RE: ip helper-address

From: Church, Chuck (cchurch@wamnetgov.com)
Date: Mon Dec 15 2003 - 22:39:19 GMT-3

• Next message: Peng Zheng: "EIGRP Variance"
• Previous message: Thomas Larus: "Re: CCIE FOR SALE !!!1"
• Maybe in reply to: Pun, Alec CL: "ip helper-address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

It's also important to remember that helper addresses are specific to an interface, while the forward-protocol command is a global config option. You can't specify which protocols are 'helped' on which interfaces. If you want just DHCP forwarded on one interface, but you want just TFTP on your management VLAN interface, then you need to leave both enabled (which is easy, since they're both defaults), and control them with inbound access lists on those interfaces, blocking the unneeded broadcasts.

Chuck Church
CCIE #8776, MCNE, MCSE
Wam!Net Government Services
13665 Dulles Technology Dr. Ste 250
Herndon, VA 20171
Office: 703-480-2569
Cell: 703-819-3495
cchurch@wamnetgov.com
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=index&search=cchurch%40wamnetgov.com

> -----Original Message-----
> From: Brian McGahan [mailto:bmcgahan@internetworkexpert.com]
> Sent: Monday, December 15, 2003 7:25 PM
> To: 'Jonathan Hays'; ccielab@groupstudy.com
> Subject: RE: ip helper-address
>
>
> Jonathan,
>
> You misread my post; the point is that the 'ip helper-address'
> command instructs the router to forward udp broadcast packets
> received on an
> interface to the configured address if the port matches that which is
> specified in the 'ip forward-protocol udp' command.
>
> Since 'ip forward-protocol udp 67' is default, DHCP
> requests will be
> forwarded when the 'ip helper-address' command is configured on the
> interface. This is not to say that 'ip forward-protocol'
> command does not
> relate to the 'ip helper-address' command. There is no "ip
> helper-address
> list of ports" as you implied. Instead, the default ports
> forwarded by the
> 'ip helper-address' command are the default list of 'ip
> forward protocol
> udp' ports as Chuck listed.
>
>
> HTH,
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Direct: 708-362-1418 (Outside the US and Canada)
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]
> On Behalf Of
> > Jonathan Hays
> > Sent: Monday, December 15, 2003 4:23 PM
> > To: ccielab@groupstudy.com
> > Subject: RE: ip helper-address
> >
> > you wrote:
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]
> On Behalf Of
> > Brian McGahan
> > Sent: Monday, December 15, 2003 3:52 PM
> > To: 'Pun, Alec CL'; ccielab@groupstudy.com
> > Subject: RE: ip helper-address
> >
> >
> > Alec,
> >
> > Technically the "ip forward-protocol udp" command does need to
> > be
> > configured to forward dhcp requests with the "ip helper-address"
> > command.
> > It's just that "ip forward-protocol udp bootps" is default:
> >
> > Router(config)#ip forward-protocol udp 67
> > Router(config)#do sh run | in forward-protocol
> >
> > Router(config)#no ip forward-protocol udp 67
> > Router(config)#do sh run | in forward-protocol
> > no ip forward-protocol udp bootps
> >
> > If you disable the port, as Chuck suggested, the packet cannot
> > be
> > forwarded.
> >
> >
> > HTH,
> >
> > Brian McGahan, CCIE #8593
> > bmcgahan@internetworkexpert.com
> >
> > Internetwork Expert, Inc.
> > http://www.InternetworkExpert.com
> > Toll Free: 877-224-8987
> > Direct: 708-362-1418 (Outside the US and Canada)
> >
> > = = =
> >
> > Brian,
> >
> > Sorry, but I must respectfully question the need to
> configure the "ip
> > forward-protocol udp 67" in addition to "ip helper-address"
> just to get
> > DHCP proxy functions to work. I have set up this "DHCP
> proxy" feature
> > for many clients using only the "ip helper-address" command on the
> > ethernet interface, and I don't recall having needed the "ip
> > forward-protocol udp 67" to get things working. In point of
> fact the "ip
> > helper-address" command enables forwarding on udp 67 so
> what would be
> > the point of configuring this command, unless you had
> previously entered
> > "no ip forward-protocol udp 67" for some reason?
> >
> > Or are you trying to say that the "ip helper-address" command is
> > actually a sort of macro that executes "ip forward-protocol
> udp 67" but
> > it doesn't show up in the "sh run" output since it's the default?
> >
> > Please clarify,
> >
> > Jonathan
> >
> >
> ______________________________________________________________
> _________
> > Please help support GroupStudy by purchasing your study
> materials from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________
> _________
> Please help support GroupStudy by purchasing your study
> materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Peng Zheng: "EIGRP Variance"
• Previous message: Thomas Larus: "Re: CCIE FOR SALE !!!1"
• Maybe in reply to: Pun, Alec CL: "ip helper-address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:41 GMT-3