Configure DHCP server

mbox supports Dynamic Host Configuration Protocol (DHCP) for connection to an IP network. It offers a complete solution for implementing DHCP servers, relay agents, and clients for small local networks to large enterprises.

mbox DHCP supports both IPv4 and IPv6, and is suitable for use in high-volume and high-reliability applications.

    • A DHCP server (dhcp-server), which receives clients’ requests and replies to them.
    • A DHCP client, which sends address requests to an up DHCP server to request interface IP address.
    • A DHCP relay agent (or dhcp-helper), which passes client DHCP requests from local LAN to another upstream DHCP server to centrally issue DHCP addresses.
    • mbox DHCP supports option 43 for assigning vendor-specific parameters, eg. controller IP for light-weight APs

In many deployments, where mbox functions as a gateway, it is required for mbox to run as a DHCP server to issue addresses to user/client PCs. When enabled to listen on the correct interface, mbox accepts client DHCP requests and issues DHCP address from the configured range to clients.

NOTE: mbox can either act as either dhcp-server or dhcp-helper, but we can not have both dhcp-server and dhcp-helper running on the same mbox, because both of these services are using the same opening ports (UDP/67/68).


    • mbox supports multiple address scopes. each scope is attached to a listening interface, either physical interface or VLAN interface.

NOTE: One listening interface can have multiple IP addresses. But only the primary IP address can be used as the DHCP range. So when you configure interface IP addresses, please make sure the primary IP address is configured first/ahead of other IP addresses.

    • DHCP-server must be explicitly started (ip dhcp-server start) and each config changes requires restarting of the service (stop and start again).
    • When running HA (two boxes running VRRP), both mbox will be actively issuing DHCP (even for the standby unit), so each box needs to cover half of the available range; and you need to explicitly configure "router" command to specify VRRP virtual IP as the clients default gateway.


    • configure network interfaces with IP address and mask
    • configure DHCP scope


enableconfigureinterface <interface id> <--this is typically the listening interface IP addressip address x.x.x.x/nn <--IP address must be configureddhcp-server <--enable dhcp server on this interfacedomain client_domain range start_of_range end_of_rangedns name-server-iprouter <user default gateway> <--by default primary IP address will be used.static client_hostname client_mac client_static_ipoption vendor-name “vendor-class” controller controller_ipip dhcp-server start/stop <--start or stop dhcp-server (global command)



Below is a config snip for a CMG running DHCP and VRRP on the same interface.

!configure the listening interfacesinterface vlan bond 1 901description "VLAN901 for WSGx users"enableip address 20state MASTERpriority 120authentication Letmein99virtual_ipaddress "DHCP scope for VLAN901 Wireless@SGx users"dns <--configure VRRP VIP as DHCP router.domain 900 3600range!enable vendor options 43option Cisco_LWAPP_AP "Cisco AP c1700" controller!ip dhcp-server start <--Globally start DHCP server!Useful troubleshooting commands:=========================show ip dhcp-servershow ip dhcp-logshow ip dhcp-leasetcpdump interface xx port 67


    • a vendor-name refers to a particular brand; a vendor-class refer to a particular model of a brand. Vendor-class must be included by double quotes in the configuration (eg. “Cisco AP c1600”)
    • mbox can support multiple dhcp scopes, and each scope can support one unique option 43 for each vendor (vendor-name), eg. scope 1 for Cisco APs, scope 2 for Aruba APs, etc.
    • same vendor-name can have multiple vendor-class, eg. different model of Cisco AP can be assigned with different controller IP, differentiated by vendor-class name
    • vendor-class string in the configuration must match exactly what’s being included in AP DHCP request headers. Sometimes, we don’t know the extract string for vendor-class, one way is to ask from vendor support, another way is to use tcpdump with “detail” option

Configuration snip:


!interface eth2dhcp-server-----option Cisco_LWAPP_AP "Cisco AP c1700" controller Cisco_LWAPP_AP "Cisco AP c1600" controller Comemde# tcpdump interface eth1 port 67 detail10:12:46.028445 IP (tos 0x0, ttl 255, id 78, offset 0, flags [none], proto UDP (17), length 330) > [udp sum ok] BOOTP/DHCP, Request from fc:5b:39:6e:34:e4, length 302, xid 0x200c, Flags [Broadcast] (0x8000) Client-Ethernet-Address fc:5b:39:6e:34:e4 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover MSZ Option 57, length 2: 1200 Client-ID Option 61, length 7: ether fc:5b:39:6e:34:e4 Hostname Option 12, length 16: "APfc5b.396e.34e4" Parameter-Request Option 55, length 9: Subnet-Mask, Domain-Name-Server, Domain-Name, Netbios-Name-Server Default-Gateway, LOG, Static-Route, Option 150 Vendor-Option Vendor-Class Option 60, length 14: "Cisco AP c1700" <--DHCP request from client, vendor-class config must match this. END Option 255, length 010:12:46.028987 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328) > [udp sum ok] BOOTP/DHCP, Reply, length 300, xid 0x200c, Flags [Broadcast] (0x8000) Your-IP Client-Ethernet-Address fc:5b:39:6e:34:e4 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Offer Server-ID Option 54, length 4: Lease-Time Option 51, length 4: 86400 Subnet-Mask Option 1, length 4: Domain-Name-Server Option 6, length 8:, Domain-Name Option 15, length 8: "" Default-Gateway Option 3, length 4: Vendor-Option Option 43, length 6: <--DHCP reply by mbox, as per configuration END Option 255, length 0 PAD Option 0, length 0, occurs 4============================