i) Routers may use broadcasts to locate TFTP servers.
ii) Clients may use broadcasts to locate a TACACS security server.
Clients in a hierarchical network normally do not reside on the same network as the DHCP and DNS servers. They rely mostly on broadcasts to locate those servers. However, routers do not forward broadcasts beyond a broadcast domain by default. It is possible but impractical to setup DHCP and DNS servers on all subnets. IP Helper addresses are normally used for this situation.
Note: By default, the destination IP address – 255.255.255.255, which is sent as a link-layer broadcast – FFFF.FFFF.FFFF, are not forwarded beyond a broadcast domain.
The ip helper-address {ip-addr} interface subcommand relays (accepts and forwards) UDP broadcasts as unicasts to a specified IP address – a server on another network or as directed broadcasts to a specified subnet. UDP broadcasts are forwarded to all helper addresses as soon as they are being received by the router interface. A Cisco router configured with the ip helper-address command is known as a DHCP Relay Agent.
Configure the ip helper-address command on the router interface that will receive the UDP broadcast requests. Be default, the command relays the following 9 UDP services:
| Service | UDP Port Number |
| Time | 37 |
| TACACS | 49 |
| DNS | 53 |
| BOOTP/DHCP Server | 67 |
| BOOTP/DHCP Client | 68 |
| TFTP | 69 |
| NetBIOS Name Service | 137 |
| NetBIOS Datagram Service | 138 |
| IEN 116 name service (obsolete) | 42 |
Use the [no] ip forward-protocol udp {port-num} global configuration command to add or remove an additional / unwanted UDP service to / from the default group respectively.
Note: All broadcasts are sent to all configured helper addresses, regardless of whether a server is able to process a particular request. This could consume unnecessary bandwidth on the network.
Ex: ServerA is a DHCP server, ServerB is a DNS server. IP addresses for both servers have been configured as helper addresses. DHCP and DNS broadcast requests are sent to both servers. An ICMP Port Unreachable error message will be generated when a server is unable to serve a particular type of request.
Additional helper addresses are not required on intermediate routers along a path, as the first router has modified the destination address from broadcast to unicast or directed broadcast.
Configuring the ip helper-address command is often sufficient to obtain the desired results. In some large networks, it may be necessary for the DHCP relay agent (eg: Cisco router) to insert additional information in the DHCP requests being forwarded to the central DHCP server. Such information is useful for statistical analysis, as well as allows DHCP to make decisions based on where the DHCP request is coming from and even which user is making the request. This is achieved by enabling the DHCP Option 82 – DHCP Relay Agent Information Option.
The DHCP Relay Agent capability is enabled by default. The ip helper-address command does not enable the DHCP Relay Agent; it is being used to configure the DHCP Relay Agent where to relay the broadcast DHCP requests.
IP Helper Address configuration on RT1:
RT1#conf t Enter configuration commands, one per line. End with CNTL/Z. RT1(config)#int e0 RT1(config-if)#ip helper-address 172.16.0.255 RT1(config-if)#ip helper-address 172.16.1.2 RT1(config-if)#exit RT1(config)#int e1 RT1(config-if)#ip directed-broadcast RT1(config-if)#^Z RT1# RT1#sh ip int e0 Ethernet0 is up, line protocol is up Internet address is 10.10.10.1/24 Helper addresses are 172.16.0.255 172.16.1.2 Directed broadcast forwarding is disabled --- output omitted --- RT1#sh ip int e1 Ethernet1 is up, line protocol is up Internet address is 172.16.0.1/24 Helper addresses is not set Directed broadcast forwarding is enabled --- output omitted ---
Configuring a helper address destined to the directed broadcast to the server farm subnet (172.16.0.0/24) is more efficient than configuring multiple unicast helper addresses when there are multiple servers reside in the same subnet.
The ip directed-broadcast interface subcommand enables directed broadcast forwarding on an interface. This feature is disabled (directed broadcasts are dropped) by default in Cisco IOS Release 12.0 and later due to the default no ip directed-broadcast command.
No comments:
Post a Comment