You might have a situation where you have multiple network segments utilizing <acronym title="Dynamic Host Configuration Protocol">DHCP</acronym> to assign IP addresses, name servers, etc. DHCP clients use network broadcasts to alert a DHCP server to their presence. Once a request for an address has been made, the DHCP server responds with another broadcast. It's obvious from all these broadcasts that the protocol is designed to work with a client and server on the same network segment. What happens when you have ten segments? That's a lot of DHCP servers.
The last thing you want to do is manage a DHCP server on each of your network segments. The obvious thing to do is use the ip helper-address interface configuration command to force your Cisco router to forward DHCP requests to a central DHCP server. One often overlooked fact is that ip helper-address will actually forward many other UDP-based broadcasts to the address specified. This may be counter to what you intended.
So, how do we only forward DHCP requests? The following configuration commands can copied and pasted directly into your router's configuration <acronym title="Command Line Interface">CLI</acronym>.
! We want this protocol.
ip forward-protocol udp bootpc
!
! We don't want these.
no ip forward-protocol udp biff
no ip forward-protocol udp bootps
no ip forward-protocol udp discard
no ip forward-protocol udp dnsix
no ip forward-protocol udp domain
no ip forward-protocol udp echo
no ip forward-protocol udp isakmp
no ip forward-protocol udp mobile-ip
no ip forward-protocol udp nameserver
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-ss
no ip forward-protocol udp non500-isakmp
no ip forward-protocol udp ntp
no ip forward-protocol udp pim-auto-rp
no ip forward-protocol udp rip
no ip forward-protocol udp snmp
no ip forward-protocol udp snmptrap
no ip forward-protocol udp sunrpc
no ip forward-protocol udp syslog
no ip forward-protocol udp tacacs
no ip forward-protocol udp talk
no ip forward-protocol udp tftp
no ip forward-protocol udp time
no ip forward-protocol udp who
no ip forward-protocol udp xdmcp
One thing you'll probably notice when you try this is that not all of the protocols are supported on your device. If you try to stop an unsupported protocol, you'll get a response like this:
SLAP(config)#no ip forward-protocol udp biff
UDP port 512 not found to delete
That's OK. The list above is the complete list of IOS supported protocols, so your mileage may vary. What matters most is turning on bootpc and turning off everything else. And that's how we keep ip helper-address from being too forward!
Related Reading:
