Scribd
Upload
66 views12 pages

Ccna DHCP

This document provides a comprehensive overview of the Dynamic Host Configuration Protocol (DHCP), detailing its functionality, configuration, and security measures. It explains the DORA process, core configuration elements, troubleshooting steps, and best practices for implementing DHCP in a network environment. Additionally, it includes practical examples, verification commands, and security recommendations to protect against DHCP-related vulnerabilities.

Uploaded by

nchangedaniel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
66 views12 pages

Ccna DHCP

This document provides a comprehensive overview of the Dynamic Host Configuration Protocol (DHCP), detailing its functionality, configuration, and security measures. It explains the DORA process, core configuration elements, troubleshooting steps, and best practices for implementing DHCP in a network environment. Additionally, it includes practical examples, verification commands, and security recommendations to protect against DHCP-related vulnerabilities.

Uploaded by

nchangedaniel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Prepared by: Alishah Amin

CCNA Training – Lecture 9


DHCP — Dynamic Host Configuration
Protocol

Executive summary
This report explains DHCP (Dynamic Host Configuration Protocol) from fundamentals through
router configuration, verification and Packet Tracer testing, then covers relay, reservations,
troubleshooting and security (DHCP snooping). It uses the topology and configuration examples
in your uploaded files as the starting point (two LANs: 192.168.1.0/24 and 192.168.2.0/24)
and expands each point into clear, step-by-step instructions and analysis.
1. What is DHCP?
• DHCP automatically assigns IP configuration (IP address, subnet mask, default gateway,
DNS, and other options) to clients so you don’t have to configure each device by hand.
This reduces administrative overhead, prevents accidental IP conflicts, and centralizes
address management.

2. How DHCP works — the DORA process


(step-by-step)
1. Discover — Client broadcasts DHCPDISCOVER to locate DHCP servers.
2. Offer — Server replies with DHCPOFFER containing a proposed IP and options.
3. Request — Client selects an offer and sends DHCPREQUEST to the server.
4. Acknowledge — Server sends DHCPACK to confirm lease and provide final configuration.
(These four steps are the classic DORA handshake used in your files.)
3. Core Elements of DHCP Configuration
When setting up DHCP, you always define the following:

• Excluded addresses: IPs reserved for routers, servers, or printers that must not be
dynamically assigned.
• IP pool (scope): The range of IPs available to clients.
• Default gateway: The router IP provided to all clients so they can reach other networks.
• DNS server(s): Name resolution services distributed to clients.
• Lease time: How long clients keep their assigned IP before renewal.
• Reservations: Mechanism to ensure specific devices (e.g., servers, printers) always get
the same IP.
• Reservations/static bindings — Guarantee a specific client (by MAC or client ID)
receives the same IP.

4. Example topology and practical


configuration

Topology

• Router0 LAN: 192.168.1.1/24


• Router1 LAN: 192.168.1.2/24
Step A — Pre-checks
1. Confirm router global and interface access.
o show version
o show ip interface brief (check interfaces are up/up and assigned correct
IPs).
2. Plan excluded addresses (gateway, servers, management). Example reserved range .1–
.10.

Step B — Configure DHCP on Router0 (for 192.168.1.1/24)

Enter global config mode:


Step C — Configure DHCP on Router1 (for 192.168.1.2/24)
5. DHCP relay (when DHCP server is on
another subnet)
If clients are on VLANs or other subnets and the DHCP server is not local to that subnet,
configure DHCP relay on the router/switch SVI:

On the router (or Layer 3 SVI):

interface GigabitEthernet0/1
ip address 10.0.0.1 255.255.255.0 ! example SVI for VLAN
ip helper-address 192.168.1.10 ! IP of DHCP server
no shutdown
Why: Broadcasts from the client are not routed; ip helper-address forwards DHCP
broadcasts (and other UDP services) to the configured DHCP server.

6. Verification commands — what to run and


how to interpret results
On the router (Cisco IOS):

• show running-config | include ip dhcp — quick check DHCP config lines.


• show ip dhcp pool — pool summary (addresses free/used).
• show ip dhcp binding — lists active leases (IP ↔ MAC ↔ lease time).
• show ip dhcp conflict — DHCP conflicts the server has detected.
On the client (Windows):
• ipconfig /all — verify client received IP, gateway, DNS, lease times.
In Packet Tracer: set PC to DHCP and use ipconfig equivalent, then ping gateway.
Your files list these verification steps — use them exactly for hands-on testing.

Sample interpretation (example numbers)

For 192.168.1.0/24:

• Usable addresses = 254 (192.168.1.1–192.168.1.254).


• Excluded .1–.10 → 10 addresses reserved.
• Available to pool = 254 − 10 = 244.
• If 12 addresses are leased: Free = 244 − 12 = 232.
(Showed arithmetic so you can audit pool utilization.)

7. Sample show outputs (what to expect)


Example: show ip dhcp pool

Pool LAN1 :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 192.168.1.0/24
Total addresses : 254
Excluded addresses : 10
Current leases : 12
Free addresses : 232

Example: show ip dhcp binding


Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address
192.168.1.11 01aa.bbcc.ddee Apr 3 2025 12:45 PM DHCP
192.168.1.12 01bb.ccdd.eeff Apr 3 2025 12:50 PM DHCP

(These are illustrative — actual date/time and MACs will vary.)

8. Static reservations / fixed addresses


• Best practice: Use reservations when a client must keep the same IP (printers, servers).
On enterprise DHCP servers (Windows Server or ISC dhcpd) create a reservation keyed
to the MAC address (or client-ID).
• Example (ISC dhcpd.conf):

host printer01 {
hardware ethernet 00:11:22:33:44:55;
fixed-address 192.168.1.50;
}

• On Windows DHCP server: DHCP console → Right-click Scope → New Reservation


→ enter Name, IP, MAC, type.
(While Cisco IOS has methods for binding by client-identifier inside a pool, the
GUI/server reservation methods are clearer and safer for production.)

9. Troubleshooting — step-by-step checklist


(start to finish)
1. Client checks
o ipconfig /release then ipconfig /renew (Windows) or sudo dhclient -r
&& sudo dhclient (Linux).
o ipconfig /all to see assigned IP/gateway/DNS.
2. Switch checks
o Ensure access port is in correct VLAN and interface is up ( show interface
status).
3. Router checks
o show ip interface brief — is interface UP/UP and IP correct?
o show running-config | include dhcp — confirm pool created.
o show ip dhcp binding — are there leases?
4. If no lease and VLAN separation
o Confirm ip helper-address is set on SVI / interface for that subnet.
5. DHCP conflicts
o show ip dhcp conflict and check for static devices using IPs from pool.
6. Debugging (use cautiously on production)
o debug ip dhcp server events or debug dhcp detail — watch logs while
client requests. Stop with undebug all or no debug all.
7. Clear bindings/testing
o clear ip dhcp binding 192.168.1.11 to remove a lease so a client can re-
request.
8. If a switch blocks DHCP
o Check for DHCP snooping misconfiguration (see next section).

10. DHCP security — DHCP Snooping &


protections
Why: DHCP can be exploited by rogue servers handing out invalid gateways/DNS or by
spoofing. Cisco provides DHCP snooping to defend:

Basic DHCP snooping steps (switch):


! enable DHCP snooping globally
conf t
ip dhcp snooping
ip dhcp snooping vlan 1

! set trusted ports (uplink to router/DHCP server)


interface GigabitEthernet0/1
ip dhcp snooping trust
exit

! optionally limit rate on access ports


interface GigabitEthernet0/2
ip dhcp snooping limit rate 15
exit

Verification:

• show ip dhcp snooping


• show ip dhcp snooping binding — binding table of MAC ↔ IP ↔ VLAN.

Related protections:

• Use Dynamic ARP Inspection (DAI) and IP Source Guard which rely on the DHCP
snooping binding table to prevent spoofing.
(These commands are standard CCNA topics and complement the DHCP configuration shown
earlier.)

11. Best practices & design recommendations


• Plan addressing: allocate pools per VLAN; keep management/network devices outside
DHCP pools via excluded addresses.
• Use short leases for BYOD/hotels; longer leases for servers/printers.
• Keep DHCP server(s) redundant (secondary DHCP server, DHCP failover or split
scope).
• Monitor pool utilization (show ip dhcp pool) and logs.
• Secure with DHCP snooping; only allow trusted ports to run DHCP server.
• Document DHCP scopes, exclusions, reservations and lease policies in your network
design book.

12. Packet Tracer lab steps (simple test plan)


1. Build topology: Router0 — Switch — PCs (VLAN 1) for 192.168.1.0/24. Router1 —
Switch — PCs for 192.168.2.0/24.
2. Configure router interfaces with gateway IPs (192.168.1.1 and 192.168.2.1).
3. Enter DHCP configuration on routers (see section 4).
4. On each PC set IP to DHCP (Desktop → IP Configuration → DHCP).
5. On PC run ping 192.168.1.1. If success, DHCP worked. If not, run troubleshooting
steps above.

13. Appendix — Quick command cheat-sheet


Router DHCP

ip dhcp excluded-address <start-ip> <end-ip>


ip dhcp pool <NAME>
network <network> <mask>
default-router <gateway-ip>
dns-server <dns-ip>
lease <days> <hours> <mins> ! optional

Verify

show running-config | include ip dhcp


show ip dhcp pool
show ip dhcp binding
show ip dhcp conflict
clear ip dhcp binding <ip>
debug ip dhcp server events ! use with caution

Switch (DHCP Snooping)

ip dhcp snooping
ip dhcp snooping vlan <vlan-id>
interface <uplink>
ip dhcp snooping trust

You might also like