Configure DHCP services

RansNet mbox appliances (CMG/HSG/HSA) support standard Dynamic Host Configuration Protocol (DHCP) to issue end user devices IP addresses. 

mbox offers a complete solution for implementing DHCP services for small networks to large distributed enterprise networks.

In this document, we will use below topology to elaborate how to configure dhcp-server, dhcp-pool, and dhcp-helper.

1. Configure dhcp-server to issue IP addresses to attached/local networks

When configured with "dhcp-server" on the target interfaces, mbox accepts client DHCP requests from users/clients coming from interface local network (the network connected to this interface), and issues DHCP address from the configured range to clients.

CONFIGURATION NOTES

NOTE: One interface can have multiple IP addresses. But only the primary IP address can be used as the DHCP range. So if you need to configure multiple IP addresses for the same interface, please make sure the primary IP address (where DHCP scope will be based on) is configured first/ahead of other IP addresses.

NOTE: When running HA (two boxes running VRRP), both mbox will be actively issuing DHCP (even for the standby unit), so each box needs to cover half of the available range in order to avoid address duplicates; and you need to explicitly configure "router" command to specify VRRP virtual IP as the clients default gateway.

CONFIGURATION STEPS

CONFIGURATION EXAMPLES (on HSG-1)

Below sample config snip shows normal dhcp-server configuration under interface setting


!interface eth1 description "trunk to switch1" enable ip address 192.168.8.1/24 dhcp-server  description "DHCP pool for management VLAN-1"  router 192.168.8.1  dns 8.8.8.8 8.8.4.4  range 192.168.8.10 192.168.8.254  enable!!interface vlan 1 10 enable ip address 10.10.10.1/24 dhcp-server  description "DHCP pool for VLAN-10"  router 10.10.10.1  dns 8.8.8.8 8.8.4.4  range 10.10.10.2 10.10.10.254  enable!interface vlan 1 20 enable ip address 10.20.20.1/24 dhcp-server  description "DHCP pool for VLAN-20"  router 10.20.20.1  dns 8.8.8.8 8.8.4.4  range 10.20.20.2 10.20.20.254  enable!

When hotspot service is enabled for the interface, dhcp-server command is applied under hotspot instance setting. Below config snip shows dhcp-server config when hotspot service is enabled for VLAN10 and VLAN20.

!interface eth1 description "trunk to switch1" enable ip address 192.168.8.1/24 dhcp-server  description "DHCP pool for management VLAN-1"  router 192.168.8.1  dns 8.8.8.8 8.8.4.4  range 192.168.8.10 192.168.8.254  enable!!interface vlan 1 10 enable ip address 10.10.10.1/24!interface vlan 1 20 enable ip address 10.20.20.1/24!security hotspot vlan10 hotspot-server 10.10.10.1 ports 4907 4382 client-network 10.10.10.0 255.255.255.0 client-dhcp-server  router 10.10.10.1  dns 8.8.8.8 8.8.4.4  range 10.10.10.2 10.10.10.254  enable client-static 10.10.10.2 255.255.255.0 radius-server splash.ransnet.com testing123 hotspot-portal https://splash.ransnet.com/pid/vlan10/login.php start!security hotspot vlan20 hotspot-server 10.20.20.1 ports 4081 4558 client-network 10.20.20.0 255.255.255.0 client-dhcp-server  router 10.20.20.1  dns 8.8.8.8 8.8.4.4  range 10.20.20.2 10.20.20.254  enable client-static 10.20.20.2 255.255.255.0 radius-server splash.ransnet.com testing123 hotspot-portal https://splash.ransnet.com/pid/vlan20/login.php start!

Useful troubleshooting commands:

show ip dhcp-servershow ip dhcp-logshow ip dhcp-leasetcpdump interface xx port 67

2. Configure dhcp-pool to issue IP addresses to non-attached/external networks

When configured with "dhcp-pool", mbox can manage and issue DHCP IP addresses to non-attached or external networks. The remote/external network router will relay client DHCP requests to mbox, and as long as the relay agent IP belongs to a valid address pool, mbox will issue client IP from the respective address pool. In this case mbox acts as DHCP server for both local and remote network so that it's easier to centrally administer IP address pools, without the need of 3rd-party dedicated DHCP server.

CONFIGURATION NOTES

CONFIGURATION STEPS

CONFIGURATION EXAMPLES (on HSG-1)


interface eth1 description "trunk to switch1" enable ip address 192.168.8.1/24 dhcp-server  description "DHCP pool for management VLAN-1"  router 192.168.8.1  dns 8.8.8.8 8.8.4.4  range 192.168.8.10 192.168.8.254  enable!ip dhcp-pool 10.30.30.0/24 description "DHCP pool for VLAN-30 on HSG-2" router 10.30.30.1 dns 8.8.8.8 8.8.4.4 range 10.30.30.2 10.30.30.254 enable!ip dhcp-pool 10.40.40.0/24 description "DHCP pool for VLAN-40 on HSG-2" router 10.40.40.1 dns 8.8.8.8 8.8.4.4 range 10.40.40.2 10.40.40.254 enable!ip route 10.30.30.1/32 nexthop 192.168.8.9 remark "route back to VLAN-30 DHCP relay"ip route 10.40.40.1/32 nexthop 192.168.8.9 remark "route back to VLAN-40 DHCP relay"!

3. Configure dhcp-helper to relay local DHCP requests to external DHCP server

For large distributed networks, with many local/remote networks and routers, we don't want to configure each router to issue DHCP address to their local networks. Instead, we will configure a central DHCP server to centrally manage the address pools for users of all networks (as in above section #2), and configure each remote router to relay their local device DHCP requests to the central DHCP server. 

In this case, each remote router acts as a dhcp-relay, and each relay will forward local client DHCP request to DHCP server through "dhcp-helper" command.

CONFIGURATION NOTES

CONFIGURATION STEPS

CONFIGURATION EXAMPLES (on HSG-2)

Below sample config snip shows normal dhcp-helper under interface setting

interface eth0 description "connect to core switch" enable ip address 192.168.8.9/24!!interface vlan 0 30 enable ip address 10.30.30.1/24 ip dhcp-helper 192.168.8.1!interface vlan 0 40 enable ip address 10.40.40.1/24 ip dhcp-helper 192.168.8.1!ip route 0.0.0.0/0 nexthop 192.168.8.1 remark "default route through HSG-1"!

If we enable hotspot service for VLAN30 and VLAN40, the dhcp-helper is configured under hotspot instance (which is attached to interface VLAN30 and VLAN40).


interface eth0 description "connect to core switch" enable ip address 192.168.8.9/24!!interface vlan 0 30 enable ip address 10.30.30.1/24!interface vlan 0 40 enable ip address 10.40.40.1/24!ip route 0.0.0.0/0 nexthop 192.168.8.1 remark "default route through HSG-1"!security hotspot vlan30 hotspot-server 10.30.30.1 ports 5415 5849 client-network 10.30.30.0 255.255.255.0 client-dhcp-helper 192.168.8.1 radius-server splash.ransnet.com testing123 hotspot-portal https://splash.ransnet.com/pid/vlan30/login.php start!security hotspot vlan40 hotspot-server 10.40.40.1 ports 4421 5467 client-network 10.40.40.0 255.255.255.0 client-dhcp-helper 192.168.8.1 radius-server splash.ransnet.com testing123 hotspot-portal https://splash.ransnet.com/pid/vlan40/login.php start!

4. Configure DHCP vendor options

Vendor options are DHCP options that are defined by the DHCP client software vendor. When a client broadcasts a request for a configuration, the client includes its vendor client class. If this client class matches any client classes in the dhcptab database, then the options specified for that class are sent to the client, along with other configuration options. 

This is typically used by wireless AP to auto push WLAN controller IP to the AP to auto registration, so that we don't need to configure anything on the AP for it to register (call back) to the WLC. Another example is for VoIP phones to auto push call manager IP address to the IP phone so that they can auto register to the call manager without any manual configuration on the VoIP phones.

NOTES ON OPTION 43 SUPPORT

Configuration snip:

!interface eth2dhcp-server-----option Cisco_LWAPP_AP "Cisco AP c1700" controller 203.211.151.79option Cisco_LWAPP_AP "Cisco AP c1600" controller 203.211.151.80----- Comemde# tcpdump interface eth1 port 67 detail10:12:46.028445 IP (tos 0x0, ttl 255, id 78, offset 0, flags [none], proto UDP (17), length 330)   0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from fc:5b:39:6e:34:e4, length 302, xid 0x200c, Flags [Broadcast] (0x8000)         Client-Ethernet-Address fc:5b:39:6e:34:e4         Vendor-rfc1048 Extensions           Magic Cookie 0x63825363           DHCP-Message Option 53, length 1: Discover           MSZ Option 57, length 2: 1200           Client-ID Option 61, length 7: ether fc:5b:39:6e:34:e4           Hostname Option 12, length 16: "APfc5b.396e.34e4"           Parameter-Request Option 55, length 9:             Subnet-Mask, Domain-Name-Server, Domain-Name, Netbios-Name-Server             Default-Gateway, LOG, Static-Route, Option 150             Vendor-Option           Vendor-Class Option 60, length 14: "Cisco AP c1700"  <--DHCP request from client, vendor-class config must match this.           END Option 255, length 010:12:46.028987 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)   192.168.1.1.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 300, xid 0x200c, Flags [Broadcast] (0x8000)         Your-IP 192.168.1.30         Client-Ethernet-Address fc:5b:39:6e:34:e4         Vendor-rfc1048 Extensions           Magic Cookie 0x63825363           DHCP-Message Option 53, length 1: Offer           Server-ID Option 54, length 4: 192.168.1.1           Lease-Time Option 51, length 4: 86400           Subnet-Mask Option 1, length 4: 255.255.255.0           Domain-Name-Server Option 6, length 8: 203.211.152.66,8.8.8.8           Domain-Name Option 15, length 8: "mbox.com"           Default-Gateway Option 3, length 4: 192.168.1.1           Vendor-Option Option 43, length 6: 241.4.203.211.151.79 <--DHCP reply by mbox, as per configuration           END Option 255, length 0           PAD Option 0, length 0, occurs 4