H3C S12500R Switch Router Series
Cross-Subnet Dynamic IP Address
Configuration Examples

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Contents

Introduction· 1

Prerequisites· 1

Example: Configuring cross-subnet dynamic IP address allocation· 1

Network configuration· 1

Analysis· 2

Software versions used· 2

Restrictions and guidelines· 2

Procedures· 3

Configuring Device A· 3

Configuring Device B· 4

Verifying the configuration· 5

Configuration files· 6

Related documentation· 7

 

Introduction

This document provides examples for configuring cross-subnet dynamic IP address allocation.

Prerequisites

The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.

This document assumes that you have basic knowledge of DHCP.

Example: Configuring cross-subnet dynamic IP address allocation

Network configuration

As shown in Figure 1, a company's branches are on a different subnet from the headquarters. Device A acts as the gateway of the headquarters and Device B acts as the gateway for the branches.

Configure DHCP server on Device A to meet the following requirements:

·     The hosts at the headquarters obtain IP addresses in the range of 10.1.1.2 to 10.1.1.100.

·     The hosts at branch 1 obtain IP addresses in the range of 10.1.3.2 to 10.1.3.48. The hosts at branch 2 obtain IP addresses in the range of 10.1.3.49 to 10.1.3.100.

·     The hosts at the headquarters and branches obtain the DNS server address, the TFTP server address, the domain name suffix, and the gateway address through DHCP.

Configure DHCP relay agent on Device B to meet the following requirements:

·     The hosts at the branches obtain IP addresses and other configuration parameters from the DHCP server.

·     The hosts at the branches cannot access the network by using manually configured IP addresses.

·     The hosts at each branch obtain IP addresses from the address range assigned to the branch.

Figure 1 Network diagram

 

Table 1 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Device A	HGE1/0/1	10.1.1.1/24	Device B	Vlan-int3	10.1.3.1/24
	HGE1/0/2	10.1.2.1/24		HGE1/0/2	10.1.2.2/24

 

Analysis

To meet the network requirements, you must perform the following tasks:

·     Exclude the IP addresses of the DNS server and TFTP server from dynamic address allocation to prevent them from being assigned to hosts.

·     To prevent the hosts at the branches from using manually configured IP addresses to access the network, perform the following tasks:

¡     Enable the DHCP relay agent to record client information in DHCP relay entries.

¡     Enable IP source guard to filter incoming packets based on the DHCP relay entries.

·     To make sure the hosts in each branch obtain IP addresses from the address range assigned to the branch, perform the following tasks:

¡     Configure Option 82 on the DHCP relay agent.

¡     Create DHCP user classes for the branches and configure match rules based on Option 82 to match the branches on the DHCP server.

Software versions used

This configuration example was created and verified on Release 3606.

Restrictions and guidelines

By default, interfaces on the device are disabled (in ADM or Administratively Down state). To have an interface operate, you must use the undo shutdown command to enable that interface.

To ensure correct DHCP address allocation by using Option 82, you must perform Option 82 configuration on both the DHCP server and the DHCP relay agent.

Procedures

Configuring Device A

# Assign an IP address to HundredGigE 1/0/2.

<DeviceA> system-view

[DeviceA] interface hundredgige 1/0/2

[DeviceA-HundredGigE1/0/2] ip address 10.1.2.1 24

[DeviceA-HundredGigE1/0/2]] quit

# Assign an IP address to HundredGigE 1/0/1.

[DeviceA] interface hundredgige 1/0/1

[DeviceA-HundredGigE1/0/1] ip address 10.1.1.1 24

[DeviceA-HundredGigE1/0/1] quit

# Enable DHCP.

[DeviceA] dhcp enable

# Enable DHCP server on HundredGigE 1/0/2.

[DeviceA] interface hundredgige 1/0/2

[DeviceA-HundredGigE1/0/2] dhcp select server

[DeviceA-HundredGigE1/0/2] quit

# Enable DHCP server on HundredGigE 1/0/1.

[DeviceA] interface hundredgige 1/0/1

[DeviceA-HundredGigE1/0/1] dhcp select server

[DeviceA-HundredGigE1/0/1] quit

# Create IP address pool 1.

[DeviceA] ip pool 1

# Specify the subnet and address range for dynamic address allocation.

[DeviceA-ip-pool-1] network 10.1.1.0 mask 255.255.255.0

[DeviceA-ip-pool-1] address range 10.1.1.2 10.1.1.100

# Specify the DNS server address, TFTP server address, domain name suffix, and gateway address to be assigned to clients.

[DeviceA-ip-pool-1] dns-list 10.1.1.3

[DeviceA-ip-pool-1] tftp-server ip-address 10.1.1.4

[DeviceA-ip-pool-1] domain-name com

[DeviceA-ip-pool-1] gateway-list 10.1.1.1

# Exclude the IP addresses of the DNS server and TFTP server from dynamic address allocation.

[DeviceA-ip-pool-1] forbidden-ip 10.1.1.3 10.1.1.4

[DeviceA-ip-pool-1] quit

# Apply the IP address pool to HundredGigE 1/0/1.

[DeviceA] interface hundredgige 1/0/1

[DeviceA-HundredGigE1/0/1] dhcp server apply ip-pool 1

[DeviceA-HundredGigE1/0/1] quit

# Create DHCP user class aa for the hosts at branch 1. Configure a match rule to match DHCP requests in which the fifth and sixth bytes of Option 82 are 0x0001. The string 0x0001 indicates that the clients are connected to interface HundredGigE 1/0/1.

[DeviceA] dhcp class aa

[DeviceA-dhcp-class-aa] if-match option 82 hex 0001 offset 4 length 2

[DeviceA-dhcp-class-aa] quit

# Create DHCP user class bb for the hosts at branch 2. Configure a match rule to match DHCP requests in which the fifth and sixth bytes of Option 82 are 0x0003. The string 0x0003 indicates that the clients are connected to interface HundredGigE 1/0/3.

[DeviceA] dhcp class bb

[DeviceA-dhcp-class-bb] if-match option 82 hex 0003 offset 4 length 2

[DeviceA-dhcp-class-bb] quit

# Create iP address pool 2.

[DeviceA] ip pool 2

# Specify the subnet for dynamic address allocation.

[DeviceA-ip-pool-2] network 10.1.3.0 mask 255.255.255.0

# Specify address range 10.1.3.2 to 10.1.3.48 for DHCP user class aa.

[DeviceA-ip-pool-2] class aa range 10.1.3.2 10.1.3.48

# Specify address range 10.1.3.49 to 10.1.3.100 for DHCP user class bb.

[DeviceA-ip-pool-2] class bb range 10.1.3.49 10.1.3.100

# Specify the DNS server address, TFTP server address, domain name suffix, and gateway address to be assigned to clients.

[DeviceA-ip-pool-2] tftp-server ip-address 10.1.1.4

[DeviceA-ip-pool-2] dns-list 10.1.1.3

[DeviceA-ip-pool-2] domain-name com

[DeviceA-ip-pool-2] gateway-list 10.1.3.1

[DeviceA-ip-pool-2] quit

# Apply the DHCP address pool to HundredGigE 1/0/2.

[DeviceA] interface hundredgige 1/0/2

[DeviceA-HundredGigE1/0/2] dhcp server apply ip-pool 2

[DeviceA-HundredGigE1/0/2] quit

# Configure a static route to subnet 10.1.3.0/24.

[DeviceA] ip route-static 10.1.3.0 24 10.1.2.2

Configuring Device B

# Assign an IP address to HundredGigE 1/0/2.

<DeviceB> system-view

[DeviceB] interface hundredgige 1/0/2

[DeviceB-HundredGigE1/0/2] ip address 10.1.2.2 24

[DeviceB-HundredGigE1/0/2] quit

# Assign an IP address to VLAN-interface 3.

[DeviceB] interface hundredgige 1/0/1

[DeviceB-HundredGigE1/0/1] port link-mode bridge

[DeviceB-HundredGigE1/0/1] quit

[DeviceB] interface hundredgige 1/0/3

[DeviceB-HundredGigE1/0/3] port link-mode bridge

[DeviceB-HundredGigE1/0/3] quit

[DeviceB] vlan 3

[DeviceB-vlan3] port hundredgige 1/0/1

[DeviceB-vlan3] port hundredgige 1/0/3

[DeviceB-vlan3] quit

[DeviceB] interface vlan-interface 3

[DeviceB-Vlan-interface3] ip address 10.1.3.1 24

[DeviceB-Vlan-interface3] quit

# Enable DHCP.

[DeviceB] dhcp enable

# Enable DHCP relay agent on VLAN-interface 3.

[DeviceB] interface vlan-interface 3

[DeviceB-Vlan-interface3] dhcp select relay

# Specify the IP address of the DHCP server.

[DeviceB-Vlan-interface3] dhcp relay server-address 10.1.2.1

# Enable the DHCP relay agent to support Option 82.

[DeviceB-Vlan-interface3] dhcp relay information enable

[DeviceB-Vlan-interface3] quit

# Enable recording of client information in DHCP relay entries.

[DeviceB] dhcp relay client-information record

# Enable IPv4 source guard on VLAN-interface 3 to filter incoming packets by source IPv4 addresses and source MAC addresses.

[DeviceB] interface vlan-interface 3

[DeviceB-Vlan-interface3] ip verify source ip-address mac-address

[DeviceB-Vlan-interface3] quit

# Configure a static route to subnet 10.1.1.0/24.

[DeviceB] ip route-static 10.1.1.0 24 10.1.2.1

Verifying the configuration

# Verify that the IP address 10.1.3.3 has been assigned to a client.

<DeviceA> display dhcp server ip-in-use ip 10.1.3.3

IP address       Client identifier/    Lease expiration      Type

                 Hardware address

10.1.3.3         0033-6365-352e-6136-  Jan  2 00:34:02 2016  Auto(C)

                 6466-2e65-3133-392d-

                 5465-6e2d-4769-6761-

                 6269-7445-7468-6572-

                 6e65-7431-2f30-2f35-

                 31

# Verify that the hosts at each branch can obtain IP addresses from the address range assigned to the branch. This example uses a host at branch 2.

C:\Documents and Settings\aa>ipconfig

 

Windows IP Configuration

 

Ethernet adapter aa:

 

        Connection-specific DNS Suffix  . : domain-name com

        IP Address. . . . . . . . . . . . : 10.1.3.3

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        IPv6 Address. . . . . . . . . . . : fe80::20f:3dff:fe80:2b38%4

        Default Gateway . . . . . . . . . : 10.1.3.1

# Manually assign IP address 10.1.3.87 to a host at branch 2, and verify that the host cannot access the TFTP server. (Details not shown.)

Configuration files

·     Device A:

#

 dhcp enable

#

dhcp class aa

 if-match rule 1 option 82 hex 0001 offset 4 length 2

#

dhcp class bb

 if-match rule 1 option 82 hex 0003 offset 4 length 2

#

ip pool 1

 network 10.1.1.0 mask 255.255.255.0

 address range 10.1.1.2 10.1.1.100

 dns-list 10.1.1.3

 domain-name com

 forbidden-ip 10.1.1.3

 forbidden-ip 10.1.1.4

 gateway-list 10.1.1.1

 tftp-server ip-address 10.1.1.4

#

ip pool 2

 network 10.1.3.0 mask 255.255.255.0

 class aa range 10.1.3.2 10.1.3.48

 class bb range 10.1.3.49 10.1.3.100

 dns-list 10.1.1.3

 domain-name com

 gateway-list 10.1.3.1

 tftp-server ip-address 10.1.1.4

#

interface HundredGigE1/0/2

 ip address 10.1.2.1 255.255.255.0

 dhcp server apply ip-pool 2

#

interface HundredGigE1/0/1

 ip address 10.1.1.1 255.255.255.0

 dhcp server apply ip-pool 1

#

ip route-static 10.1.3.0 24 10.1.2.2

#

·     Device B:

#

 dhcp enable

 dhcp relay client-information record

#

vlan 3

#

interface HundredGigE1/0/2

 ip address 10.1.2.2 255.255.255.0

#

interface Vlan-interface3

 ip address 10.1.3.1 255.255.255.0

 dhcp select relay

 dhcp relay information enable

 dhcp relay server-address 10.1.2.1

 ip verify source ip-address mac-address

#

interface HundredGigE1/0/1

 port link-mode bridge

 port access vlan 3

#

interface HundredGigE1/0/2

 port link-mode bridge

 port access vlan 2

#

interface HundredGigE1/0/3

 port link-mode bridge

 port access vlan 3

#

ip route-static 10.1.1.0 24 10.1.2.1

#

Related documentation

·     H3C S12500R Switch Router Series Layer 3—IP Services Configuration Guide-R3606

·     H3C S12500R Switch Router Series Layer 3—IP Services Command Reference-R3606

·     H3C S12500R Switch Router Series Layer 3—IP Routing Configuration Guide-R3606

·     H3C S12500R Switch Router Series Layer 3—IP Routing Command Reference-R3606