Configuring Cisco routers to act as a DHCP server

If you want to configure DHCP on client devices, there are multiple server options to choose from. One of the most common ways is to use server configured with Windows or Linux. What about small or branch offices that may not have a server or do not want to spend money on additional resources? Many entry level admins (and even some of the more experienced) forget that DHCP is also available Cisco routers and switches. Most of the newer L3 IOS software revisions support this.

A benefit of running DHCP on the equipment is that it doesn’t require any new/additional hardware. Also, clients can still receive IP addresses even if the WAN connection goes down. On the other hand, some administrators prefer a single point of administration which also has its own advantage. I personally would rather make sure my remote offices can get on the network without a WAN dependency. This prevents unnecessary reboots or support calls to get people reconnected once a failed WAN connection comes online. If the WAN connection is slower such as 256k or 512k, bandwidth would be a bit more optimized by keeping DHCP traffic locally.

For this example we are using a Cisco 2851 with a single subnet (172.20.10.0/24). First, we need to configure a new DHCP pool on the device for the subnet in question. Let’s also say that this subnet is for VoIP phones. We’ll specify a boot server (option 66) just to show how it is done and that Cisco equipment can handle it.

Router(config)# ip dhcp pool IP-Phones
Router(dhcp-config)# network 172.20.10.0 255.255.255.0 
Router(dhcp-config)# default-router 172.20.10.1 
Router(dhcp-config)# option 66 ascii http://someserver/somesite 
Router(dhcp-config)# dns-server 8.8.8.8
Router(dhcp-config)# lease 8
Router(dhcp-config)# exit
Router(config)# interface GigabitEthernet0/0
Router(config-if)# description VoIP Phones
Router(config-if)# ip address 172.21.10.1 255.255.255.0

To help you better understand the above commands, a DHCP scope was configured for 172.20.10.0 with a default gateway of 172.20.10.1. The Option 66 boot server was specified (which is different depending on the phone system as some use option 150). We are just using one of Google’s DNS servers, but a local could also be used. Next, the lease time was set to 8 days and the local interface was configured. We will now add some additional options to the DHCP configuration.

When Cisco devices reboot, the DHCP database is cleared. By default it is only stored in memory, however you can make it persistent. Use the following option to save it periodically to a TFTP server. When the router/switch comes online it will restore the database back into memory.

ip dhcp database tftp://localserver/dhcp-conf write-delay 100

Cisco devices also support conflict detection. If you have configured the ip dhcp ping option, the device will first ping the IP address it intends to hand out before replying to the client’s DHCP request. If the router receives an ICMP Echo Reply message, the address is in use. If the DHCP conflict logging option (ip dhcp conflict logging) is enabled (IOS default setting), the router will then log the conflict with a syslog message and add the address to the local conflict table. This is where saving the database to a TFTP server is helpful. When the router reboots, the table will be empty and it will try each address with ping statements in the pool until it finds one available. The address pool could be quickly exhausted and existing devices may not be able to renew their leases. Addresses stored within the conflict table are not used in future leases (similar to when addresses are excluded, shown below). To reuse one of these addresses, the network administrator would need to first remove it from the table.

To exclude certain IP addresses from the DHCP pool to be used for static devices you can issue the ip dhcp excluded-address command. Below, we are setting aside a small range at the beginning of the 172.20.10.0/24 pool.

ip dhcp excluded-address 172.20.10.1 172.20.10.10

If you do not have any devices that use bootp, turn the service off. This will also provide a bit of additional security on the router by turning off protocols that are not needed and DoS attacks with this protocol are prevented.

no ip bootp server

Once the router has been configured, you can use the commands below to check the status of the DHCP server.

show ip dhcp server statistics will show DHCP server statistics, memory usage, etc.
show ip dhcp binding will output a list of current DHCP leases, expirations, and MAC addresses.
show ip dhcp conflict will show any DHCP lease conflicts
clear ip dhcp conflict * will clear the DHCP address conflicts

I hope you have found this post helpful. Also, if you are interested in other topics regarding DHCP, I previously talked about attacks and how to stop them.

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*
Website