DHCP

DHCP Relay

Sections: 

Overview: 

  • DHCP Relay is a feature that allows a router or layer 3 device such as a switch or firewall appliance to forward DHCP requests from clients on one network to a DHCP server located on a different network serving as the intermediary device
  • In most use cases, this feature is implemented when the DHCP server is located in a central location that needs to provide IP addresses to clients across multiple networks 
  • By default layer 3 devices do not forward broadcast messages however the DHCP Relay features allows a layer 3 device to forward DHCP Discover packets as unicast messages towards the specified remote DHCP server

Lab Topology

Scenario: 

  • In this lab scenario, we will configure the DHCP relay feature on the HQ Gateway-R1 router, and point towards the remote DHCP server located in the Remote Branch site
  • Trunk links, VLAN assignments, and ROAS Inter-VLAN routing have already been configured at the HQ site topology
  • In this lab example, I will use a WIndows Server virtual machine via Oracle VirtualBox to serve DHCP requests to the HQ site VLAN networks 
  • I will configure the DHCP scopes on the DHCP server and configure routing between the HQ and remote site networks 
  • I will enable DHCP on the HQ PC client from each VLAN and analyze the active DHCP leases on the Windows Server virtual machine interface
  • I will test PC connectivity by issuing ping commands 
  • I will analyze a packet capture on the links between the HQ and Remote branch router gateways to analyze the DHCP Relay D.O.R.A messages 

Windows Server DHCP Setup

IP Address of the VM Remote DHCP Server: 192.168.99.10

Windows Server Overview Pane.

Windows Server - IPv4 vs IPv6 DHCP Server options.

Creating new IPv4 DHCP scopes for HQ VLANs 10,20,60,80.

Naming new DHCP scope.

Setting IP address range for VLAN10 scope.

Optional parameters to configure DHCP exclusions.

Optional parameter to set lease time / 8 days by default.

Option to configure DHCP options including default gateway and DNS.

Setting Default Gateway of VLAN10 DHCP clients - SVI gateway addresses of the HQ Core switch.

Setting DNS server for DHCP clients in VLAN10 - IP address of my Raspberry Pi serving as my home gateway to the Internet.

Activating configured DHCP scopes.

Verify active DHCP scopes, all HQ VLAN DHCP scopes configured.

DHCP Relay Pre-Configuration 

HQ Gateway-R1 

Configure the IP address of the WAN interface and default route towards the remote branch router gateway.

Remote-Branch-Gateway 

Configure the IP address of the interface towards the HQ router gateway and the route to the HQ VLAN networks via HQ Gateway-R1 with a summary route 192.168.x.x/16.

Configure the WAN link Gi0/1 to serve as a DHCP client towards the remote branch network 192.168.99.0/24.

Raspberry Pi -  Remote Branch WAN Gateway 

Routing management pane of the Raspberry Pi.

Create a summary static route to the HQ VLAN networks via interface Gi0/1 of the Remote-Branch-Gateway towards HQ site.

DHCP Relay Configuration

Gateway-R1 

Configure the 'ip helper-address' command on the ROAS VLAN sub-interfaces and specify the destination VM remote DHCP server at IP 192.168.99.10

Ping the remote DHCP server to verify connectivity for the DHCP clients.

HQ Clients -  Enabling DHCP 

Engineering VLAN10

Finance VLAN20

MGMT VLAN60

Servers VLAN80

Windows Server -  Active DHCP Leases

Engineering VLAN10

Finance VLAN20

MGMT VLAN60

Servers VLAN80

DHCP Relay Packet Captures 

Scenario: 

  • In this scenario, we will analyze packet captures for DHCP Relay traffic

Link: HQ-Core-SW1 and Gateway-R1 - D.O.R.A

Link: Gateway-R1 and Remote-Branch-Gateway - D.O.R.A

Notes:

  • DHCP Relay agent forwards DHCP client Discover messages via unicast towards the DHCP server
  • DHCP Relay agent handles the DHCP D.O.R.A process for the client as the messages are sourced by the relay agent

Link: Remote-Branch-Gateway and Remote DHCP Server - D.O.R.A