Example Of DHCP

Example 1: Using the DhcpRequestParams function

The following example illustrates how to retrieve the host name using the DhcpRequestParams function call. The name of the adapter can be retrieved using the GetInterfaceInfo structure, which is part of the Internet Protocol Helper API: C++ #include <windows.h> #include <dhcpcsdk.h> #pragma comment( lib, "dhcpcsvc.lib" ) BOOL RetrieveHostName( IN LPWSTR pszAdapterName, IN OUT CHAR pszHostNameBuf[], // must be large enough buffer IN DWORD dwHostNameBufSize ) /*++ Routine returns TRUE on success and FALSE on failure. --*/ { DWORD dwError, dwSize; CHAR TmpBuffer[1000]; // host name won't be larger than this DHCPCAPI_PARAMS DhcpApiHostNameParams = { 0, // Flags OPTION_HOST_NAME, // OptionId FALSE, // vendor specific? NULL, // data filled in on return 0 // nBytes }; DHCPCAPI_PARAMS_ARRAY RequestParams = { 1, // only one option to request &DhcpApiHostNameParams }; DHCPCAPI_PARAMS_ARRAY SendParams = { 0, NULL };

dwSize = sizeof(TmpBuffer); dwError = DhcpRequestParams( DHCPCAPI_REQUEST_SYNCHRONOUS, // Flags NULL, // Reserved pszAdapterName, // Adapter Name NULL, // not using class id SendParams, // sent parameters RequestParams, // requesting params (PBYTE) TmpBuffer, // buffer &dwSize, // buffer size NULL // Request ID ); if( ERROR_MORE_DATA == dwError ) { // // dwSize is not large enough. // } if( NO_ERROR == dwError ) { // Check if the requested option was obtained. if( DhcpApiHostNameParams.nBytesData ) { // Check size with dwHostNameBufSize. CopyMemory( pszHostNameBuf, DhcpApiHostNameParams.Data, DhcpApiHostNameParams.nBytesData ); pszHostNameBuf[DhcpApiHostNameParams.nBytesData] = '\0'; return TRUE; } } return FALSE; }

Example 2: Using the DhcpRegisterParamChange function

The following code illustrates how the DhcpRegisterParamChange function can be used to keep track of host name changes: C++ ULONG UpdateHostNameLoop( IN LPWSTR pszAdapterName, IN CHAR pszHostNameBuf[], IN ULONG dwHostBufSize ) { DWORD dwError; HANDLE hEvent; DHCPCAPI_PARAMS DhcpApiHostNameParams = { 0, // Flags OPTION_HOST_NAME, // OptionId FALSE, // vendor specific? NULL, // data filled in on return 0 // nBytes }; DHCPCAPI_PARAMS_ARRAY DhcpApiParamsArray = { 1, // only one option to request &DhcpApiHostNameParams }; dwError = DhcpRegisterParamChange( DHCPCAPI_REGISTER_HANDLE_EVENT, // Flags NULL, // Reserved pszAdapterName, // adapter name NULL, // no class ID DhcpApiParamsArray, // params of interest (LPVOID)&hEvent // event handle ); if( ERROR_SUCCESS != dwError ) return dwError; // Wait on event all the time. while( WAIT_OBJECT_0 == WaitForSingleObject(hEvent, INFINITE) ) { // Get host name and update it. ResetEvent(hEvent);

dwError = RetrieveHostName(pszAdapterName, pszHostNameBuf, dwHostBufSize ); // Ignore this error. break; }

// Wait failed or retrieve failed? De-register the event handle. (void)DhcpDeRegisterParamChange( DHCPCAPI_REGISTER_HANDLE_EVENT, // Flags NULL, // Reserved (LPVOID) hEvent // event ); return dwError; }

Dynamic Addressing, using DHCP-Relay

Let us consider that you have several IP networks 'behind' other routers, but you want to keep all DHCP servers on a single router. To do this, you need a DHCP relay on your network which relies DHCP requests from clients to DHCP server. This example will show you how to configure a DHCP server and a DHCP relay which serve 2 IP networks - 192.168.1.0/24 and 192.168.2.0/24 that are behind a router DHCP-Relay.

IP addresses of DHCP-Server:

[admin@DHCP-Server] ip address> print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 192.168.0.1/24 192.168.0.0 192.168.0.255 To-DHCP-Relay 1 10.1.0.2/24 10.1.0.0 10.1.0.255 Public [admin@DHCP-Server] ip address>

IP addresses of DHCP-Relay:

[admin@DHCP-Relay] ip address> print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 192.168.0.1/24 192.168.0.0 192.168.0.255 To-DHCP-Server 1 192.168.1.1/24 192.168.1.0 192.168.1.255 Local1 2 192.168.2.1/24 192.168.2.0 192.168.2.255 Local2

[admin@DHCP-Relay] ip address>

To setup 2 DHCP Servers on DHCP-Server router add 2 pools. For networks 192.168.1.0/24 and 192.168.2.0:

/ip pool add name=Local1-Pool ranges=192.168.1.11-192.168.1.100 /ip pool add name=Local1-Pool ranges=192.168.2.11-192.168.2.100 [admin@DHCP-Server] ip pool> print # NAME RANGES 0 Local1-Pool 192.168.1.11-192.168.1.100 1 Local2-Pool 192.168.2.11-192.168.2.100 [admin@DHCP-Server] ip pool>

Create DHCP Servers:

/ip dhcp-server add interface=To-DHCP-Relay relay=192.168.1.1 \ address-pool=Local1-Pool name=DHCP-1 disabled=no /ip dhcp-server add interface=To-DHCP-Relay relay=192.168.2.1 \ address-pool=Local2-Pool name=DHCP-2 disabled=no [admin@DHCP-Server] ip dhcp-server> print Flags: X - disabled, I - invalid # NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADDARP 0 DHCP-1 To-DHCP-Relay 192.168.1.1 Local1-Pool 3d00:00:00 1 DHCP-2 To-DHCP-Relay 192.168.2.1 Local2-Pool 3d00:00:00 [admin@DHCP-Server] ip dhcp-server>

Configure respective networks:

/ip dhcp-server network add address=192.168.1.0/24 gateway=192.168.1.1 \ dns-server=159.148.60.20 /ip dhcp-server network add address=192.168.2.0/24 gateway=192.168.2.1 \ dns-server 159.148.60.20 [admin@DHCP-Server] ip dhcp-server network> print # ADDRESS GATEWAY DNS-SERVER WINS-SERVER DOMAIN 0 192.168.1.0/24 192.168.1.1 159.148.60.20 1 192.168.2.0/24 192.168.2.1 159.148.60.20 [admin@DHCP-Server] ip dhcp-server network>

Configuration of DHCP-Server is done. Now let's configure DHCP-Relay:

/ip dhcp-relay add name=Local1-Relay interface=Local1 \ dhcp-server=192.168.0.1 local-address=192.168.1.1 disabled=no /ip dhcp-relay add name=Local2-Relay interface=Local2 \ dhcp-server=192.168.0.1 local-address=192.168.2.1 disabled=no [admin@DHCP-Relay] ip dhcp-relay> print Flags: X - disabled, I - invalid # NAME INTERFACE DHCP-SERVER LOCAL-ADDRESS 0 Local1-Relay Local1 192.168.0.1 192.168.1.1 1 Local2-Relay Local2 192.168.0.1 192.168.2.1 [admin@DHCP-Relay] ip dhcp-relay>

Vlan Examples

Security: Private vlan example

Vlan 100 is a community vlan, hosts within vlan 100 can communicate with one another. Vlan 200 is an isolated vlan, hosts within vlan 200 are not allowed to communicate with one another.

Private vlan 1. Before you start make sure the vtp mode is set to transparent. 2. The difference between private vlan and protected port is protected port is localized within the switch itself, but private vlan can propagate among switches. 3. Private vlan consists of primary vlan and secondary vlan. 4. There are two types of secondary vlans namely isolated and community.

5. Hosts within the same community vlan can communicate with one another. Host within the community vlan cannot communicate with hosts from a different community and hosts from isolated vlan. 6. Hosts within isolated vlan cannot communicate among themselves. 7. Promiscuous port is the port that can access to community and isolated ports. 8. Community and isolated vlans do not have an instance for spanning-tree. Step by Step Step 1:Change vtp mode to transparent. 3560-2(config)#vtp mode transparent Step1.1:Define your vlans.

3560-2(config)#vlan 99 3560-2(config-vlan)#name pri-vlan 3560-2(config)#vlan 100 3560-2(config-vlan)#name comm-vlan 3560-2(config-vlan)#vlan 200 3560-2(config-vlan)#name isolated-vlan Step 2:Define your secondary vlans.

3560-2(config-vlan)#vlan 100 3560-2(config-vlan)#private-vlan community

3560-2(config-vlan)#vlan 200 3560-2(config-vlan)#private-vlan isolated Step 3:Define your primary vlan and associate secondary vlans into this.

3560-2(config-vlan)#vlan 99 3560-2(config-vlan)#private-vlan primary 3560-2(config-vlan)#private-vlan association 100,200 Step 4:Define your port roles based on the above diagram.

3560-2(config)#int fa0/1 3560-2(config-if)#switchport mode private-vlan promiscuous 3560-2(config-if)#switchport private-vlan mapping 99 100,200 3560-2(config)#int range fa0/10 11 3560-2(config-if-range)#switchport mode private-vlan host 3560-2(config-if-range)#switchport private-vlan host-association 99 100 3560-2(config)#int range fa0/20 21 3560-2(config-if-range)#switchport mode private-vlan host 3560-2(config-if-range)#switchport private-vlan host-association 99 200

IEEE 802.1Q VLAN Configuration The VLAN configuration example for the ML100T-12 shown in Figure 8-2 depicts the following VLANs:

Fast Ethernet subinterface 0.1 is in the IEEE 802.1Q native VLAN 1. Fast Ethernet subinterface 0.2 is in the IEEE 802.1Q VLAN 2. Fast Ethernet subinterface 0.3 is in the IEEE 802.1Q VLAN 3. Fast Ethernet subinterface 0.4 is in the IEEE 802.1Q VLAN 4.

Figure 8-2 Bridging IEEE 802.1Q VLANs

Example 8-1 shows how to configure VLANs for IEEE 802.1Q VLAN encapsulation. Use this configuration for both router A and router B. The example is shown in Figure 8-2: Example 8-1 Configure VLANs for IEEE 802.1Q VLAN Encapsulation bridge 1 protocol ieee bridge 2 protocol ieee bridge 3 protocol ieee bridge 4 protocol ieee ! ! interface FastEthernet0 no ip address ! interface FastEthernet0.1

encapsulation dot1Q 1 native bridge-group 1 ! interface FastEthernet0.2 encapsulation dot1Q 2 bridge-group 2 ! interface FastEthernet0.3 encapsulation dot1Q 3 bridge-group 3 ! interface FastEthernet0.4 encapsulation dot1Q 4 bridge-group 4 ! interface POS0 no ip address crc 32 pos flag c2 1 ! interface POS0.1 encapsulation dot1Q 1 native bridge-group 1 ! interface POS0.2 encapsulation dot1Q 2 bridge-group 2 ! interface POS0.3 encapsulation dot1Q 3 bridge-group 3 ! interface POS0.4 encapsulation dot1Q 4 bridge-group 4

Configuration Our first steps here are to configure the primary and secondary vlans. Each vlan is configured using the VLAN configuration command private-vlan [type]. Once configured, we head back to the primary VLAN and bind the secondary vlans to it using the private-vlan association [vlan list] command. SW1(config)#vlan 100 SW1(config-vlan)#private-vlan primary SW1(config-vlan)#vlan 101 SW1(config-vlan)#private-vlan community SW1(config-vlan)#vlan 102 SW1(config-vlan)#private-vlan isolated SW1(config-vlan)#vlan 100 SW1(config-vlan)#private-vlan association 101,102

Now, we need to bind our switch ports to their respective PVLANs. Please note that a host port belongs to multiple VLANs at the same time: downstream primary and upstream (isloated/community/promiscuous) secondary.

SW1(config)#interface fa0/10 SW1(config-if)#switchport mode private-vlan host SW1(config-if)#switchport private-vlan host-association 100 101 SW1(config-if)#interface fa0/11 SW1(config-if)#switchport mode private-vlan host SW1(config-if)#switchport private-vlan host-association 100 101 SW1(config-if)#interface fa0/20 SW1(config-if)#switchport mode private-vlan host SW1(config-if)#switchport private-vlan host-association 100 102 SW1(config-if)#interface fa0/21 SW1(config-if)#switchport mode private-vlan host SW1(config-if)#switchport private-vlan host-association 100 102 SW1(config-if)#interface fa0/1 SW1(config-if)#switchport mode private-vlan promiscuous SW1(config-if)#switchport private-vlan mapping 100 add 101,102 And finally our verification.

SW1#sh vlan private-vlan Primary Secondary Type Ports

------- --------- ----------------- --------------------100 101 isolated Fa0/10, Fa0/11, Fa0/1 100 102 community Fa0/20, Fa0/21, Fa0/1 SW1#sh vlan private-vlan type Vlan Type

---- ----------------100 primary 101 isolated 102 community

Example of DHCP and VLan

Providing DHCP to multiple VLANs from one server
Suppose you have a network with multiple VLANs, each with its own subnet, and you want your DHCP server(s) to serve addresses and configuration to all subnets (or at least more than one of them). The problem normally is that broadcast traffic (such as DHCP requests from clients) cannot traverse broadcast domains, which is exactly what VLAN separation does: limit broadcast domains. Theres basically three solutions: the first is to provide a single DHCP server with a network interface in each VLAN. This will work fine for a very limited number of VLANs, but is not very effective for larger numbers of VLANs and its also not very flexible. Every new VLAN requires an extra NIC, cabling, etc. The second solution is to provide each VLAN with its own DHCP server. This is not very flexible either and eats lots of resources per VLAN and adds a lot of management complexity. The third solution adds flexibility, ease of management and does not require a major investment in separate servers. What you do need however is a Layer3 switch in stead of a Layer2 model. The reason for this is that the switch has to be capable to route, or more accurately: re-route IP packets. To enable a single DHCP server to serve multiple subnets, one per VLAN, you can configure your switch (both Cisco and HP Layer3 switches can do this, and probably most other brands as well) with an IP helper. An IP helper address tells the switch to

forward certain types of broadcasts (like DHCP requests, TFTP requests and DNS requests) via unicast to the IP address(es) configured. An example:

Here the DHCP server is using address 10.0.1.5 in VLAN 1, on subnet 10.0.1.0 /24. The two clients are on separate VLANs 2 and 3 with subnets 10.0.2.0 /24 and 10.0.3.0 /24 respectively. In this case, we need the switch that receives the DHCP requests broadcast from the clients to forward the requests to the DHCP server. To do this, we add the IP address of the server to the different VLAN interfaces as the IP helper:

interface vlan 1

ip address 10.0.1.1 255.255.255.0

interface vlan 2

ip address 10.0.2.1 255.255.255.0

ip helper-address 10.0.1.5

interface vlan 3 ip address 10.0.3.1 255.255.255.0 ip helper-address 10.0.1.5 The switch will now forward the request broadcasts to the DHCP server. If the DHCP server has been configured with separate ranges for each subnet, the right answer will be sent back by it to the switch and then forwarded to the client.

Project In Itna02

Submitted by: Manuel O. Chan Submitted to: Sir. Jhay-ar