DHCP and IP Helper (DHCP Relay)

So here at my good ol’ company, we ran into an issue about a month ago where the DHCP server stopped handing out IP addresses. Come to find out the server was a Windows 2008 R2 and Windows Updates overloaded it. Nonetheless, the machines lost their IP settings as their leases expired and we lost some productivity. I had to quickly setup the 3750X switch as the new DHCP server in a hurry.

Now skip to last week, my director tasks me and the new guy, Evan, with finding a way to add redundancy to DHCP to allow fail over between servers. At Evan’s last gig, they set this up using two Windows servers with one local to the branch office and one centrally located at their data center. They would both advertise the /24 range, but the local server would exclude the last half, while the remote server would exclude the first half.

At all, but one, of our call centers, we have a local ESXi host (not licensed to be centrally managed with vSphere) that hosts at least two virtuals: one domain controller and one app server. So using the model from Evan’s last gig, we determined that we would use the local DC for the local DHCP server and then the DHCP server that is used for HQ at the data center. Evan mentioned that they had to do some routing and configuring on their WAN edge routers to allow the DHCP to get back to the center’s and client. He mentioned he thought it was due to the DHCPDISCOVERs and DHCPOFFERs being broadcast packets. This got me to thinking as that makes sense when on the same subnet, but what happens when I use the IP Helper command on the VLAN interface?? Will the DHCPDISCOVER and DHCPOFFER packets be broadcast or unicast?? If the packets are broadcast packets than they will not work going over our MPLS.

So I setup a lab using the following:

1 x 3750
2 x 2811

Setup for DHCP across WAN Lab

Setup for DHCP across WAN Lab

switch 1 config:
int vlan 1
ip add 192.168.1.1 255.255.255.0
ip helper-address 192.168.3.1
!
int gi1/0/1
switchport host
!
int gi1/0/48
no switchport
ip add 192.168.2.1 255.255.255.0
!
router rip
version 2
no auto-summary
network 192.168.1.0
network 192.168.2.0

router 1 config:
int fa0/0
ip add 192.168.2.2 255.255.255.0
no shutdown
!
int fa0/1
ip add 192.168.3.2 255.255.255.0
no shutdown
!
router rip
version 2
no auto-summary
network 192.168.2.0
network 192.168.3.0

router 2 config:
int fa0/0
ip add 192.168.3.1 255.255.255.0
no shut
!
ip dhcp excluded-address 192.168.1.1 192.168.1.10
!
ip dhcp pool TEST
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
router rip
no auto-summary
network 192.168.3.0

I consoled into Router 2 (the DHCP server) and setup dhcp server debugging. I made sure that my laptop’s LAN interface was set to DHCP and plugged it into the 3750 (switch 1) on vlan 1. I watched on the console screen as DHCPDISCOVER packets came from 192.168.1.1 (3750 VLAN 1 interface) requesting an IP for the MAC address of the laptop (with 01 prepended) and DHCPOFFER packets went back to 192.168.1.1. Issuing ‘show ip dhcp bindings’ showed 192.168.1.11 being assigned to the MAC address of the laptop.

I unplugged the laptop from switch 1 and cleared the dhcp bindings on router 2. I then consoled into switch 1 and started debugging IP packets. I plugged in the laptop and watched as packets came from 0.0.0.0 to 255.255.255.255. I then saw switch 1 send unicast packets to router 2 and router 2 respond with unicast packets to switch 1 and finally switch 1 send a broadcast out its vlan 1 interface.

So from looking at the debugs, I can see that the ip helper command forces the switch to act more or less like a proxy for the dhcp clients’ request to the dhcp server.

I know that I could have easily looked this up and found the answer easily, however, this gave me a chance to set up a quick lab and get some hard evidence. Further, I am looking to take the CCNA test here in about a month’s time and this gave me some practice on DHCP, routing, debugging, and troubleshooting. So all-in-all this is time very well spent.

About Richard Svensson

Richard is the Sr Network Administrator at an international automotive interiors manufacturer. View all posts by Richard Svensson

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: