Home  Prev  cOS Stream 4.00.03 Administration Guide  Next

21.2. DHCP Servers

A DHCP server hands out the IPv4 addresses taken from a specified IP address range. The DHCP server is not limited to serving a single range of IPv4 addresses but can use any IPv4 range that can be specified by an address book object.

This section describes how to set up a DHCP server and also the options that are available for a server.

21.2.1. Defining DHCP Servers

In the system there exists only one, single DHCPServer object. This exists as a predefined object in a configuration and by default, does nothing.

In order to activate the DHCP function, a DHCPServerRule object must be added to the DHCPServer object as a child. In order for the DHCP server to respond there must be a match with both of the following DHCPServerRule properties.

  • Interface

    This is the system interface on which the DHCP requests are received.

    This should be set to core if DHCP will hand out addresses to fill an IPPool being used with an IPsec tunnel. This is discussed further in Section 13.3.3, IKE Config Mode.

  • RelayerFilter

    The relayer IP address in the IP packet is also used to determine the server. The default value of all-nets-ip4 means that any IPv4 address is acceptable and only the interface match is considered. The other options for this property are described further below.

There can be many DHCPServerRule objects added to the DHCPServer object. Each can define different properties.

Searching the Server List for Matches

Multiple DHCPServerRule objects will form a list, the last one defined being at the bottom of the list. When cOS Stream searches for a DHCPServerRule to service a request, it goes through the list from top to bottom and uses the first rule it finds with a matching combination of interface and relayer IP filter value. If there is no match in the list then the request is ignored.

Providing Multiple Matching Rules

Sometimes it is desirable to provide more than one rule with the same triggering criteria. The rule property AllowFurtherMatching has a default value of Yes and this means that if the matching rule cannot provide an IP address for some reason (the available IPs might be exhausted), scanning of the rules will continue for another match.

Using Relayer IP Filtering

As explained above, a DHCPServerRule is selected based on a match of both the interface and the relayer IP filter. The possible values for the RelayerFilter property are as follows:

  • all-nets-ip4

    The default value is all-nets-ip4 (0.0.0.0/0). This means all DHCP requests will match this filter value regardless if the DHCP requests comes from a client on the local network or has arrived via a DHCP relayer.

  • A value of 0.0.0.0

    The value 0.0.0.0 will match DHCP requests that come from a local client only. DHCP requests that have been relayed by a DHCP relayer will be ignored.

  • Specific IP addresses.

    This is an IP address filter for the DHCP relayer through which the DHCP request has come. Requests from local clients or other DHCP relayers will be ignored.

DHCP Server Rule Properties

The following are the full list of properties for a DHCPServerRule object:

Name

A symbolic name for the server. Used as an interface reference but also used as a reference in log messages.

AllowFurtherMatching

If the rule cannot provide an IP, are the rules searched for another match. This is enabled by default.

Interface

The source interface on which cOS Stream will listen for DHCP requests. This can be a single interface or a group of interfaces. It can also be specified as core when the rule is providing addresses to the IPPool object of an IPsec tunnel.

IPAddressPool

An IP range, group or network that the DHCP server will use as an IP address pool for handing out DHCP leases.

Netmask

The netmask which will be sent to DHCP clients.

DefaultGateway

This specifies what IP should be sent to the client for use as the default gateway (the router to which the client connects).

Domain

The domain name used for DNS resolution. For example, somedomain.com.

LeaseTime

The time, in seconds, that a DHCP lease is provided. After this time the DHCP client must renew the lease.

[Note] Note
In telecom applications, such as I-WLAN deployments, the recommended setting for the lease time is 86,400 seconds (equivalent to 24 hours).
DNS1

The IP of the primary DNS server.

DNS2

The IP of the secondary DNS server.

NBNS1

IP of the primary Windows Internet Name Service (WINS) server that are used in Microsoft environments which uses the NetBIOS Name Servers (NBNS) to assign IP addresses to NetBIOS names.

NBNS2

IP of the secondary Windows Internet Name Service (WINS) server.

NextServer

Specifies the IP address of the next server in the boot process. This is usually a TFTP server.

Example 21.1. Activating a DHCP server

This example shows how to activate a DHCP server by adding a DHCPServerRule called my_dhcp_rule to the DHCPServer object.

The rule will hand out the addresses defined in an IPv4 object called my_dhcp_range which already exists in the address book. Requests will arrive on the if1 interface and the netmask handed out will be 255.255.255.0.

Command-Line Interface

First, change to the DHCPServer context: 

System:/> cc DHCPServer

Now, add a DHCPServerRule object: 

System:/DHCPServer> add DHCPServerRule my_dhcp_rule
			Interface=if1
			IPAddressPool=my_dhcp_range
			Netmask=255.255.255.0

To change back to the default CLI context: 

System:/DHCPServer> cc

Finally, commit the configuration changes in the normal way.

The rule name my_dhcp_rule is used in the dhcpserver command to manage the rule.

Using the dhcpserver CLI Command

DHCP operation can be managed using the CLI command dhcpserver. For example, to get a brief summary of DHCP operations since the last restart or reconfiguration: 
System:/> dhcpserver -information

DHCP Server general information:

Log enabled                         : TRUE
Blacklist Timeout                   : 3600s
Autosave the lease database to disk : Disabled.
DHCP Server up running time         : 3052s

To see a summary of DHCP server activity: 

System:/> dhcpserver -statistics
				
Rejected count:               : 54

Rule Name                     : ServerRule1
  Usage                       : 100
  Usage percentage            : 2%
  Active clients              : 50
  Active clients percentage   : 1%
  Pool size                   : 5000
  Rejected count              : 50

Rule Name                     : ServerRule2
  Usage                       : 5
  Usage percentage            : 100%
  Active clients              : 3
  Active clients percentage   : 60%
  Pool size                   : 5
  Rejected count              : 2

In the above output, the Rejected count is all IPs rejected by either client or server. Some rejections occur before reaching a rule so the total may be higher than the sum of rule rejections. The Usage is the IP pool size minus the free IPs. The Active clients is the current number of active leases.

To see a summary of the current DHCP server rule set: 

System:/> dhcpserver -rules

To display the mappings of IPv4 addresses to MAC addresses from allocated leases: 

System:/> dhcpserver -mappings

                      DHCP Server mappings:

Rule          Client IP    MAC/Identifier       Status    Static
------------  -----------  -------------------  --------  ------
ServerRule2  172.22.12.2   <18:04:73:e4:d0:19>  INACTIVE  STATIC
ServerRule1  10.6.12.254   [01005056c00002]     INACTIVE  STATIC

The [identifier] means that the DHCP server is not tracking the client using a MAC address but instead tracks it using the identifier given by the client to the server.

To see a list of the current DHCP server leases: 

System:/> dhcpserver -leases
				
Active DHCP leases:

Rule         Iface    Client MAC/Identifier       Client IP  Expire
-----------  -------  --------------------------  ---------  ------
ServerRule1  dev_le0  [01100000f418490000000002]  10.6.12.2  15419s

The DHCP Server Blacklist

Sometimes, an IP address offered in a lease is rejected by the client. This may be because the client detects that the IP address is already in use by issuing an ARP request. When this happens, the server is informed and cOS Stream then adds that rejected to the DHCP server blacklist.

An IP address only ever stays on the blacklist for a finite amount of time. The duration is controlled by the advanced setting BlackListTimeout.

The CLI can be used to display the DHCP server blacklist with the command: 

System:/> dhcpserver -blacklist
				
DHCP Server blacklisted addresses:

Rule         Blacklisted IP  Remaining time
-----------  --------------  --------------
ServerRule1  10.6.12.1       20s

The Remaining time is the time left on the blacklist.

The entire blacklist can be cleared with the command: 

System:/> dhcpserver -releaseblacklist
				
Removed 1 blacklisted IP(s)

It is also possible to direct blacklist commands at specific rules by using the -rule parameter.

DHCP Snooping

For troubleshooting purposes, it is possible to examine the client interactions with the DHCP server using the CLI command: 
System:/> dhcpserver -snoop=on
Server/client exchanges are then displayed on the CLI console. A typical sequence might be as follows, starting with an IP sent out by the server rule ServerRule1 in response to a client request: 
 SNOOP:  DHCPSERVER: ServerRule1: Received DISCOVER from client.
 Sending IP offer. [srchw=10:00:00:f4:18:49] [knownip=10.6.12.1]
Next, the client declines the IP and the server blacklists it: 
 SNOOP:  DHCPSERVER: ServerRule1: Client declined IP,
 blacklisted it.[srchw=10:00:00:f4:18:49] [clientip=10.6.12.1]
Then, the client issues another request and another IP is sent: 
 SNOOP:  DHCPSERVER: ServerRule1: Received DISCOVER from client.
 Sending IP offer. [srchw=10:00:00:f4:18:49] [knownip=10.6.12.2]
Finally, the client accepts the IP: 
 SNOOP:  DHCPSERVER: ServerRule1: Client accepted and bounded with IP
 [srchw=10:00:00:f4:18:49] [clientip=10.6.12.2]
Snooping can be turned off with: 
System:/> dhcpserver -snoop=off

It is possible to specify snooping for a specific DHCPServerRule. For example, to enable snooping for ServerRule2, the CLI command would be: 

System:/> dhcpserver -snoop=on -rule=ServerRule2

Additional Server Settings

A DHCPServerRule can have two other sets of objects associated with it:

  • Static Hosts.
  • Custom Options.

These two rule options are discussed in the sections that follow.

21.2.2. Static DHCP Hosts

Where the administrator requires a fixed relationship between a client and the assigned IPv4 address, cOS Stream allows the assignment of a given IP to a specific MAC address. In other words, the creation of a static host. This is done by adding DHCPStaticPoolStaticHost objects to DHCPServerRule objects as children.

DHCPStaticPoolStaticHost Object Properties

More than one DHCPStaticPoolStaticHost objects can be added as children of a single DHCP server. The following are the important properties:

Host

This is the IPv4 address that will be handed out to the client.

MACAddress

This is the MAC address of the client. Either the MAC address can be used or the alternative Client Identified parameter can be used.

ClientIdent

If the MAC address is not used for identifying the client then the client can send an identifier in its DHCP request. The value of this identifier can be specified as this property. The option exists to also specify if the identifier will be sent as an ASCII or Hexadecimal value.

ClientIdentType

This property specifies if ClientIdent will be sent as an ASCII or Hexadecimal value.

Example 21.2. Static DHCP Host Assignment

This example shows how to assign the IPv4 address 192.168.1.1 to the MAC address 00-90-12-13-14-15. The example assumes that the DHCP server my_DHCPServer has already been defined.

Command-Line Interface

First, change to the my_DHCPServer context: 

System:/> cc DHCPServer my_DHCPServer

Next, change to the relevant DHCPServerRule context: 

System:/DHCPServer> cc DHCPServerRule my_dhcp_rule

Add the static DHCP assignment: 

System:/DHCPServer/my_DHCPServer/my_dhcp_rule> 
			add DHCPServerStaticHost
			Host=192.168.1.1
			MACAddress=00-90-12-13-14-15

21.2.3. DHCP Server Custom Options

It is possible to customize a DHCPServerRule object so the DHCP server sends specific pieces of information to DHCP clients in the DHCP leases that are sent out. This is done by adding DHCPServerCustomOption objects to DHCPServerRule objects as children.

An example of this is certain types of network switches that require the IP address of a TFTP server to be included in the DHCP information sent by the server. The TFTP server is then queried by the switches to get additional network information.

DHCPServerCustomOption Object Properties

The following properties can be specified for a DHCPServerCustomOption property:

Code

This is the code that describes the type of information being sent to the client. A large list of predefined codes exists as part of the DHCP standard.

Type

This describes the type of data which will be sent. For example, if the type is String then the data is a character string.

Param

This is the information that will be sent in the lease. The meaning of what is sent is determined by the specified Code. For example, if the code is 66 (TFTP server name) then the Type might be String and the Param could be tftp.mycompany.com.

Example 21.3. Adding DHCP Server Custom Options

This example adds a custom option for an FTP server to the DHCPServerRule object called my_dhcp_rule.

Command-Line Interface

First, change to the DHCPServer context: 

System:/> cc DHCPServer

Next, change to the relevant DHCPServerRule context: 

System:/DHCPServer> cc DHCPServerRule my_dhcp_rule

Add the custom options to the rule: 

System:/DHCPServer/DHCPServerRule/my_dhcp_rule> 
			add DHCPServerCustomOption
			Code=66
			Type=String
			Param="tftp.mycompany.com"

21.2.4. DHCP Server Advanced Settings

DHCP leases are, by default, remembered by cOS Stream between system restarts. DHCP advanced settings can be adjusted to control how often the lease database is saved to non-volatile memory. These settings are system wide.

There are two advanced settings which apply to the DHCP server and any server rules:

  • AutoSaveLeasePolicy

    The policy for saving the lease database to disk. The options are:

    1. Never - Never save the database.

    2. ReconfShut - Save the database on a reconfigure or a shutdown. This is the default.

    3. ReconfShutTimer - Save the database on a reconfigure or a shutdown and also periodically. The amount of time between periodic saves is specified by the next property, AutoSaveLeaseInterval.

  • AutoSaveLeaseInterval

    The number of seconds between auto saving the lease database to disk. The default value is 86400 seconds.

  • BlackListTimeout

    The number of seconds before an IP is removed from the blacklist. The default value is 36000 seconds.

    When an IP address is placed on the blacklist, it only stays there for this amount of time. When the timeout has expired, it is removed from the blacklist and becomes available again for handing out.

Example 21.4. Changing DHCP Server Advanced Settings

This example changes the advanced settings of the DHCP server feature.

Command-Line Interface

System:/> set Settings DHCPServerSettings
			AutoSaveLeaseInterval=3600
			AutoSaveLeasePolicy=ReconfShutTimer

Home  Prev   Next