10. DHCP

Dynamic Host Configuration Protocol (DHCPv4)
- Allocate IP address to end devices
  - automatic (fix)
  - dynamic
- DHCPDISCOVER (broadcast)
- DHCPOFFER (unicast)
- DHCPREQUEST (broadcast)
- DHCPACK (unicast)
Lease Renewal
- DHCPREQUEST (unicast)
- DHCPACK (unicast)
Configuration
- Excluding IPv4 Addresses
- Configuring a DHCPv4 Pool
  - Configuring network address, subnet mask, default gateway, dns, domain-name
- show ip dhcp binding
- Router as client
  - interface
    ip address dhcp
DHCP Relay
- Forward DHCPv4 broadcasts to the DHCPv4 server
- interface
  - ip helper-address destination-ip-of-dhcp-server
IPv6
- SLAAC
- DHCPv6
DHCPv6
- Stateless
  - ipv6 nd other-config-flag
- Stateful
  - ipv6 nd managed-config-flag
DHCPv6 Message
- DHCPv6 SOLICIT (FF02::1:2) - multicast
- DHCPv6 ADVERTISE
- DHCPv6 INFORMATION-REQUEST (Stateless)
- DHCPv6 REQUEST (Stateful)
- DHCPv6 REPLY
DHCPv6 Stateless Configuration
- Configuring a DHCPv6 Pool
  - Configuring dns, domain-name
- interface
  - ipv6 dhcp server dhcpv6-pool-name
  - ipv6 nd other-config-flag
- Router as client
  - interface
    ipv6 enable
    ipv6 address autoconfig
DHCPv6 Stateful Configuration
- Configuring a DHCPv6 Pool
  - Configuring address prefix, dns, domain-name
- interface
  - ipv6 dhcp server dhcpv6-pool-name
  - ipv6 nd managed-config-flag
- Router as client
  - interface
    ipv6 enable
    ipv6 address dhcp
DHCPv6 Relay
- interface
  - ipv6 dhcp relay destination destination-ip-of-dhcpv6-server
DHCP starvation attacks
- An attacker floods the DHCP server with DHCP requests
DHCP spoofing attacks
- An attacker configures a fake DHCP server
DHCP Snooping
- Configure trusted source
  - ip dhcp snooping
  - interface
    ip dhcp snooping trust
    ip dhcp snooping limit rate

Previous9. VLAN & INTER-VLAN Next11. Route

Last updated 4 years ago

Was this helpful?