You might have a situation where you have multiple network segments utilizing DHCP to assign IP addresses, name servers, etc. DHCP clients use network broadcasts to alert a DHCP server to their presence. Once a request for an address has been made, the DHCP server responds with another broadcast. It's obvious from all these broadcasts that the protocol is designed to work with a client and server on the same network segment. What happens when you have ten segments? That's a lot of DHCP servers.
The last thing you want to do is manage a DHCP server on each of your network segments. The obvious thing to do is use the ip helper-address interface configuration command to force your Cisco router to forward DHCP requests to a central DHCP server. One often overlooked fact is that ip helper-address will actually forward many other UDP-based broadcasts to the address specified. This may be counter to what you intended.
So, how do we only forward DHCP requests? The following configuration commands can copied and pasted directly into your router's configuration CLI.
! We want this protocol.
ip forward-protocol udp bootpc
!
! We don't want these.
no ip forward-protocol udp biff
no ip forward-protocol udp bootps
no ip forward-protocol udp discard
no ip forward-protocol udp dnsix
no ip forward-protocol udp domain
no ip forward-protocol udp echo
no ip forward-protocol udp isakmp
no ip forward-protocol udp mobile-ip
no ip forward-protocol udp nameserver
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-ss
no ip forward-protocol udp non500-isakmp
no ip forward-protocol udp ntp
no ip forward-protocol udp pim-auto-rp
no ip forward-protocol udp rip
no ip forward-protocol udp snmp
no ip forward-protocol udp snmptrap
no ip forward-protocol udp sunrpc
no ip forward-protocol udp syslog
no ip forward-protocol udp tacacs
no ip forward-protocol udp talk
no ip forward-protocol udp tftp
no ip forward-protocol udp time
no ip forward-protocol udp who
no ip forward-protocol udp xdmcpOne thing you'll probably notice when you try this is that not all of the protocols are supported on your device. If you try to stop an unsupported protocol, you'll get a response like this:
SLAP(config)#no ip forward-protocol udp biff
UDP port 512 not found to deleteThat's OK. The list above is the complete list of IOS supported protocols, so your mileage may vary. What matters most is turning on bootpc and turning off everything else. And that's how we keep ip helper-address from being too forward!
Related Reading:
Get Slaptijack updates delivered to your Inbox or RSS Reader for free!
[...] ip helper-address: too forward [...]
We are setting up MetaIP servers for our dhcp services at all sites. Each MetaIP server will "replicate" scopes, etc to a standby backup server at a remote site. Therefore, we will have a dhcp server at every site but want to have failover capabilities in case the local server goes offline and thus need to configure an ip helper-address for the remote "standby" dhcp server. In this situation, would you want to create just one ip helper:
ip helper-address [remote standby server]
or would you want to create 2:
ip helper-address [local server]
ip helper-address [remote standby server]
Thank you in advance.
@Matthew -
Of the two scenarios you describe, the first is probably the preferred. The local server will receive DHCP requests via broadcasts on the subnet. The router will pick up these broadcasts and forward them on to the remote DHCP server.
Unfortunately, in both cases, you might have DHCP issues if the servers do not synchronize their DHCP lease information.
(By the way, when you use multiple ip helper-address lines in your configuration, each DHCP request is forwarded to both servers.)
Hi Scott,
Sorry for bringing so old post to focus. I have one question: If we only enable udp broadcast forwarding for dhcp only (by use of "ip forward-protocol udp bootpc"), why would udp be enabled for other protocols (since by default it is disabled)?
I mean to say: Would not it be sufficient; in your above configuration; to configure the first line only "ip forward-protocol udp bootpc", without all the other list of commands "no ip forward-..."?
Mohamed, thanks for your comment.
The point in issuing all the "no ip forward-protocol" commands is to ensure that other protocols are turned off. Just because something may be the default in one version doesn't mean it will stay that way. Obviously, if the default is off, then issuing the command doesn't change anything.
Hi!
I want to know, how a can clear the broadcast