CCNP Routing and Switching SWITCH 300-115 Official Cert Guide (2015)

Part IV. Multilayer Switching

Chapter 12. Configuring DHCP

This chapter covers the following topics that you need to master for the CCNP SWITCH exam:

Image Configuring an IPv4 DHCP Server: This section covers the basic configuration needed to make a switch act as a DHCP server or as a DHCP relay so that IPv4 hosts can request addresses and learn their local default gateway addresses and other necessary information.

Image Configuring DHCP to Support IPv6: This section discusses several mechanisms that hosts can use to obtain IPv6 addresses and other network information.

This chapter explains how a multilayer switch can be configured as a Dynamic Host Configuration Protocol (DHCP) server or relay to supply IP addressing information to client devices. Both IPv4 and IPv6 addressing services are discussed.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz allows you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt based on your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. Table 12-1 outlines the major headings in this chapter and the “Do I Know This Already?” quiz questions that go with them. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes.”


Table 12-1 “Do I Know This Already?” Section-to-Question Mapping

1. If a DHCP scope is configured on a Catalyst switch, which one of the following must also be configured so that the switch becomes a DHCP server for client machines connected to VLAN 3?

a. A corresponding ip dhcp server command configured on interface VLAN 3

b. A corresponding IP address configured on interface VLAN 3

c. An ip helper-address command configured on interface VLAN 3

d. A switch cannot operate as a DHCP server

2. Which one of the following commands can be used to prevent IP addresses through from being assigned by the DHCP server running on a switch?

a. ip dhcp reserve-address –

b. ip dhcp pool users

no network

c. ip dhcp excluded-address

d. ip dhcp pool users

no lease

3. To configure a manual DHCP binding for two different IP addresses, which one of the following approaches should you take?

a. Define two DHCP pools that contain a single host address each.

b. Define a DHCP pool that contains the network of the host addresses.

c. Enter two ip dhcp excluded-address commands to configure the host addresses.

d. Define one DHCP pool that contains a host command for each host address binding.

4. Which one of the following answers represents configuration commands needed to implement a DHCP relay function?

a. interface vlan 5

ip address

ip helper-address

b. interface vlan 5

ip address

ip dhcp-relay

c. ip dhcp pool staff




d. hostname Switch

ip helper-address

5. Which one of the following commands can be used to display IPv4 addresses that have been assigned through the DHCP server on a switch?

a. show ip dhcp pool

b. show ip dhcp clients

c. show ip dhcp binding

d. show ip dhcp leases

6. Which one of the following forms of IPv6 address does a host use to discover its local router?

a. CDPv6

b. ICMPv6

c. Stateless address

d. Link-local address

7. Without a DHCP server available, which one of the following represents a valid method for a host to obtain a unique IPv6 address?

a. The local switch interface will assign one, provided it has an IPv6 address configured

b. Stateless autoconfiguration

c. DHCP relay

d. Link-local address proxy

8. To exclude specific IPv6 addresses from being handed out by a DHCPv6 server configured on a Catalyst switch, which one of the following describes the correct strategy?

a. Enter the ip dhcp excluded-address command along with the IPv6 addresses to exclude.

b. Enter the no address prefix ipv6-address command as part of the DHCPv6 pool configuration.

c. Define a separate DHCPv6 pool for each excluded address.

d. None of these answers; you cannot exclude addresses with DHCPv6.

Foundation Topics

Using DHCP with a Multilayer Switch

When a switch is configured with a Layer 3 address on an interface, it becomes the router or default gateway that connected hosts will use to send traffic to and from their local VLAN or subnet. How do those hosts know to use the Layer 3 interface as their default gateway? As well, how do those hosts know what IP address to use for their own identities?

Hosts can be manually configured to use a static IP address, subnet mask, default gateway address, and so on. That might be appropriate for some devices, such as servers, which would need stable and reserved addresses. For the majority of end user devices, static address assignment can become a huge administrative chore.

Instead, the Dynamic Host Configuration Protocol (DHCP) is usually leveraged to provide a means for dynamic address assignment to any host that can use the protocol. DHCP is defined in RFC 2131 and is built around a client/server model: Hosts requesting IP addresses use a DHCP client, and address assignment is handled by a DHCP server.

Suppose a host connects to the network, but does not yet have an IP address. It needs to request an address via DHCP. How can it send a packet to a DHCP server without having a valid IP address to use as a source address? The answer lies in the DHCP negotiation, which plays out in the following four steps:


1. The client sends a “DHCP Discover” message as a broadcast: Even without a valid source address, the client can send to the broadcast address to find any DHCP server that might be listening. The client’s MAC address is included in the broadcast message.

2. A DHCP server replies with a “DHCP Offer” message: The offer contains an offer for the use of an IP address, subnet mask, default gateway, and some parameters for using the IP address.

The server also includes its own IP address to identify who is making the offer. (There could be multiple addresses offered, if more than one DHCP server received the broadcast DHCP Discover message.) Because the client does not yet have a valid IP address, the server must broadcast the offer so the client can receive it.

3. The client sends a “DHCP Request” message: When it is satisfied with a DHCP offer, the client formally requests use of the offered address. A record of the offer is included so that only the server that sent the offer will set aside the requested IP address. Again, the request is sent as a broadcast as a public announcement to any other servers that may have responded, and because the client hasn’t officially started using a valid address.

4. The DHCP server replies with a “DHCP ACK” message: The IP address and all parameters for its use are returned to the client as formal approval to begin using the address. The ACK message is sent as a unicast, but may be broadcast instead.

Because DHCP is a dynamic mechanism, IP addresses are offered on a leased basis. Before the offered lease time expires, the client must try to renew its address; otherwise, that address may be offered up to a different client.

Notice that DHCP is designed to work within a broadcast domain. Most of the messages in a DHCP exchange are sent as broadcasts. On this basis, the DHCP server would need to be located in the same broadcast domain as the client. In this scenario, you might have a dedicated DHCP server connected to the network and located in the same VLAN as the client. You can also configure a multilayer switch to operate as a DHCP server if you have configured a Layer 3 address on the switch interface or SVI where the client is located.

This design would require one DHCP server for each broadcast domain or VLAN on the network—something that is not always practical at all! You can get around this requirement by configuring a multilayer switch to relay the DHCP negotiation across VLAN boundaries.

The following sections explain how to configure a DHCP server on a multilayer switch within a VLAN and how to configure DHCP relay between VLANs.

Configuring an IPv4 DHCP Server

First, configure a Layer 3 address on a switch interface so that the switch can participate in IP-related activities. Then you can configure a DHCP server that runs natively on the switch itself. You can configure a pool of addresses that are offered by the DHCP server, as well as addresses that are reserved or manually assigned. In all of those cases, the DHCP server address scope must correlate with a Layer 3 IP subnet that is configured on a switch interface. The switch will then intercept DHCP broadcast packets from client machines within a VLAN. Use the following command sequence to configure a DHCP server:


Switch(config)# ip dhcp excluded-address start-ip end-ip
Switch(config)# ip dhcp pool pool-name
Switch(config-dhcp)# network ip-address subnet-mask
Switch(config-dhcp)# default-router ip-address [ip-address2] [ip-address3] ...
Switch(config-dhcp)# lease {infinite | {days [hours [minutes]]}}
Switch(config-dhcp)# exit

If some addresses within the IP subnet should be reserved and not offered to clients, use the ip dhcp excluded-address command. You can define a range of addresses or a single address to be excluded. You do not have to worry about excluding the addresses used by a switch interface or a broadcast address; the switch automatically excludes those.

The ip dhcp pool command uses a text string pool-name to define the pool or scope of addresses that will be offered. The network command identifies the IP subnet and subnet mask of the address range. The subnet should be identical to the one configured on the Layer 3 interface. In fact, the switch uses the network command to bind its DHCP server to the matching Layer 3 interface. By definition, the network and broadcast addresses for the subnet won’t be offered to any client. The default-router command identifies the default router address that will be offered to clients. Generally, the default router should be the IP address of the corresponding Layer 3 interface on the switch.

Finally, you can set the IP address lease duration with the lease command. By default, leases are offered with a 1 day limit.

In Example 12-1, a DHCP scope for the subnet has been configured. Addresses through are excluded to preserve them for future use.

Example 12-1 Configuring a DHCP Server with a Pool of Addresses

Switch(config)# interface vlan10
Switch(config-if)# ip address
Switch(config-if)# no shutdown
Switch(config-if)# exit
Switch(config)# ip dhcp excluded-address
Switch(config)# ip dhcp pool Users
Switch(dhcp-config)# network
Switch(dhcp-config)# default-router
Switch(dhcp-config)# exit

You can monitor the DHCP server address leases with the show ip dhcp binding command. Example 12-2 lists three IP addresses that have been assigned by the DHCP server configured in Example 12-1.

Example 12-2 Displaying Current DHCP Server Address Assignments

Switch# show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name         0100.50b6.5bc0.b5       Aug 31 2014 01:57 AM    Automatic         010c.8bfd.752e.c4       Aug 30 2014 12:03 AM    Automatic         010e.8bfd.752e.c0       Aug 30 2011 08:03 PM    Automatic

An address lease is normally released or cleared by the client that is using it. In some cases, you may need to clear an address binding manually with the following command. You can enter a specific IP address to be cleared or an asterisk to clear all address bindings.

Switch# clear ip dhcp binding {* | ip-address}

Configuring a Manual Address Binding

Not all clients and applications can operate with an IP address that might change over time because of the dynamic nature of DHCP address assignments. If a device requires an IP address that will always be assigned to it, you can configure a manual address binding on the DHCP server.

Define a manual binding just as you would a regular DHCP pool. The difference is that the manual binding “pool” consists of one IP address that you configure with the host ip-address subnet-mask command. When a client requests an address, it can be identified by its client identifier (DHCP requests) or its hardware MAC address (BOOTP requests), configured with the client-identifier or hardware-address commands, respectively.

Sometimes it can be difficult to know how to enter the appropriate client information in a manual binding. For example, you should use the client-identifier command for clients that request an address through DHCP. The client identifier is a string of hex digits arranged in groups of four, separated by dots. Typical identifier strings are shown in the list of address bindings in Example 12-2. Notice how they appear to be MAC addresses, but end with an extra pair of hex digits.

Client identifiers commonly consist of the digits 01 followed by the client’s MAC address. The 01 prefix, indicating that the client uses Ethernet, causes the dotted hex notation to appear shifted from the familiar form. In some cases, the client might send a different identifier string in its DHCP requests. If you find that the client does not pick up the address you are expecting (or none at all), you can use the debug ip dhcp server command to display detailed information about the client’s request.

In Example 12-3, a manual address binding is configured for the client, so that it always receives IP address The debug output displays the client MAC address (0050.b65b.c0b5) and its client identifier (0100.50b6.5bc0.b5).

Example 12-3 Finding a Client Identifier and Configuring a Manual Binding

Switch(config)# ip dhcp pool my-pc
Switch(dhcp-config)# host
Switch(dhcp-config)# client-identifier 0100.50b6.5bc0.b5
Switch(dhcp-config)# exit
Switch(config)# exit

Switch# debug ip dhcp server
Mar 31 02:40:35.528: DHCPD: Sending notification of DISCOVER:
Mar 31 02:40:35.528:   DHCPD: htype 1 chaddr 0050.b65b.c0b5
Mar 31 02:40:35.528:   DHCPD: interface = Vlan1
Mar 31 02:40:35.528:   DHCPD: class id 4d53465420352e30
Mar 31 02:40:35.528:   DHCPD: out_vlan_id 0
Mar 31 02:40:37.541: DHCPD: assigned IP address to client
0100.50b6.5bc0.b5. (2069 0)
Mar 31 02:40:37.541: DHCPD: DHCPOFFER notify setup address mask
Mar 31 02:40:37.541: DHCPD: Sending notification of ASSIGNMENT:
Mar 31 02:40:37.541:  DHCPD: address mask
Mar 31 02:40:37.541:   DHCPD: htype 1 chaddr 0050.b65b.c0b5
Mar 31 02:40:37.541:   DHCPD: lease time remaining (secs) = 86400
Mar 31 02:40:37.541:   DHCPD: interface = Vlan1
Mar 31 02:40:37.541:   DHCPD: out_vlan_id 0

Configuring DHCP Options

Client devices sometimes need more information beyond the basic set of IP address, subnet mask, gateway address, and lease time. Depending on the nature of the device, it might also need some bootstrap information so that it can find the address of a machine offering a needed service. You can accomplish this by specifying DHCP options as part of the DHCP server configuration.

You can configure a DHCP option in a DHCP pool with the following command:

Switch(dhcp-config)# option option-num value

The option-num parameter is the decimal number of a predefined DHCP option. Table 12-2 lists some common options and their functions. The option value can be one or more IP addresses, a string of hex digits, or other value.



Table 12-2 Common DHCP Options


Many more commands are available for configuring the DHCP server. For the CCNP SWITCH exam, try to keep things simple and know the basic structure of DHCP pool configuration, as previously shown.

Configuring a DHCP Relay


In a large network, you may encounter a DHCP server that is centrally located, rather than distributed on individual switches. In that case, you can configure the multilayer switch to relay DHCP messages between clients and the server, even if they are located on different VLANs or subnets.

First, configure a Layer 3 interface that is bound to the same VLAN as the client machines. This interface can be the default gateway for the clients and can act as a DHCP relay. Next, use the ip helper-address interface configuration command to identify the IP address of the actual DHCP server, as in the following example:

Switch(config)# interface vlan5
Switch(config-if)# ip address
Switch(config-if)# ip helper-address
Switch(config-if)# exit

As a DHCP relay, the switch will intercept the broadcast DHCP messages from the client and will forward them on to the server address as unicast messages. The switch keeps track of the subnet where the client messages arrived so that it can relay the DHCP server responses back appropriately.

You can configure more than one helper address by repeating the ip helper-address command with different addresses. In this case, the switch will relay each DHCP request from a client to each of the helper addresses simultaneously. If more than one server replies, each reply will be relayed back to the client and the client will have to choose one acceptable response.

Configuring DHCP to Support IPv6

In addition to traditional IPv4, Cisco Catalyst switches can support IPv6 addressing and routing, as well as DHCP services. IPv6 topics are normally covered in the Cisco CCNP ROUTE course and exam, but you might find DHCP support in the SWITCH course and exam.

As a quick review, recall that IPv4 addresses use 32 bits while IPv6 uses 128 bits. IPv6 leverages a vastly increased address space, removing the need for address translation within enterprise networks. In fact, IPv6 addresses are inherently globally unique.

IPv6 offers some very efficient and convenient mechanisms for devices to use when they join a network. By discovering a local IPv6 router, a device can learn about which address prefix to use and can generate its own globally unique address. To discover a neighboring router, the device can use a special link-local address.

Link-local addresses always begin with the IPv6 prefix FE80::/10. A device then appends its own interface identifier, which includes the MAC address. Even though the link-local address might seem unique, devices must always go through a duplicate address detection process to see if any other device might be using the same address. If the address proves to be unique, then a device can begin to discover any local routers that are connected to the local network segment. The link-local address provides a means to come online and learn about the Layer 3 surroundings—with very little intervention.

The ultimate goal for any IPv6 device joining a network is to find a globally unique address that it can use to communicate outside of the local link. In the IPv4 world, this can be done through static IP address configuration or dynamically through DHCP. IPv6 is somewhat different; a device can be configured with a static IPv6 address or it can obtain an address dynamically, but not normally through DHCP. The following sections describe the mechanisms that can be used to provide IPv6 addresses and parameters.


Remember that IPv6 addresses are always 128 bits long, represented by eight groups of four hex digits that are separated by colons. Leading 0s do not have to be shown. To shorten the address notation, you can replace one long string of consecutive 0s with a double colon. For example, the full address 3000:A120:000B:0000:0000:0000:0000:0021 can be rewritten as 3000:A120:B::21.

Stateless Autoconfiguration


A client can create a globally unique address by combining information advertised from a router with information from the client’s own network adapter. The router provides 64 bits from the Layer 3 subnet prefix, while the client appends a 64-bit EUI-64 interface ID. The interface ID consists of the upper half of the interface’s MAC address (24 bits), followed by the hex string FFFE (16 bits), followed by the lower half of the MAC address (24 bits).

As a result, a client can quickly join a network with a unique unicast IPv6 address with little intervention. The client can also pick up other necessary information from the router, like the default router address and the maximum transmission unit (MTU). Router advertisements are sent periodically or the client can request one on-demand to reduce the wait time.

This process is called stateless autoconfiguration or serverless client configuration. IPv6 addresses are determined on the fly, with no dependence upon a DHCP server at all, which greatly simplifies the client configuration. All of the necessary addressing information is found on the local IPv6 router, which is also very easy to configure. After you have identified a Layer 3 interface on a switch, configure an IPv6 address prefix on it with the ipv6 address interface configuration command. In Example 12-4, the VLAN 5 switch virtual interface (SVI) has been configured with IPv6 prefix 2001:db8a:000a:0000:0000:0000:0001.

Example 12-4 Configuring a Layer 3 Interface for IPv6 Stateless Autoconfiguration

Switch(config)# interface vlan 5
Switch(config-if)# ipv6 address 2001:db8:a::1/64
Switch(config-if)# no shutdown


Notice that stateless autoconfiguration provides only the most basic information a client needs to communicate: an IPv6 address, the IPv6 prefix, and the default router address. To get anything more, such as a domain name, DNS server address, and so on, a client must depend on a DHCP server.

Catalyst switches can function as a DHCPv6 server, which is compatible with IPv6. In order to use DHCPv6, clients must determine whether the service is available. Routers can indicate that DHCPv6 is offered in their router advertisements or a client can send a request asking for the service.


To configure DHCPv6, begin by defining an IPv6 address pool with the following global configuration command:

Switch(config)# ipv6 dhcp pool pool-name

If you intend for the DHCPv6 server to assign IPv6 addresses to client machines, specify the IPv6 address prefix for the scope with the following command:

Switch(config-dhcpv6)# address prefix ipv6-prefix


DHCPv6 does not allow you to exclude addresses as you can with DHCPv4. As well, you cannot configure manual address bindings with DHCPv6.

Within the DHCPv6 pool, you can assign any necessary options with the following commands:

Switch(config-dhcpv6)# dns-server dns-address
Switch(config-dhcpv6)# domain-name name

Finally, configure a Layer 3 interface with both an IPv6 address and the DHCPv6 pool with the following commands:

Switch(config)# interface type member/module/number
Switch(config-if)# ipv6 address ipv6-address
Switch(config-if)# ipv6 dhcp server pool-name
Switch(config-if)# no shutdown

In Example 12-5, a DHCPv6 pool named v6-users has been configured. The DHCPv6 pool has been bound to interface VLAN 5.

Example 12-5 Configuring a DHCPv6 Pool

Switch(config)# ipv6 dhcp pool v6-users
Switch(config-dhcpv6)# address prefix 2001:db8:a::/64
Switch(config-dhcpv6)# dns-server 2001:db8:c12::10
Switch(config-dhcpv6)# domain-name
Switch(config-dhcpv6)# exit
Switch(config)# interface vlan 5
Switch(config-if)# ipv6 address 2001:db8:a::1/64
Switch(config-if)# ipv6 dhcp server v6-users
Switch(config-if)# no shutdown

DHCPv6 Lite

Cisco also offers DHCPv6 Lite, which combines the simplicity of stateless autoconfiguration for address management with the DHCP option management function of DHCPv6.

You can configure DHCPv6 Lite by defining a DHCPv6 pool. However, you should omit the address prefix command from the pool so that clients cannot use DHCPv6 to obtain their addresses. The clients will rely on the normal stateless autoconfiguration using the IPv6 prefix that you have configured on the Layer 3 interface. The DHCPv6 pool should contain any options you would like to push out to the clients.

After you configure an IPv6 address prefix on the Layer 3 interface, you should reference the DHCPv6 pool and also enter the following interface configuration command. This will inform the clients that options are available via the DHCPv6 Lite server after stateless autoconfig yields a usable IPv6 address. The complete configuration is listed in Example 12-6.

Switch(config-if)# ipv6 nd other-config-flag

Example 12-6 Configuring DHCPv6 Lite

Switch(config)# ipv6 dhcp pool v6-users
Switch(config-dhcpv6)# dns-server 2001:db8:c12::10
Switch(config-dhcpv6)# domain-name
Switch(config-dhcpv6)# exit

Switch(config)# interface vlan 5
Switch(config-if)# ipv6 address 2001:db8:a::1/64
Switch(config-if)# ipv6 dhcp server v6-users
Switch(config-if)# ipv6 nd other-config-flag
Switch(config-if)# no shutdown

Configuring a DHCPv6 Relay Agent

Sometimes you might have a DHCPv6 server operating on an external machine that is located elsewhere in the network. Like DHCPv4, you can enable a DHCP relay agent on the Layer 3 interface. Use the following command to relay DHCPv6 requests between clients and the DHCPv6 server located at the IPv6 address.

Switch(config-if)# ipv6 dhcp relay destination ipv6-address

Verifying IPv6 DHCP Operation

Like DHCP for IPv4, you can monitor DHCPv6 address bindings with the show ipv6 dhcp pool and show ipv6 dhcp binding EXEC commands. Example 12-7 demonstrates these commands to show that there is one IPv6 client with an address binding.

Example 12-7 Displaying DHCPv6 Address Bindings

Switch# show ipv6 dhcp pool
DHCPv6 pool: v6-users
  Domain name:
  Active clients: 1
Switch# show ipv6 dhcp binding
Client: FE80::DA5:D707:B5F2:8E81 (Vlan1)
  DUID: 00010001194C482DC48508B164FD
  IA NA: IA ID 0x220050B6, T1 0, T2 0

You can also manually clear an address binding with the following EXEC command:

Switch# clear ipv6 dhcp binding {* | ipv6-address}

Exam Preparation Tasks

Review All Key Topics

Review the most important topics in the chapter, noted with the Key Topic icon in the outer margin of the page. Table 12-3 lists a reference of these key topics and the page numbers on which each is found.



Table 12-3 Key Topics for Chapter 12

Complete Tables and Lists from Memory

There are no memory tables in this chapter.

Define Key Terms

Define the following key terms from this chapter, and check your answers in the glossary:


DHCP relay

link-local address


stateless autoconfiguration

DHCPv6 Lite

Use Command Reference to Check Your Memory

This section includes the most important configuration and EXEC commands covered in this chapter. It might not be necessary to memorize the complete syntax of every command, but you should be able to remember the basic keywords that are needed.

To test your memory of the DHCP configuration and verification commands related to IPv4 and IPv6, use a piece of paper to cover the right side of Tables 12-4 and 12-5, respectively. Read the description on the left side, and then see how much of the command you can remember. Remember that the CCNP exam focuses on practical or hands-on skills that are used by a networking professional.


Table 12-4 DHCP Commands Related to IPv4


Table 12-5 DHCP Commands Related to IPv6