Contents

Introduction· 1

Prerequisites· 1

Example: Configuring cross-subnet dynamic IP address allocation· 1

Network configuration· 1

Analysis· 2

Applicable hardware and software versions· 2

Restrictions and guidelines· 3

Procedures· 3

Configuring Device A· 3

Configuring Device B· 5

Verifying the configuration· 5

Configuration files· 6

 

Introduction

This document provides examples for configuring cross-subnet dynamic IP address allocation.

Prerequisites

The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.

This document assumes that you have basic knowledge of DHCP.

Example: Configuring cross-subnet dynamic IP address allocation

Network configuration

As shown in Figure 1, a company's branches are on a different subnet from the headquarters. Device A acts as the gateway of the headquarters and Device B acts as the gateway for the branches.

Configure DHCP server on Device A to meet the following requirements:

·     The hosts at the headquarters obtain IP addresses in the range of 10.1.1.2 to 10.1.1.100.

·     The hosts at branch 1 obtain IP addresses in the range of 10.1.3.2 to 10.1.3.48. The hosts at branch 2 obtain IP addresses in the range of 10.1.3.49 to 10.1.3.100.

·     The hosts at the headquarters and branches obtain the DNS server address, the TFTP server address, the domain name suffix, and the gateway address through DHCP.

Configure DHCP relay agent on Device B to meet the following requirements:

·     The hosts at the branches obtain IP addresses and other configuration parameters from the DHCP server.

·     The hosts at the branches cannot access the network by using manually configured IP addresses.

·     The hosts at each branch obtain IP addresses from the address range assigned to the branch.

Figure 1 Network diagram

 

Table 1 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Device A	Vlan-int3	10.1.1.1/24	Device B	Vlan-int3	10.1.3.1/24
	Vlan-int2	10.1.2.1/24		Vlan-int2	10.1.2.2/24

 

Analysis

To meet the network requirements, you must perform the following tasks:

·     Exclude the IP addresses of the DNS server and TFTP server from dynamic address allocation to prevent them from being assigned to hosts.

·     To prevent the hosts at the branches from using manually configured IP addresses to access the network, perform the following tasks:

¡     Enable the DHCP relay agent to record client information in DHCP relay entries.

¡     Enable IP source guard to filter incoming packets based on the DHCP relay entries.

·     To make sure the hosts in each branch obtain IP addresses from the address range assigned to the branch, perform the following tasks:

¡     Configure Option 82 on the DHCP relay agent.

¡     Create DHCP user classes for the branches and configure match rules based on Option 82 to match the branches on the DHCP server.

Applicable hardware and software versions

The following matrix shows the hardware and software versions to which this configuration example is applicable:

 

Hardware	Software version
S6520X-HI switch series S6520X-EI switch series	Supported in Release 1110P01
S6520X-SI switch series S6520-SI switch series S5000-EI switch series MS4600 switch series	Supported in Release 1110P01

 

Restrictions and guidelines

To ensure correct DHCP address allocation by using Option 82, you must perform Option 82 configuration on both the DHCP server and the DHCP relay agent.

Procedures

Configuring Device A

# Assign Ten-GigabitEthernet 1/0/2 to VLAN 2.

<DeviceA> system-view

[DeviceA] vlan 2

[DeviceA-vlan2] port ten-gigabitethernet 1/0/2

[DeviceA-vlan2] quit

# Assign an IP address to VLAN-interface 2.

[DeviceA] interface vlan-interface 2

[DeviceA-Vlan-interface2] ip address 10.1.2.1 24

[DeviceA-Vlan-interface2] quit

# Assign Ten-GigabitEthernet 1/0/1 to VLAN 3.

[DeviceA] vlan 3

[DeviceA-vlan3] port ten-gigabitethernet 1/0/1

[DeviceA-vlan3] quit

# Assign an IP address to VLAN-interface 3.

[DeviceA] interface vlan-interface 3

[DeviceA-Vlan-interface3] ip address 10.1.1.1 24

[DeviceA-Vlan-interface3] quit

# Enable DHCP.

[DeviceA] dhcp enable

# Enable DHCP server on VLAN-interface 2.

[DeviceA] interface vlan-interface 2

[DeviceA-Vlan-interface2] dhcp select server

[DeviceA-Vlan-interface2] quit

# Enable DHCP server on VLAN-interface 3.

[DeviceA] interface vlan-interface 3

[DeviceA-Vlan-interface3] dhcp select server

[DeviceA-Vlan-interface3] quit

# Create DHCP address pool 1.

[DeviceA] dhcp server ip-pool 1

# Specify the subnet and address range for dynamic address allocation.

[DeviceA-dhcp-pool-1] network 10.1.1.0 mask 255.255.255.0

[DeviceA-dhcp-pool-1] address range 10.1.1.2 10.1.1.100

# Specify the DNS server address, TFTP server address, domain name suffix, and gateway address to be assigned to clients.

[DeviceA-dhcp-pool-1] dns-list 10.1.1.3

[DeviceA-dhcp-pool-1] tftp-server ip-address 10.1.1.4

[DeviceA-dhcp-pool-1] domain-name com

[DeviceA-dhcp-pool-1] gateway-list 10.1.1.1

# Exclude the IP addresses of the DNS server and TFTP server from dynamic address allocation.

[DeviceA-dhcp-pool-1] forbidden-ip 10.1.1.3 10.1.1.4

[DeviceA-dhcp-pool-1] quit

# Apply the DHCP address pool to VLAN-interface 3.

[DeviceA] interface vlan-interface 3

[DeviceA-Vlan-interface3] dhcp server apply ip-pool 1

[DeviceA-Vlan-interface3] quit

# Create DHCP user class aa for the hosts at branch 1. Configure a match rule to match DHCP requests in which the fifth and sixth bytes of Option 82 are 0x0001. The string 0x0001 indicates that the clients are connected to interface Ten-GigabitEthernet 1/0/1.

[DeviceA] dhcp class aa

[DeviceA-dhcp-class-aa] if-match option 82 hex 0001 offset 4 length 2

[DeviceA-dhcp-class-aa] quit

# Create DHCP user class bb for the hosts at branch 2. Configure a match rule to match DHCP requests in which the fifth and sixth bytes of Option 82 are 0x0003. The string 0x0003 indicates that the clients are connected to interface Ten-GigabitEthernet 1/0/3.

[DeviceA] dhcp class bb

[DeviceA-dhcp-class-bb] if-match option 82 hex 0003 offset 4 length 2

[DeviceA-dhcp-class-bb] quit

# Create DHCP address pool 2.

[DeviceA] dhcp server ip-pool 2

# Specify the subnet for dynamic address allocation.

[DeviceA-dhcp-pool-2] network 10.1.3.0 mask 255.255.255.0

# Specify address range 10.1.3.2 to 10.1.3.48 for DHCP user class aa.

[DeviceA-dhcp-pool-2] class aa range 10.1.3.2 10.1.3.48

# Specify address range 10.1.3.49 to 10.1.3.100 for DHCP user class bb.

[DeviceA-dhcp-pool-2] class bb range 10.1.3.49 10.1.3.100

# Specify the DNS server address, TFTP server address, domain name suffix, and gateway address to be assigned to clients.

[DeviceA-dhcp-pool-2] tftp-server ip-address 10.1.1.4

[DeviceA-dhcp-pool-2] dns-list 10.1.1.3

[DeviceA-dhcp-pool-2] domain-name com

[DeviceA-dhcp-pool-2] gateway-list 10.1.3.1

[DeviceA-dhcp-pool-2] quit

# Apply the DHCP address pool to VLAN-interface 2.

[DeviceA] interface vlan-interface 2

[DeviceA-Vlan-interface2] dhcp server apply ip-pool 2

[DeviceA-Vlan-interface2] quit

# Configure a static route to subnet 10.1.3.0/24.

[DeviceA] ip route-static 10.1.3.0 24 10.1.2.2

Configuring Device B

# Assign Ten-GigabitEthernet 1/0/2 to VLAN 2.

<DeviceB> system-view

[DeviceB] vlan 2

[DeviceB-vlan2] port ten-gigabitethernet 1/0/2

[DeviceB-vlan2] quit

# Assign an IP address to VLAN-interface 2.

[DeviceB] interface vlan-interface 2

[DeviceB-Vlan-interface2] ip address 10.1.2.2 24

[DeviceB-Vlan-interface2] quit

# Assign Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/3 to VLAN 3.

[DeviceB] vlan 3

[DeviceB-vlan3] port ten-gigabitethernet 1/0/1

[DeviceB-vlan3] port ten-gigabitethernet 1/0/3

[DeviceB-vlan3] quit

# Assign an IP address to VLAN-interface 3.

[DeviceB] interface vlan-interface 3

[DeviceB-Vlan-interface3] ip address 10.1.3.1 24

[DeviceB-Vlan-interface3] quit

# Enable DHCP.

[DeviceB] dhcp enable

# Enable DHCP relay agent on VLAN-interface 3.

[DeviceB] interface vlan-interface 3

[DeviceB-Vlan-interface3] dhcp select relay

# Specify the IP address of the DHCP server.

[DeviceB-Vlan-interface3] dhcp relay server-address 10.1.2.1

# Enable the DHCP relay agent to support Option 82.

[DeviceB-Vlan-interface3] dhcp relay information enable

[DeviceB-Vlan-interface3] quit

# Enable recording of client information in DHCP relay entries.

[DeviceB] dhcp relay client-information record

# Enable IPv4 source guard on VLAN-interface 3 to filter incoming packets by source IPv4 addresses and source MAC addresses.

[DeviceB] interface vlan-interface 3

[DeviceB-Vlan-interface3] ip verify source ip-address mac-address

[DeviceB-Vlan-interface3] quit

# Configure a static route to subnet 10.1.1.0/24.

[DeviceB] ip route-static 10.1.1.0 24 10.1.2.1

Verifying the configuration

# Verify that the IP address 10.1.3.3 has been assigned to a client.

<DeviceA> display dhcp server ip-in-use ip 10.1.3.3

IP address       Client identifier/    Lease expiration      Type

                 Hardware address

10.1.3.3         0033-6365-352e-6136-  Jan  2 00:34:02 2016  Auto(C)

                 6466-2e65-3133-392d-

                 5465-6e2d-4769-6761-

                 6269-7445-7468-6572-

                 6e65-7431-2f30-2f35-

                 31

# Verify that the hosts at each branch can obtain IP addresses from the address range assigned to the branch. This example uses a host at branch 2.

C:\Documents and Settings\aa>ipconfig

 

Windows IP Configuration

 

Ethernet adapter aa:

 

        Connection-specific DNS Suffix  . : domain-name com

        IP Address. . . . . . . . . . . . : 10.1.3.3

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        IPv6 Address. . . . . . . . . . . : fe80::20f:3dff:fe80:2b38%4

        Default Gateway . . . . . . . . . : 10.1.3.1

# Manually assign IP address 10.1.3.87 to a host at branch 2, and verify that the host cannot access the TFTP server. (Details not shown.)

Configuration files

·     Device A:

#

 dhcp enable

#

vlan 2 to 3

#

dhcp class aa

 if-match option 82 hex 0001 offset 4 length 2

#

dhcp class bb

 if-match option 82 hex 0003 offset 4 length 2

#

dhcp server ip-pool 1

 network 10.1.1.0 mask 255.255.255.0

 address range 10.1.1.2 10.1.1.100

 dns-list 10.1.1.3

 domain-name com

 forbidden-ip 10.1.1.3

 forbidden-ip 10.1.1.4

 gateway-list 10.1.1.1

 tftp-server ip-address 10.1.1.4

#

dhcp server ip-pool 2

 network 10.1.3.0 mask 255.255.255.0

 class aa range 10.1.3.2 10.1.3.48

 class bb range 10.1.3.49 10.1.3.100

 dns-list 10.1.1.3

 domain-name com

 gateway-list 10.1.3.1

 tftp-server ip-address 10.1.1.4

#

interface Vlan-interface2

 ip address 10.1.2.1 255.255.255.0

 dhcp server apply ip-pool 2

#

interface Vlan-interface3

 ip address 10.1.1.1 255.255.255.0

 dhcp server apply ip-pool 1

#

interface Ten-GigabitEthernet1/0/1

 port link-mode bridge

 port access vlan 3

#

interface Ten-GigabitEthernet1/0/2

 port link-mode bridge

 port access vlan 2

#

ip route-static 10.1.3.0 24 10.1.2.2

#

·     Device B:

#

 dhcp enable

 dhcp relay client-information record

#

vlan 2 to 3

#

interface Vlan-interface2

 ip address 10.1.2.2 255.255.255.0

#

interface Vlan-interface3

 ip address 10.1.3.1 255.255.255.0

 dhcp select relay

 dhcp relay information enable

 dhcp relay server-address 10.1.2.1

 ip verify source ip-address mac-address

#

interface Ten-GigabitEthernet1/0/1

 port link-mode bridge

 port access vlan 3

#

interface Ten-GigabitEthernet1/0/2

 port link-mode bridge

 port access vlan 2

#

interface Ten-GigabitEthernet1/0/3

 port link-mode bridge

 port access vlan 3

#

ip route-static 10.1.1.0 24 10.1.2.1

#