21.3. DHCP Client

Home Prev	cOS Stream 4.00.03 Administration Guide	Next

All the Ethernet and VLAN interfaces have the ability to act as a DHCP client and have their associated IPv4 addresses dynamically allocated by an external DHCP server. This feature could, for example, be used to receive external IP address information from an ISP's DHCP server so they are assigned to an Ethernet interface for public Internet connection. By default, DHCP is not enabled on Ethernet or VLAN interfaces and it must be explicitly enabled on an individual interface.

Enabling the DHCP Client Feature

Both the EthernetInterface and the VLAN configuration objects have a property called DHCPEnabled. This should be set to Yes to enable DHCP. For example, if the interface name is if1, the command would be:

System:/> set Interface EthernetInterface if1 DHCPEnabled=Yes

DHCP Client Options

If DHCP is enabled for a EthernetInterface or VLAN object, both objects have the following key properties which allow the administrator to control how the interface behaves as a DHCP client.

DHCPPreferredIP

This is optional and specifies the IPv4 address that the client prefers.
DHCPServerFilter

This is an optional address object that specifies what the acceptable IP address range for the DHCP server.
DHCPAdressFilter

This is an optional address object that specifies what the acceptable IP address range for the IP addresses sent by the DHCP server.

Interface Properties for Display Only

The following EthernetInterface and VLAN interface object properties are used only as place holders for information received from a DHCP server so the information can be appear in CLI output:

DHCPPrimaryDNS
DHCPSecondaryDNS
DefaultGateway
DHCPNetwork
DHCPPrimaryNBNS
DHCPSecondaryNBNS

A full list of all DHCP client related properties for the EthernetInterface and VLAN objects can be found in their respective entries in the separate Clavister NetShield Firewall CLI Reference Guide.

Assignment to Interface Address Book Objects

An interface that receives a DHCP lease will already have related address objects in the system address book. It is always these address objects which are used to refer to the IP addresses received. For example, the Ethernet interface if1 will have the following associated address objects in the default configuration:

if1_ip
if1_net
if1_gw
if1_broadcast
if1_dns1
if1_dns2
if1_nbns1
if1_nbns2

The ActiveAddress Property

All address objects have two IP address properties: the statically assigned Address property and the dynamically assigned ActiveAddress property. When a DHCP lease is received and an assignment is done to any of the objects listed above, cOS Stream will assign the address to their ActiveAddress property without changing the Address property. The ActiveAddress now becomes the IP address of the object.

When the ActiveAddress is no longer in use, such as when the DHCP lease expires, the IP address of the object will revert back to the Address property and the ActiveAddress will revert back to a value of <empty>.

Interfaces Always Use Default Address Objects

During address assignment, cOS Stream will also make sure that the objects in the default list shown above are the address objects assigned to the relevant properties of the interface. For example, if the IPAddress property of the EthernetInterface object called if1 has been previously set to the IP address object my_alternative_ip, it will be set back to if1_ip when the interface's IP address is assigned as a DHCP client. This reassignment remains in place even when the DHCP lease ends.

Also note that the DNS server addresses contained in a lease received by the interface if1 will be assigned to the address objects if1_dns1 and if1_dns2.

Viewing Interface Address Changes

When an interface address is assigned using DHCP, both the original IP address and the assigned IP address will be visible when the interface properties are displayed. This is shown in the following example output for the if1 interface (only the first 3 object properties are shown):

System:/> show Address IPAddress if1_ip           

        Property  Value            Remarks
----------------  ---------------  --------------------
           Name:  if1_ip
        Address:  192.168.229.71
  ActiveAddress:  192.168.229.128  Dynamically assigned

Here, the Address is the original IP address and the ActiveAddress has been assigned by DHCP.

The dhcpclient Command

The dhcpclient CLI command displays information relating to the DHCP status of interfaces with the DHCP client option enabled. The dhcpclient command with no options will show the current interfaces with DHCP enabled and their DHCP status. For example, if only the interface if1 is enabled then the output might be as follows:

System:/> dhcpclient
			
                      DHCP Client List

Interface  IP Address    DHCP State              Renew in
---------  ------------  ----------------------  ----------
if1        192.20.2.100  BOUND (for 0h 00m 09s)  0h 30m 0s

Here, the output indicates that the interface if1 is currently BOUND to a lease it received 9 seconds ago from an external DHCP server and the lease is due to be renewed in 30 minutes. The current IP address assigned to the interface is 192.20.2.100.

To expand the above output and examine the current lease on a particular interface, the dhcpclient command can be followed by the interface name:

System:/> dhcpclient if1

  Interface     : if1
  Assigned IP   : 192.20.2.100
  Broadcast IP  : 192.20.2.255
  Gateway IP    : <Empty>
  DNS1 IP       : <Not resolved>
  NBNS1 IP      : <Not resolved>
  DHCPD IP      : 192.20.2.2
  Lease time    : 0h 10m 00s
  Renew in      : 0h 04m 54s
  Rebind in     : 0h 08m 39s
  Expire in     : 0h 09m 54s
  State         : BOUND (for 0h 00m 06s)

The output provides detailed information about the current lease. In the above, some values have not been assigned by the lease such as the gateway and DNS server.

The -snoop Option

The -snoop option of the dhcpclient command allows the administrator to get console output to show the DHCP negotiations that take place.

For example, DHCP snooping is turned on for the if1 interface with the command:

System:/> dhcpclient -snoop=On if1

Information messages like the following sequence will now appear on the console:

SNOOP:  DHCPCLIENT-1  : if1 (0.0.0.0) - Sending DISCOVER
        [request 0.0.0.0] [src 0.0.0.0] [dest 255.255.255.255]
SNOOP:  DHCPCLIENT-17 : if1 (0.0.0.0) - Receiving OFFER
        [offer 192.20.2.100] [src 192.20.2.2] [dest 255.255.255.255]
SNOOP:  DHCPCLIENT-18 : if1 (0.0.0.0) - Sending REQUEST
        [request 192.20.2.100] [src 0.0.0.0] [dest 255.255.255.255]
SNOOP:  DHCPCLIENT-19 : if1 (0.0.0.0) - Receiving ACK
        [offer 192.20.2.100] [src 192.20.2.2] [dest 255.255.255.255]

This sequence indicates how the interface sent out a DISCOVER message and received an OFFER from a server. This was then followed by the client receiving and acknowledging an IP lease from the server.

Snooping is turned of with the following command:

System:/> dhcpclient -snoop=Off if1

A full list of all the dhcpclient command options can be found in the separate Clavister NetShield Firewall CLI Reference Guide.