Examples of DHCP

Example Of DHCP

Example 1: Using the DhcpRequestParams function

The following example illustrates how to retrieve the host name using

the DhcpRequestParams function call. The name of the adapter can be retrieved using

the GetInterfaceInfo structure, which is part of the Internet Protocol Helper API:C++

#include <windows.h>#include <dhcpcsdk.h>

#pragma comment( lib, "dhcpcsvc.lib" )

BOOL RetrieveHostName( IN LPWSTR pszAdapterName, IN OUT CHAR pszHostNameBuf[], // must be large enough buffer IN DWORD dwHostNameBufSize)/*++

Routine returns TRUE on success and FALSE on failure.

--*/{ DWORD dwError, dwSize; CHAR TmpBuffer[1000]; // host name won't be larger than this DHCPCAPI_PARAMS DhcpApiHostNameParams = { 0, // Flags OPTION_HOST_NAME, // OptionId FALSE, // vendor specific? NULL, // data filled in on return 0 // nBytes }; DHCPCAPI_PARAMS_ARRAY RequestParams = { 1, // only one option to request &DhcpApiHostNameParams };

DHCPCAPI_PARAMS_ARRAY SendParams = { 0, NULL };

dwSize = sizeof(TmpBuffer); dwError = DhcpRequestParams( DHCPCAPI_REQUEST_SYNCHRONOUS, // Flags NULL, // Reserved pszAdapterName, // Adapter Name NULL, // not using class id SendParams, // sent parameters RequestParams, // requesting params (PBYTE) TmpBuffer, // buffer &dwSize, // buffer size NULL // Request ID );

if( ERROR_MORE_DATA == dwError ) { // // dwSize is not large enough. // }

if( NO_ERROR == dwError ) {

// Check if the requested option was obtained.

if( DhcpApiHostNameParams.nBytesData ) {

// Check size with dwHostNameBufSize.

CopyMemory( pszHostNameBuf, DhcpApiHostNameParams.Data, DhcpApiHostNameParams.nBytesData ); pszHostNameBuf[DhcpApiHostNameParams.nBytesData] = '\0'; return TRUE; } }

return FALSE;}

Example 2: Using the DhcpRegisterParamChange function

The following code illustrates how the DhcpRegisterParamChange function can be

used to keep track of host name changes:C++

ULONG UpdateHostNameLoop( IN LPWSTR pszAdapterName, IN CHAR pszHostNameBuf[], IN ULONG dwHostBufSize){ DWORD dwError; HANDLE hEvent; DHCPCAPI_PARAMS DhcpApiHostNameParams = { 0, // Flags OPTION_HOST_NAME, // OptionId FALSE, // vendor specific? NULL, // data filled in on return 0 // nBytes }; DHCPCAPI_PARAMS_ARRAY DhcpApiParamsArray = { 1, // only one option to request &DhcpApiHostNameParams };

dwError = DhcpRegisterParamChange( DHCPCAPI_REGISTER_HANDLE_EVENT, // Flags NULL, // Reserved pszAdapterName, // adapter name NULL, // no class ID DhcpApiParamsArray, // params of interest (LPVOID)&hEvent // event handle );

if( ERROR_SUCCESS != dwError ) return dwError;

// Wait on event all the time.

while( WAIT_OBJECT_0 == WaitForSingleObject(hEvent, INFINITE) ) {

// Get host name and update it.

ResetEvent(hEvent);

dwError = RetrieveHostName(pszAdapterName, pszHostNameBuf, dwHostBufSize ); // Ignore this error.

break; }

// Wait failed or retrieve failed? De-register the event handle.

(void)DhcpDeRegisterParamChange( DHCPCAPI_REGISTER_HANDLE_EVENT, // Flags NULL, // Reserved (LPVOID) hEvent // event );

return dwError;}

Dynamic Addressing, using DHCP-Relay

Let us consider that you have several IP networks 'behind' other routers, but you want to keep all DHCP servers on a single router. To do this, you need a DHCP relay on your network which relies DHCP requests from clients to DHCP server.

This example will show you how to configure a DHCP server and a DHCP relay which serve 2 IP networks - 192.168.1.0/24 and 192.168.2.0/24 that are behind a router DHCP-Relay.

IP addresses of DHCP-Server:

[admin@DHCP-Server] ip address> printFlags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 192.168.0.1/24 192.168.0.0 192.168.0.255 To-DHCP-Relay 1 10.1.0.2/24 10.1.0.0 10.1.0.255 Public[admin@DHCP-Server] ip address>

IP addresses of DHCP-Relay:

[admin@DHCP-Relay] ip address> printFlags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 192.168.0.1/24 192.168.0.0 192.168.0.255 To-DHCP-Server 1 192.168.1.1/24 192.168.1.0 192.168.1.255 Local1

2 192.168.2.1/24 192.168.2.0 192.168.2.255 Local2[admin@DHCP-Relay] ip address>

To setup 2 DHCP Servers on DHCP-Server router add 2 pools. For networks 192.168.1.0/24 and 192.168.2.0:

/ip pool add name=Local1-Pool ranges=192.168.1.11-192.168.1.100/ip pool add name=Local1-Pool ranges=192.168.2.11-192.168.2.100[admin@DHCP-Server] ip pool> print # NAME RANGES 0 Local1-Pool 192.168.1.11-192.168.1.100 1 Local2-Pool 192.168.2.11-192.168.2.100[admin@DHCP-Server] ip pool>

Create DHCP Servers:

/ip dhcp-server add interface=To-DHCP-Relay relay=192.168.1.1 \ address-pool=Local1-Pool name=DHCP-1 disabled=no/ip dhcp-server add interface=To-DHCP-Relay relay=192.168.2.1 \ address-pool=Local2-Pool name=DHCP-2 disabled=no[admin@DHCP-Server] ip dhcp-server> printFlags: X - disabled, I - invalid # NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP 0 DHCP-1 To-DHCP-Relay 192.168.1.1 Local1-Pool 3d00:00:00 1 DHCP-2 To-DHCP-Relay 192.168.2.1 Local2-Pool 3d00:00:00[admin@DHCP-Server] ip dhcp-server>

Configure respective networks:

/ip dhcp-server network add address=192.168.1.0/24 gateway=192.168.1.1 \ dns-server=159.148.60.20/ip dhcp-server network add address=192.168.2.0/24 gateway=192.168.2.1 \ dns-server 159.148.60.20[admin@DHCP-Server] ip dhcp-server network> print # ADDRESS GATEWAY DNS-SERVER WINS-SERVER DOMAIN 0 192.168.1.0/24 192.168.1.1 159.148.60.20 1 192.168.2.0/24 192.168.2.1 159.148.60.20[admin@DHCP-Server] ip dhcp-server network>

Configuration of DHCP-Server is done. Now let's configure DHCP-Relay:

/ip dhcp-relay add name=Local1-Relay interface=Local1 \ dhcp-server=192.168.0.1 local-address=192.168.1.1 disabled=no/ip dhcp-relay add name=Local2-Relay interface=Local2 \ dhcp-server=192.168.0.1 local-address=192.168.2.1 disabled=no[admin@DHCP-Relay] ip dhcp-relay> printFlags: X - disabled, I - invalid # NAME INTERFACE DHCP-SERVER LOCAL-ADDRESS 0 Local1-Relay Local1 192.168.0.1 192.168.1.1 1 Local2-Relay Local2 192.168.0.1 192.168.2.1[admin@DHCP-Relay] ip dhcp-relay>

Vlan Examples

Security: Private vlan example

Vlan 100 is a community vlan, hosts within vlan 100 can communicate with one another. Vlan 200 is an isolated vlan, hosts within vlan 200 are not allowed to communicate with one another.

Private vlan

1. Before you start make sure the vtp mode is set to transparent.

2. The difference between private vlan and protected port is protected port is localized

within the switch itself, but private vlan can propagate among switches.

3. Private vlan consists of primary vlan and secondary vlan.

4. There are two types of secondary vlans namely isolated and community.

5. Hosts within the same community vlan can communicate with one another. Host

within the community vlan cannot communicate with hosts from a different community

and hosts from isolated vlan.

6. Hosts within isolated vlan cannot communicate among themselves.

7. Promiscuous port is the port that can access to community and isolated ports.

8. Community and isolated vlans do not have an instance for spanning-tree.

Step by Step

Step 1:Change vtp mode to transparent.

3560-2(config)#vtp mode transparent

Step1.1:Define your vlans.

3560-2(config)#vlan 99

3560-2(config-vlan)#name pri-vlan

3560-2(config)#vlan 100

3560-2(config-vlan)#name comm-vlan

3560-2(config-vlan)#vlan 200

3560-2(config-vlan)#name isolated-vlan

Step 2:Define your secondary vlans.


3560-2(config-vlan)#private-vlan community


3560-2(config-vlan)#private-vlan isolated

Step 3:Define your primary vlan and associate secondary vlans into this.


3560-2(config-vlan)#private-vlan primary

3560-2(config-vlan)#private-vlan association 100,200

Step 4:Define your port roles based on the above diagram.

3560-2(config)#int fa0/1

3560-2(config-if)#switchport mode private-vlan promiscuous

3560-2(config-if)#switchport private-vlan mapping 99 100,200

3560-2(config)#int range fa0/10 – 11

3560-2(config-if-range)#switchport mode private-vlan host

3560-2(config-if-range)#switchport private-vlan host-association 99 100

3560-2(config)#int range fa0/20 – 21

3560-2(config-if-range)#switchport mode private-vlan host

3560-2(config-if-range)#switchport private-vlan host-association 99 200

IEEE 802.1Q VLAN Configuration

The VLAN configuration example for the ML100T-12 shown in Figure 8-2 depicts the following VLANs:

• Fast Ethernet subinterface 0.1 is in the IEEE 802.1Q native VLAN 1.

• Fast Ethernet subinterface 0.2 is in the IEEE 802.1Q VLAN 2.



Figure 8-2 Bridging IEEE 802.1Q VLANs

Example 8-1 shows how to configure VLANs for IEEE 802.1Q VLAN encapsulation. Use this configuration for both router A and router B. The example is shown in Figure 8-2 :

Example 8-1 Configure VLANs for IEEE 802.1Q VLAN Encapsulation

bridge 1 protocol ieeebridge 2 protocol ieeebridge 3 protocol ieeebridge 4 protocol ieee!!interface FastEthernet0no ip address!interface FastEthernet0.1

encapsulation dot1Q 1 nativebridge-group 1!interface FastEthernet0.2encapsulation dot1Q 2bridge-group 2!interface FastEthernet0.3encapsulation dot1Q 3bridge-group 3!interface FastEthernet0.4encapsulation dot1Q 4bridge-group 4!interface POS0no ip addresscrc 32pos flag c2 1!interface POS0.1encapsulation dot1Q 1 nativebridge-group 1!interface POS0.2encapsulation dot1Q 2bridge-group 2!interface POS0.3encapsulation dot1Q 3bridge-group 3!interface POS0.4encapsulation dot1Q 4bridge-group 4

Configuration

Our first steps here are to configure the primary and secondary vlans. Each vlan is

configured using the VLAN configuration command private-vlan [type]. Once

configured, we head back to the primary VLAN and bind the secondary vlans to it using

the private-vlan association [vlan list] command.

SW1(config)#vlan 100

SW1(config-vlan)#private-vlan primary

SW1(config-vlan)#vlan 101

SW1(config-vlan)#private-vlan community


SW1(config-vlan)#private-vlan isolated


SW1(config-vlan)#private-vlan association 101,102

Now, we need to bind our switch ports to their respective PVLANs. Please note that a

host port belongs to multiple VLANs at the same time: downstream primary and

upstream (isloated/community/promiscuous) secondary.

SW1(config)#interface fa0/10

SW1(config-if)#switchport mode private-vlan host

SW1(config-if)#switchport private-vlan host-association 100 101

SW1(config-if)#interface fa0/11










SW1(config-if)#switchport mode private-vlan promiscuous

SW1(config-if)#switchport private-vlan mapping 100 add 101,102

And finally our verification.

SW1#sh vlan private-vlan

Primary Secondary Type Ports

------- --------- ----------------- ---------------------

100 101 isolated Fa0/10, Fa0/11, Fa0/1

100 102 community Fa0/20, Fa0/21, Fa0/1

SW1#sh vlan private-vlan type

Vlan Type

---- -----------------

100 primary

101 isolated

102 community

Example of DHCP and VLan

Providing DHCP to multiple VLANs from one serverSuppose you have a network with multiple VLANs, each with its own subnet, and you

want your DHCP server(s) to serve addresses and configuration to all subnets (or at

least more than one of them). The problem normally is that broadcast traffic (such as

DHCP requests from clients) cannot traverse broadcast domains, which is exactly what

VLAN separation does: limit broadcast domains.

There’s basically three solutions: the first is to provide a single DHCP server with a

network interface in each VLAN. This will work fine for a very limited number of VLANs,

but is not very effective for larger numbers of VLANs and it’s also not very flexible.

Every new VLAN requires an extra NIC, cabling, etc.

The second solution is to provide each VLAN with its own DHCP server. This is not very

flexible either and eats lots of resources per VLAN and adds a lot of management

complexity.

The third solution adds flexibility, ease of management and does not require a major

investment in separate servers. What you do need however is a Layer3 switch in stead

of a Layer2 model. The reason for this is that the switch has to be capable to route, or

more accurately: re-route IP packets.

To enable a single DHCP server to serve multiple subnets, one per VLAN, you can

configure your switch (both Cisco and HP Layer3 switches can do this, and probably

most other brands as well) with an ‘IP helper’. An IP helper address tells the switch to

forward certain types of broadcasts (like DHCP requests, TFTP requests and DNS

requests) via unicast to the IP address(es) configured. An example:

Here the DHCP server is using address 10.0.1.5 in VLAN 1, on subnet 10.0.1.0 /24. The

two clients are on separate VLANs 2 and 3 with subnets 10.0.2.0 /24 and 10.0.3.0 /24

respectively. In this case, we need the switch that receives the DHCP requests

broadcast from the clients to forward the requests to the DHCP server. To do this, we

add the IP address of the server to the different VLAN interfaces as the IP helper:

interface vlan 1

ip address 10.0.1.1 255.255.255.0

interface vlan 2

ip address 10.0.2.1 255.255.255.0

ip helper-address 10.0.1.5

interface vlan 3

ip address 10.0.3.1 255.255.255.0

ip helper-address 10.0.1.5

The switch will now forward the request broadcasts to the DHCP server. If the DHCP

server has been configured with separate ranges for each subnet, the right answer will

be sent back by it to the switch and then forwarded to the client.

Project In Itna02

Submitted by: Manuel O. Chan

Submitted to: Sir. Jhay-ar

Documents

Examples of DHCP