier to centrally administer IP address pools, without the need of 3rd-party dedicated DHCP server.

CONFIGURATION NOTES

• • You can configure multiple "dhcp-pool". Each pool refers to a remote network range. The  remote address pools (dhcp-pool) do not bind to any local mbox interfaces. However, the incoming interface where remote DHCP relay agent will come in, MUST enable with "dhcp-server" so that this interface will listen for DHCP requests (from both local and remote). If you do not want to issue any IP address to the interface local network, you can set "range x.x.x.x y.y.y.y" to be really small, so that it limits giving out local addresses but will listen and respond to requests from external relay agent (therefore able to assign respective IP from dhcp-pools to remote clients).

  • dhcp-pool must be explicitly enabled and each config changes requires restarting of the DHCP service (disable and enable).

  • It's very important to ensure communication channel between DHCP server and relay agents are in place:

    1. The external DHCP relay agent IP must be able to reach to the DHCP server IP address, with correct routing and firewall rules to permit accesses (UDP/67/68).

    2. The DHCP server (where dhcp-pool is configured) must have a route back to the external DHCP agent IP address, so that it knows where to route back the DHCP responses.

CONFIGURATION STEPS

• • enable "dhcp-server" on the interface for incoming DHCP relay agent requests

  • configure "dhcp-pool" for each remote/non-attached network

CONFIGURATION EXAMPLES (on HSG-1)

For large distributed networks, with many local/remote networks and routers, we don't want to configure each router to issue DHCP address to their local networks. Instead, we will configure a central DHCP server to centrally manage the address pools for users of all networks (as in above section #2), and configure each remote router to relay their local device DHCP requests to the central DHCP server. 

In this case, each remote router acts as a dhcp-relay, and each relay will forward local client DHCP request to DHCP server through "dhcp-helper" command.

CONFIGURATION NOTES

• • You can run multiple "dhcp-helper" instances. Each instance is attached to a local interface (physical or VLAN), and the local interface must have an IP address configured and able to reach to dhcp-helper (DHCP server) IP address.

  • You can not run "dhcp-helper" and "dhcp-server" command under the same interface.

CONFIGURATION STEPS

• • configure IP address under the local interface

  • configure dhcp-helper to relay client requests to upstream DHCP server

CONFIGURATION EXAMPLES (on HSG-2)

Below sample config snip shows normal dhcp-helper under interface setting

If we enable hotspot service for VLAN30 and VLAN40, the dhcp-helper is configured under hotspot instance (which is attached to interface VLAN30 and VLAN40).

Vendor options are DHCP options that are defined by the DHCP client software vendor. When a client broadcasts a request for a configuration, the client includes its vendor client class. If this client class matches any client classes in the dhcptab database, then the options specified for that class are sent to the client, along with other configuration options. 

This is typically used by wireless AP to auto push WLAN controller IP to the AP to auto registration, so that we don't need to configure anything on the AP for it to register (call back) to the WLC. Another example is for VoIP phones to auto push call manager IP address to the IP phone so that they can auto register to the call manager without any manual configuration on the VoIP phones.

NOTES ON OPTION 43 SUPPORT

• • a vendor-name refers to a particular brand; a vendor-class refer to a particular model of a brand. Vendor-class must be included by double quotes in the configuration (eg. “Cisco AP c1600”)

  • mbox can support multiple dhcp scopes, and each scope can support one unique option 43 for each vendor (vendor-name), eg. scope 1 for Cisco APs, scope 2 for Aruba APs, etc.

  • same vendor-name can have multiple vendor-class, eg. different model of Cisco AP can be assigned with different controller IP, differentiated by vendor-class name

  • vendor-class string in the configuration must match exactly what’s being included in AP DHCP request headers. Sometimes, we don’t know the extract string for vendor-class, one way is to ask from vendor support, another way is to use tcpdump with “detail” option

Configuration snip: