ip helper-address
IP HELPER-ADDRESS
The ip helper-address command is generally used to configure a DHCP Relay Agent on a Layer 3 interface on a Cisco IOS device.
The command enables a Cisco IOS device to act as a Relay Agent for any UDP service (such as DHCP) by forwarding broadcast UDP messages received on a particular subnet to a designated host on a different subnet.
A Layer 3 device such as a router or a core switch, may be connected to multiple subnets. On each of these subnets there may exist hosts that obtain their IP configuration via DHCP. These hosts send DHCP Discover messages encapsulated in broadcast frames (destination MAC address FF:FF:FF:FF:FF:FF) in order to contact a DHCP server and obtain an IP address.
Broadcast messages are not forwarded from one subnet to another by a router. In order for DHCP clients on each subnet to receive their IP configuration via DHCP, we would need to deploy a DHCP server on each subnet. This could quickly become expensive and cumbersome to manage as the number of subnets grows.
A more scalable solution would be to deploy a single DHCP server to serve clients on all the subnets - as long as we have some way of forwarding all the broadcast DHCP messages from all the different subnets to this single DHCP server.
The forwarding of broadcast DHCP messages from DHCP clients on one subnet to a designated DHCP server on a different subnet is accomplished by configuring an IP helper-address on the Layer 3 interface for the subnet that hosts the DHCP client.
This is best demonstrated with an example:
SW-CORE
|
DHCP-SRVR |
|||||||
In the scenario above there is a single Layer 3 switch (SW-CORE) that functions as a core switch for a network. The network comprises four subnets as follows:
- 172.16.10.0 /24: (VLAN 10 - a subnet that hosts computers)
- 172.16.20.0 /24: (VLAN 20 - a subnet that hosts printers)
- 172.16.30.0 /24: (VLAN 30 - a subnet that hosts IP phones)
- 172.16.40.0 /24: (VLAN 40 - a subnet that hosts servers)
SW-CORE (being a Layer 3 switch) has a Layer 3 interface configured for each VLAN and performs inter-VLAN routing to route traffic between the different subnets.
The Layer 3 interfaces on SW-CORE are configured with the first host IP address from the corresponding subnet:
- interface vlan 10: 172.16.10.1 /24
- interface vlan 20: 172.16.20.1 /24
- interface vlan 30: 172.16.30.1 /24
- interface vlan 40: 172.16.40.1 /24
The DHCP server is configured with the IP address 172.16.40.10 /24.
int vlan 10
172.16.10.1 /24 int vlan 20
172.16.20.1 /24 int vlan 40
172.16.40.1 /24 SW-CORE
172.16.30.1 /24
int vlan 30 |
DHCP-SRVR
172.16.40.10
|
|||||||
Here is a snippet of the relevant potion of the interface configuration on SW-CORE:
interface Vlan10
ip address 171.16.10.1 255.255.255.0
!
interface Vlan20
ip address 171.16.20.1 255.255.255.0
!
interface Vlan30
ip address 171.16.30.1 255.255.255.0
!
interface Vlan40
ip address 171.16.40.1 255.255.255.0
!
With the configuration shown above, broadcast messages on each subnet remains within the subnet. As a result, DHCP Discover messages from the computers (on VLAN 10), printers (on VLAN 20) and phones (on VLAN 30) never reach the DHCP server on VLAN 40.
The DHCP Discover broadcast messages from each of these 3 subnets (VLAN 10, 20 and 30) can be forwarded to the DHCP server by configuring an IP helper-address on interfaces vlan10, vlan20 and vlan30.
The format of the command is as follows:
ip helper-address <ip-address>
In our scenario, the helper-address is the IP address of the DHCP server: 172.16.40.10. We would configure this as follows:
The relevant portion of the running-config looks as follows:
interface Vlan10
ip address 171.16.10.1 255.255.255.0
ip helper-address 172.16.40.10
!
interface Vlan20
ip address 171.16.20.1 255.255.255.0
ip helper-address 172.16.40.10
!
interface Vlan30
ip address 171.16.30.1 255.255.255.0
ip helper-address 172.16.40.10
!
interface Vlan40
ip address 171.16.40.1 255.255.255.0
!
With the IP helper-addresses configured on interfaces vlan10, vlan20 and vlan30, DHCP Discover broadcast messages from DHCP clients on each of these 3 subnets will be forwarded to the DHCP server 172.16.40.10.
Multiple ip helper-addresses
Is it possible (or even necessary) to configure multiple helper addresses on an interface? As a matter of fact, it is possible to configure multiple ip helper addresses on a Layer 3 interface on a Cisco IOS device. There are a couple of reasons why we might want to do this. One reason would be to provide redundancy and load balancing - you could have multiple DHCP servers providing DHCP services for the same subnets. The other reason would be to have a different server for each UDP broadcast service that requires a Relay Agent configuration.
Other UDP based services
DHCP uses UDP as the Transport Layer (Layer 4) protocol and uses UDP ports 67 (server) and 68 (client). DHCP is not the only UDP-based service that is relayed using the ip helper-address command. When an ip helper-address is configured on a Layer 3 interface on a Cisco IOS device, by default, broadcast messages for all of the following services will be forwarded to the IP address(es) specified by the ip helper-address command:
- Time
- TACACS
- DNS
- BOOTP/DHCP
- TFTP
- NetBIOS
The DHCP Relay process is covered in detail in the following interactive course on this site: Course 6 - IP Services. The course features visual, animated explanations and hands-on interactive labs.
Want to test your networking skills with hands-on configuration and troubleshooting questions? Try out the Workshops section of this website here: Workshops (Login required).
Read how to use the device simulators on this website here: Workshops - General Instructions