This configuration will be applied to Cisco 1941 with EHWIC-3G-HSPA+7 card and Light Weigh Access Point.

Theory

A Cisco IOS feature set (called ”Easy IP)” offers an optional, full-featured DHCPv4 server, with 3 different address allocation mechanisms:

• Manual Allocation - static binding of a pre-allocated IPv4 address to the client
• Automatic Allocation - DHCPv4 automatically assigns a static IPv4 address permanently to a device, selecting it from a pool of available addresses. There is no lease and the address is permanently assigned to the device.
• Dynamic Allocation - DHCPv4 dynamically assigns, or leases, an IPv4 address from a pool for a limited period of time.

DHCPv4 Lease Origination

Abbreviations used in the graphic below:

• MAC - Media Access Control Address
• CIADDR - Client IP Address
• GIADDR - Gateway IP Address aka default gateway ip address - ip helper IP address. If zero/blank than the client is on the same segment
• CHADDR - Client Hardware Address

##SERVER#                                           ##CLIENT##
192.168.1.254/24

             I'd like to request an address
            <-------------------------------------  [ DHCPDISCOVER ] IPv4 broadcast
                             CIAADDR: 0.0.0.0                        IP src: 0.0.0.0  dst: 255.255.255.255   UDP 67
                             GIAADDR: 0.0.0.0                        MAC src: MAC_eth0 dst: ff:ff:ff:ff:ff:ff
                             Mask:    0.0.0.0
                             CHADDR: MAC_A
                                                               

               I'm DHCPsrv and an address I can offer			
[ DHCPOFFER ]  -----------------------------------> 
  unicast
  IP src 192.168.1.254 dst 192.168.1.10 UDP 68      CIADDR: 192.168.1.10
  MAC src: MAC_Serv dst: MAC_A                      GIADDR: 0.0.0.0
                                                    Mask: 255.255.255.0
                                                    CHADDR: MAC_A


             I accept the IP address offer
            <-------------------------------------  [ DHCPREQUEST ] broadcast 
												 

             Your acceptance is acknowledged												 
[ DHCPACK ] -------------------------------------->
  unicast    It sends ICMP to the IP offer address to verify 
             if it is not in use, then sends DHCPACK
			 
			

DHCPv4 Lease renewal

##SERVER##                                     ##CLIENT##
            I'd like to renew my lease         
        <--------------------------------------[ DHCPREQUEST ] unicast
           when the lease expired               
           1st request is unicats to the server that made the offer, if times-out
           2nd request is broadcast to reach other DHCPv4 servers
	   

	      Your request is acknowledged
[ DHCPACK ] ----------------------------------->
  unicast

DHCPv4 message format

• send from client using UDP source port 68 and dst 67
• send form server using UDP src port 67 dst 68

DHCPv4 configuration

configure terminal
 service dhcp
 ip dhcp pool LAN-POOL-1
  network 192.168.100.0 255.255.255.0   !defines the range of available addresses
  default-router 192.168.100.254        !sets default gateway
  dns-server 192.168.100.254 8.8.8.8
  netbios-name-server 192.168.100.100   !defines the NetBIOS WINS server can be SAMBA server or Windows machine
  domain-name home.gateway
  lease 0 8                             !sets 8 hrs lease, the value represents: Days Hours Minutes or infinite
ip dhcp excluded-address 192.168.100.1 192.168.100.10
ip dhcp excluded-address 192.168.100.240 192.168.100.255

Cisco router interface configured to obtain an IP Address from DHCP server

configure terminal
r1-basic(config)#int gi 0/0
r1-basic(config-if)#ip address dhcp
r1-basic(config-if)#no shutdown
r1-basic(config-if)#end

once ip is assigned you will see

*Sep  1 22:08:50.003: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0/0 assigned DHCP address 192.168.1.66, mask 255.255.255.0, hostname r1-basicchanged state to up

Clear DHCP binding will clear the current assignment then resetting a client interface will trigger to re negotiate IP address

R1#clear ip dhcp binding ?
 *        Clear all automatic bindings
 A.B.C.D  Clear a specific binding
 vrf      DHCP vrf bindings

Renew DHCP address on an access point

ap1#renew dhcp Gi0

DHCP IP bindings

This is an example of manual IP binding, dhcp POOL need to be created per ip address binding.

ip dhcp pool AP1
 host 10.0.99.1 255.255.255.128
 client-identifier 017c.69f6.e1d8.7d
 ! client-name did not work for me, it did not assign 'ap1' hostname to a client/AP
 client-name ap1

If you configure a Cisco router as a DHCP client, you'll notice that it uses weird client-id in its DHCP requests (assuming you care about client IDs on the DHCP server). Instead of using the interface MAC address as the client ID (as most workstations do), the client ID is the string 'cisco-dotted.mac.ascii-ifname' where the dotted.mac.ascii is the interface MAC address in ascii and the ifname is the short interface name.

+-----------+                       +-------------+
|Router     | Gi0/1/0<--------->Gi0 | Access point|
|DHCP server|                  /    +-------------+
+-----------+                 /
                       MAC address 
client-identifier 017c.69f6.e1d8.7d

debug dhcp detail

Note that if you have client-id cc05.12bc.0000 on your client ; on your server, you need to use client-id 01cc.0512.bc00.00. So there's a 01 prefix to add on the server where 01 represents the Ethernet media type.

By default, DHCP implementations typically employ the client's MAC address for this purpose, but the DHCP protocol allows other options as well. In any case, in order for DHCP to function, we must be certain that no other client is using the client ID we choose, and we must be sure the DHCP server will accept it. What is termed the Client ID for the purposes of the DHCP protocol is whatever is used by the protocol to identify the client computer.

A client identifier (DHCP option 61) can be a hexadecimal or an ASCII value. By default, the client identifier is an ASCII value. That is what happens if we just use ip address dhcp without any options. We can override the default by using ip address dhcp client-id <interface> command, and then it will use the hexadecimal MAC address of the named interface as the client identifier.

There is also DHCP option 12 that is used to send the hostname to the Server. By default option 12 also will be sent with the configured hostname as the value, but we can change it with ip address dhcp hostname host-name.

Binding configured can be preview

R1#sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
10.0.99.1           017c.69f6.e1d8.7d       Infinite                Manual
10.0.99.2           017c.69f6.e1d9.18       Infinite                Manual
10.0.99.3           017c.69f6.e1d9.78       Infinite                Manual

DHCP snooping

DHCP snooping is a Cisco Catalyst feature that determines which switch ports can respond to DHCP requests. Ports are identified as trusted and untrusted.

• trusted ports can source all DHCP messages
• untrusted ports can source requests only

Trusted ports host a DHCP server or can be an uplink toward the DHCP server. If a rogue device on an untrusted port attempts to send a DHCP response packet into the network, the port is shut down. Untrusted ports are those not explicitly configured as trusted.

A DHCP binding table is built for untrusted ports. Each entry contains a client MAC address, IP address, lease time, binding type, VLAN number, and port ID recorded as clients make DHCP requests. The table is then used to filter subsequent DHCP traffic. From a DHCP snooping perspective, untrusted access ports should not send any DHCP server responses.

s1(config)# ip dhcp snooping                   !enable dhcp snooping
s1(config)# ip dhcp snooping vlan 5,10         !enable dhcp snooping for specific VLANs
s1(config)# interface gi0/0/0
s1(config-if)# ip dhcp snooping trust          !path to a dhcp server
s1(config)# interface gi0/0/1
s1(config-if)# ip dhcp snooping limit rate 5   !limit the rate of dhcp requests come from untrusted ports

References

• Configuring the Cisco IOS DHCP Server first published on May 2, 2005, and last updated on June 28, 2007.