Re: Ip helper address
You have 2 DHCP servers on the same subnet??? This is probably not a good idea... it does not really provide redundancy or load balancing. The DHCP client will issue a request and accept the first response that it gets. If you split your scope such that half of your available addresses are on one server and half are on the other, you will *NOT* see that half of your clients use one server while half use the other. If for some reason one server always replies a nanosecond earlier than the other, then all clients will accept the response from that server. Once that server is out of addresses, it will start sending nack's. The clients will start accepting those nack's and will not request an address again, even though the other DHCP server may have dozens of free addresses to offer. SO - in answer to your question, the ip helper address of 10.10.10.0 will allow your client's requests to reach all DHCP servers on that subnet, HOWEVER they will only accept leases from the first server from which they receive a response. Chances are that server will be the same one all the time, even after it runs out of addresses to offer... You *could* set up your DHCP servers such that the scope on EACH ONE is sufficient to offer leases to ALL of you clients, but that is probably a less than efficient use of your address space. I hope that this helps... Dale [=`) >From: "Dennis Bates" <[EMAIL PROTECTED]> >Reply-To: "Dennis Bates" <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Ip helper address >Date: Fri, 8 Sep 2000 08:10:44 -0500 > >I am trying to put a statement on the remote router to allow the clients to >obtain an IP address accross the WAN. I have used the ip helper-address >command successfully. My problem is that i would like any of the DHCP >servers at the central site to be able to service DHCP requests from the >remote site. Do I have to use mutilple ip helper-address statements ? I >have tried a helper address pointing to the subnet, but that does not seem >to work. EX. i have DHCP servers at 10.10.10.10 and 10.10.10.11 do i have >to >use two seperate ip helper address statements or can i use ip >helper-address >10.10.10.0 ? > > >**NOTE: New CCNA/CCDA List has been formed. For more information go to >http://www.groupstudy.com/list/Associate-Announcement.html >_ >UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html >FAQ, list archives, and subscription info: http://www.groupstudy.com >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associate-Announcement.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Ip helper address
what about putting ip helper-address 10.10.10.255 ? instead of a zero.. what effect does that have? isnt the 255 used to send the broadcasts to all the servers on that subnet? jeff -Original Message- From: Dale Holmes [mailto:[EMAIL PROTECTED]] Sent: Fri, September 08, 2000 5:11 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Ip helper address You have 2 DHCP servers on the same subnet??? This is probably not a good idea... it does not really provide redundancy or load balancing. The DHCP client will issue a request and accept the first response that it gets. If you split your scope such that half of your available addresses are on one server and half are on the other, you will *NOT* see that half of your clients use one server while half use the other. If for some reason one server always replies a nanosecond earlier than the other, then all clients will accept the response from that server. Once that server is out of addresses, it will start sending nack's. The clients will start accepting those nack's and will not request an address again, even though the other DHCP server may have dozens of free addresses to offer. SO - in answer to your question, the ip helper address of 10.10.10.0 will allow your client's requests to reach all DHCP servers on that subnet, HOWEVER they will only accept leases from the first server from which they receive a response. Chances are that server will be the same one all the time, even after it runs out of addresses to offer... You *could* set up your DHCP servers such that the scope on EACH ONE is sufficient to offer leases to ALL of you clients, but that is probably a less than efficient use of your address space. I hope that this helps... Dale [=`) >From: "Dennis Bates" <[EMAIL PROTECTED]> >Reply-To: "Dennis Bates" <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Ip helper address >Date: Fri, 8 Sep 2000 08:10:44 -0500 > >I am trying to put a statement on the remote router to allow the clients to >obtain an IP address accross the WAN. I have used the ip helper-address >command successfully. My problem is that i would like any of the DHCP >servers at the central site to be able to service DHCP requests from the >remote site. Do I have to use mutilple ip helper-address statements ? I >have tried a helper address pointing to the subnet, but that does not seem >to work. EX. i have DHCP servers at 10.10.10.10 and 10.10.10.11 do i have >to >use two seperate ip helper address statements or can i use ip >helper-address >10.10.10.0 ? > > >**NOTE: New CCNA/CCDA List has been formed. For more information go to >http://www.groupstudy.com/list/Associate-Announcement.html >_ >UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html >FAQ, list archives, and subscription info: http://www.groupstudy.com >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associate-Announcement.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ip helper address
I don't understand this, wouldn't the client accept the second offer by sending the seconds servers siaddr in the request packet. also DHCP standard says that nowhere must a client accept the first offer and then stop broadcasting. All servers will answer the clients DHCPDISCOVER broadcast with any help it can or can not offer. The first server does not tell the second server to shutup so as soon as the (second or 1nanosecond slower server) receives the broadcast it will it will send a DHCPOFFER packet and the client will reply with an DHCPREQUEST packet to the second server (using the siaddr field) that will be ack'd by the second server with an DHCPACK packet. This is all made quite clear in RFC 1541. So you can have two DHCP servers on the same segment you just don't know which one will serve the address to the client but both will try independent of each other and the client will ot stop trying after receiving after a nack from a server. Duck - Original Message - From: Dale Holmes <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, September 08, 2000 7:10 AM Subject: Re: Ip helper address > > You have 2 DHCP servers on the same subnet??? This is probably not a good > idea... it does not really provide redundancy or load balancing. > The DHCP client will issue a request and accept the first response that it > gets. > > If you split your scope such that half of your available addresses are on > one server and half are on the other, you will *NOT* see that half of your > clients use one server while half use the other. If for some reason one > server always replies a nanosecond earlier than the other, then all clients > will accept the response from that server. Once that server is out of > addresses, it will start sending nack's. The clients will start accepting > those nack's and will not request an address again, even though the other > DHCP server may have dozens of free addresses to offer. > > SO - in answer to your question, the ip helper address of 10.10.10.0 will > allow your client's requests to reach all DHCP servers on that subnet, > HOWEVER they will only accept leases from the first server from which they > receive a response. Chances are that server will be the same one all the > time, even after it runs out of addresses to offer... > > You *could* set up your DHCP servers such that the scope on EACH ONE is > sufficient to offer leases to ALL of you clients, but that is probably a > less than efficient use of your address space. > > I hope that this helps... > > Dale > [=`) > > >From: "Dennis Bates" <[EMAIL PROTECTED]> > >Reply-To: "Dennis Bates" <[EMAIL PROTECTED]> > >To: [EMAIL PROTECTED] > >Subject: Ip helper address > >Date: Fri, 8 Sep 2000 08:10:44 -0500 > > > >I am trying to put a statement on the remote router to allow the clients to > >obtain an IP address accross the WAN. I have used the ip helper-address > >command successfully. My problem is that i would like any of the DHCP > >servers at the central site to be able to service DHCP requests from the > >remote site. Do I have to use mutilple ip helper-address statements ? I > >have tried a helper address pointing to the subnet, but that does not seem > >to work. EX. i have DHCP servers at 10.10.10.10 and 10.10.10.11 do i have > >to > >use two seperate ip helper address statements or can i use ip > >helper-address > >10.10.10.0 ? > > > > > >**NOTE: New CCNA/CCDA List has been formed. For more information go to > >http://www.groupstudy.com/list/Associate-Announcement.html > >_ > >UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > >FAQ, list archives, and subscription info: http://www.groupstudy.com > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > Share information about yourself, create your own public profile at > http://profiles.msn.com. > > **NOTE: New CCNA/CCDA List has been formed. For more information go to > http://www.groupstudy.com/list/Associate-Announcement.html > _ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ip helper address
Perhaps I should be more clear about this and say that this is the behaviour of MICROSOFT DHCP clients. Here is the info from the Windows NT Resource kit: "Note: The client accepts the first offer it receives, regardless of whether the offer came from a DHCP server on the local subnet or from a DHCP server on a different subnet. ... In the case where the DHCP server is unavailable or there is no available IP addressing information to lease to a client computer, the client is unable to bind to TCP/IP." An MS DHCP client may receive many DHCPOFFER's for its DHCPDISCOVER broadcast. It will accept the first offer it receives (actually, the first response it gets), and NACK all others. If the first response it gets is negative, it will settle for that, and NACK anything from the other servers. I have seen this (and sniffer traced it) in production. MS was unwilling to call it a bug, and said the behaviour was by design and was RFC compliant. Case was closed... This was NT 4.0 Service pack 4 with Win98 clients. I dunno if they have changed things since, but I doubt it. Dale [=`) >From: "Donald B Johnson Jr" <[EMAIL PROTECTED]> >To: "Dale Holmes" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, ><[EMAIL PROTECTED]> >Subject: Re: Ip helper address >Date: Mon, 11 Sep 2000 12:36:49 -0700 > >I don't understand this, wouldn't the client accept the second offer by >sending the seconds servers siaddr in the request packet. also DHCP >standard >says that nowhere must a client accept the first offer and then stop >broadcasting. All servers will answer the clients DHCPDISCOVER broadcast >with any help it can or can not offer. The first server does not tell the >second server to shutup so as soon as the (second or 1nanosecond slower >server) receives the broadcast it will it will send a DHCPOFFER packet and >the client will reply with an DHCPREQUEST packet to the second server >(using the siaddr field) that will be ack'd by the second server with an >DHCPACK packet. This is all made quite clear in RFC 1541. So you can have >two DHCP servers on the same segment you just don't know which one will >serve the address to the client but both will try independent of each other >and the client will ot stop trying after receiving after a nack from a >server. >Duck >- Original Message ----- >From: Dale Holmes <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> >Sent: Friday, September 08, 2000 7:10 AM >Subject: Re: Ip helper address > > > > > > You have 2 DHCP servers on the same subnet??? This is probably not a >good > > idea... it does not really provide redundancy or load balancing. > > The DHCP client will issue a request and accept the first response that >it > > gets. > > > > If you split your scope such that half of your available addresses are >on > > one server and half are on the other, you will *NOT* see that half of >your > > clients use one server while half use the other. If for some reason one > > server always replies a nanosecond earlier than the other, then all >clients > > will accept the response from that server. Once that server is out of > > addresses, it will start sending nack's. The clients will start >accepting > > those nack's and will not request an address again, even though the >other > > DHCP server may have dozens of free addresses to offer. > > > > SO - in answer to your question, the ip helper address of 10.10.10.0 >will > > allow your client's requests to reach all DHCP servers on that subnet, > > HOWEVER they will only accept leases from the first server from which >they > > receive a response. Chances are that server will be the same one all the > > time, even after it runs out of addresses to offer... > > > > You *could* set up your DHCP servers such that the scope on EACH ONE is > > sufficient to offer leases to ALL of you clients, but that is probably a > > less than efficient use of your address space. > > > > I hope that this helps... > > > > Dale > > [=`) > > > > >From: "Dennis Bates" <[EMAIL PROTECTED]> > > >Reply-To: "Dennis Bates" <[EMAIL PROTECTED]> > > >To: [EMAIL PROTECTED] > > >Subject: Ip helper address > > >Date: Fri, 8 Sep 2000 08:10:44 -0500 > > > > > >I am trying to put a statement on the remote router to allow the >clients >to > > >obtain an IP address accross the WAN. I have used the ip >helper-address > > >command successfully. My problem is that i would like any of the DHCP > > >servers at the cen
Re: Ip helper address
It is possible two have two DHCP servers in one subnet. The client will
accept the first IP address it recieves. This is done to remove the Single
point-of-failure in the one DHCP server. Some DHCP server software will
allow two or more servers to share a synchronized copy of the address pool
database, to simplify administration.
Getting to the question...
According to the Cisco Press ACRC book, if you have multiple ip
helper-address ('S) defined, any UDP broadcasts recieved on the allowed udp
ports will be unicasted to each of the IP helpers.
It's not just DHCP either, it's:
DHCP, DNS, TFTP, TIME, NETBIOS NAME SERVICE, NETBIOS DATAGRAM SERVICE, AND
TACACS.
Original Message Follows
From: "Donald B Johnson Jr" <[EMAIL PROTECTED]>
Reply-To: "Donald B Johnson Jr" <[EMAIL PROTECTED]>
To: "Dale Holmes" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>
Subject: Re: Ip helper address
Date: Mon, 11 Sep 2000 12:36:49 -0700
I don't understand this, wouldn't the client accept the second offer by
sending the seconds servers siaddr in the request packet. also DHCP standard
says that nowhere must a client accept the first offer and then stop
broadcasting. All servers will answer the clients DHCPDISCOVER broadcast
with any help it can or can not offer. The first server does not tell the
second server to shutup so as soon as the (second or 1nanosecond slower
server) receives the broadcast it will it will send a DHCPOFFER packet and
the client will reply with an DHCPREQUEST packet to the second server
(using the siaddr field) that will be ack'd by the second server with an
DHCPACK packet. This is all made quite clear in RFC 1541. So you can have
two DHCP servers on the same segment you just don't know which one will
serve the address to the client but both will try independent of each other
and the client will ot stop trying after receiving after a nack from a
server.
Duck
- Original Message -
From: Dale Holmes <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, September 08, 2000 7:10 AM
Subject: Re: Ip helper address
>
> You have 2 DHCP servers on the same subnet??? This is probably not a good
> idea... it does not really provide redundancy or load balancing.
> The DHCP client will issue a request and accept the first response that
it
> gets.
>
> If you split your scope such that half of your available addresses are on
> one server and half are on the other, you will *NOT* see that half of
your
> clients use one server while half use the other. If for some reason one
> server always replies a nanosecond earlier than the other, then all
clients
> will accept the response from that server. Once that server is out of
> addresses, it will start sending nack's. The clients will start accepting
> those nack's and will not request an address again, even though the other
> DHCP server may have dozens of free addresses to offer.
>
> SO - in answer to your question, the ip helper address of 10.10.10.0 will
> allow your client's requests to reach all DHCP servers on that subnet,
> HOWEVER they will only accept leases from the first server from which
they
> receive a response. Chances are that server will be the same one all the
> time, even after it runs out of addresses to offer...
>
> You *could* set up your DHCP servers such that the scope on EACH ONE is
> sufficient to offer leases to ALL of you clients, but that is probably a
> less than efficient use of your address space.
>
> I hope that this helps...
>
> Dale
> [=`)
>
> >From: "Dennis Bates" <[EMAIL PROTECTED]>
> >Reply-To: "Dennis Bates" <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: Ip helper address
> >Date: Fri, 8 Sep 2000 08:10:44 -0500
> >
> >I am trying to put a statement on the remote router to allow the clients
to
> >obtain an IP address accross the WAN. I have used the ip helper-address
> >command successfully. My problem is that i would like any of the DHCP
> >servers at the central site to be able to service DHCP requests from the
> >remote site. Do I have to use mutilple ip helper-address statements ?
I
> >have tried a helper address pointing to the subnet, but that does not
seem
> >to work. EX. i have DHCP servers at 10.10.10.10 and 10.10.10.11 do i
have
> >to
> >use two seperate ip helper address statements or can i use ip
> >helper-address
> >10.10.10.0 ?
> >
> >
> >**NOTE: New CCNA/CCDA List has been formed. For more information go to
> >http://www.groupstudy.com/list/Associate-Announcement.html
> >__
Re: Ip helper address
Doesn't a MS client go for a new server after 87.5% of the lease if It can't contact it's original server. I got a resource kit collecting dust somewhere what page is that on I'd like to look that up microsoft always seems to amaze me with there bugs. Maybe you should e-mail them the RFC. If you got a print out for the sniff I'd like to take a look at that too. Duck - Original Message - From: Dale Holmes <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, September 11, 2000 10:10 AM Subject: Re: Ip helper address > Perhaps I should be more clear about this and say that this is the behaviour > of MICROSOFT DHCP clients. Here is the info from the Windows NT Resource > kit: > > "Note: The client accepts the first offer it receives, regardless of > whether the offer came from a DHCP server on the local subnet or from a DHCP > server on a different subnet. ... In the case where the DHCP server is > unavailable or there is no available IP addressing information to lease to a > client computer, the client is unable to bind to TCP/IP." > > An MS DHCP client may receive many DHCPOFFER's for its DHCPDISCOVER > broadcast. It will accept the first offer it receives (actually, the first > response it gets), and NACK all others. If the first response it gets is > negative, it will settle for that, and NACK anything from the other servers. > I have seen this (and sniffer traced it) in production. MS was unwilling to > call it a bug, and said the behaviour was by design and was RFC compliant. > Case was closed... > > This was NT 4.0 Service pack 4 with Win98 clients. I dunno if they have > changed things since, but I doubt it. > > Dale > [=`) > > > > > >From: "Donald B Johnson Jr" <[EMAIL PROTECTED]> > >To: "Dale Holmes" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, > ><[EMAIL PROTECTED]> > >Subject: Re: Ip helper address > >Date: Mon, 11 Sep 2000 12:36:49 -0700 > > > >I don't understand this, wouldn't the client accept the second offer by > >sending the seconds servers siaddr in the request packet. also DHCP > >standard > >says that nowhere must a client accept the first offer and then stop > >broadcasting. All servers will answer the clients DHCPDISCOVER broadcast > >with any help it can or can not offer. The first server does not tell the > >second server to shutup so as soon as the (second or 1nanosecond slower > >server) receives the broadcast it will it will send a DHCPOFFER packet and > >the client will reply with an DHCPREQUEST packet to the second server > >(using the siaddr field) that will be ack'd by the second server with an > >DHCPACK packet. This is all made quite clear in RFC 1541. So you can have > >two DHCP servers on the same segment you just don't know which one will > >serve the address to the client but both will try independent of each other > >and the client will ot stop trying after receiving after a nack from a > >server. > >Duck > >- Original Message - > >From: Dale Holmes <[EMAIL PROTECTED]> > >To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > >Sent: Friday, September 08, 2000 7:10 AM > >Subject: Re: Ip helper address > > > > > > > > > > You have 2 DHCP servers on the same subnet??? This is probably not a > >good > > > idea... it does not really provide redundancy or load balancing. > > > The DHCP client will issue a request and accept the first response that > >it > > > gets. > > > > > > If you split your scope such that half of your available addresses are > >on > > > one server and half are on the other, you will *NOT* see that half of > >your > > > clients use one server while half use the other. If for some reason one > > > server always replies a nanosecond earlier than the other, then all > >clients > > > will accept the response from that server. Once that server is out of > > > addresses, it will start sending nack's. The clients will start > >accepting > > > those nack's and will not request an address again, even though the > >other > > > DHCP server may have dozens of free addresses to offer. > > > > > > SO - in answer to your question, the ip helper address of 10.10.10.0 > >will > > > allow your client's requests to reach all DHCP servers on that subnet, > > > HOWEVER they will only accept leases from the first server from which > >they > > > receive a response. Chances are that server wi
RE: IP Helper Address [7:13539]
An Ip helper address allows you to propagate (repeat) certain types of broadcasts across the wan to one or more remote machines. Two example of things that are useful with helper addresses are DHCP, Win9x NETBios Browsing w/o wins. -Original Message- From: Jason Kinney [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 12:52 PM To: [EMAIL PROTECTED] Subject: IP Helper Address [7:13539] I have heard this term "IP helper address" used to reference a default gateway. Is an IP helper address the same as a default gateway? If not what is an IP helper address? Do you know where the term came from? Jason Kinney 925-961-0223 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=13550&t=13539 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Helper Address [7:13539]
no...the two are nothing alike a default gateway is just thatyour next hop out. and ip helper can be any address on any subnet that would generally answer a broadcast from a host on a local segment. But since routers stop broadcasts by default, you must specify this address as a "helper" . The router then takes would would normally be a broadcast and forwards it to this "helper" address as a unicast. (most commonly used in this scenario is bootp/dhcp) -Patrick >>> "Jason Kinney" 07/24/01 12:52PM >>> I have heard this term "IP helper address" used to reference a default gateway. Is an IP helper address the same as a default gateway? If not what is an IP helper address? Do you know where the term came from? Jason Kinney 925-961-0223 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=13554&t=13539 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Helper Address [7:13539]
ip helper address can be used to find a dhcp server on a different segment than what you are. Your computer will broadcast a dhcp request (layer 3 which will not get through a router) for a dhcp server on a different segment. ip helper address will allow your machine access to the dhcp server through the router. however, be aware that ip helper address does open up other ports. - Original Message - From: Jason Kinney To: Sent: Tuesday, July 24, 2001 11:52 AM Subject: IP Helper Address [7:13539] > I have heard this term "IP helper address" used to reference a default > gateway. Is an IP helper address the same as a default gateway? If not > what is an IP helper address? Do you know where the term came from? > > Jason Kinney > 925-961-0223 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=13558&t=13539 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ip helper address [7:45042]
Yes you can. Just type in the command multiple times in the interface config mode. If servers are on the same network, then you can use the network address instead of the host addr. For example: servers are 1.1.1.1 and 1.1.1.2/24 then: r1(config-if)#ip helper-addres 1.1.1.1 r1(config-if)#ip helper-addres 1.1.1.2 or r1(config-if)#ip helper-addres 1.1.1.0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, May 25, 2002 12:59 PM To: [EMAIL PROTECTED] Subject: ip helper address [7:45042] Can you put more than one ip helper address on an ethernet interface? If so, what is the syntax to do so? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=45043&t=45042 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ip helper address [7:73533]
The one closest to the host. Thanks, Zsombor Janik James wrote: > > Assume that you have a two routers between your host and dhcp > server. > This means that you have a 4 interfaces you cna put "ip > helper-address" on. On which interface(s) you will put the > above command. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73534&t=73533 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: ip helper address [7:73533]
Bah! Good try, but you can't use the greater than or less than characters in this list. Bit me the first time also... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Creighton, Bill [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 2:33 PM To: [EMAIL PROTECTED] Subject: RE: ip helper address [7:73533] the interface closest to the host Host -Server (DHCP) In the example above the address would be applied to interface E0 of Router A Bill Creighton CCNP Network Design Engineer, eVPN AT&T Business Service Delivery NSPM > -Original Message- > From: Janik James [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 05, 2003 10:35 AM > To: [EMAIL PROTECTED] > Subject: ip helper address [7:73533] > > > Assume that you have a two routers between your host and dhcp server. > This means that you have a 4 interfaces you cna put "ip > helper-address" on. > On which interface(s) you will put the above command. > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73560&t=73533 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: ip helper address [7:73533]
the interface closest to the host Host -Server (DHCP) In the example above the address would be applied to interface E0 of Router A Bill Creighton CCNP Network Design Engineer, eVPN AT&T Business Service Delivery NSPM > -Original Message- > From: Janik James [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 05, 2003 10:35 AM > To: [EMAIL PROTECTED] > Subject: ip helper address [7:73533] > > > Assume that you have a two routers between your host and dhcp server. > This means that you have a 4 interfaces you cna put "ip > helper-address" on. > On which interface(s) you will put the above command. > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73549&t=73533 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: ip helper address [7:73533]
/it always has to go on the router int closest to the host. -Original Message- From: Janik James [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 11:35 AM To: [EMAIL PROTECTED] Subject: ip helper address [7:73533] Assume that you have a two routers between your host and dhcp server. This means that you have a 4 interfaces you cna put "ip helper-address" on. On which interface(s) you will put the above command. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73541&t=73533 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: IP Helper-address questions [7:247]
I assume when you say PDC, you are referring to an NT server PDC. I must also assume you have TCP/IP installed on all NT servers needing to communicate to each other. If so, then the ip-helper command is of no use. It merely forwards bootp and DHCP requests. If you need a PDC and a BDC to communicate then just make sure both servers are reporting to a common WINS server. From the WINS server the PDC and BDC will know what IP addresses they nees to use to communicate. As long as the servers can ping each other and WINS is configured properly then you are cooking. Thanks, Patrick -Original Message- From: David Eitel To: [EMAIL PROTECTED] Sent: 4/11/2001 2:45 PM Subject: IP Helper-address questions [7:247] I have two routers connected via serial point to point link. Router 1 has an ethernet segment with PDC info I want forwarded to Router 2 ethernet segment. No ip directed broadcast is configured on all interfaces. I want netbios traffic passed from one segment to the other. I have placed an IP helper-address statement on the ethernet interface needing the help. Do I need to use the ip helper-address on all interfaces to the source ip helper-address? Is the ip forward-protocol also necessary? Any advice would be greatly appreciated David Eitel FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=263&t=247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Helper-address questions [7:247]
Actually, the IP helper command is placed on the interface that is recieving the broadcasts. Now you have to decide which router is supposed to recieve the broadcasts. But in usual case, Clients usually try to communcate with the PDC for authentication and other stuffs. So, i think it would work to configure ip helper-address w.x.y.z on the ethernet interface of router 1 only (where w.x.y.z is the ip address of your PDC, but if you have multiple PDCs then you have to give the directed-broadcast address and also have to use ip directed-broadcast command). I hope this will work Muhammad Khalilullah CCNP, MCSE --- David Eitel wrote: > I have two routers connected via serial point to > point link. Router 1 has > an ethernet segment with PDC info I want forwarded > to Router 2 ethernet > segment. No ip directed broadcast is configured on > all interfaces. I want > netbios traffic passed from one segment to the > other. I have placed an IP > helper-address statement on the ethernet interface > needing the help. Do I > need to use the ip helper-address on all interfaces > to the source ip > helper-address? Is the ip forward-protocol also > necessary? Any advice would > be greatly appreciated > > David Eitel > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=313&t=247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Helper-address questions [7:247]
Here's a fun link explaining ip helper: http://routergod.com/trinity/ -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Muhammed Khalilullah"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Actually, the IP helper command is placed on the > interface that is recieving the broadcasts. Now you > have to decide which router is supposed to recieve the > broadcasts. But in usual case, Clients usually try to > communcate with the PDC for authentication and other > stuffs. So, i think it would work to configure ip > helper-address w.x.y.z on the ethernet interface of > router 1 only (where w.x.y.z is the ip address of your > PDC, but if you have multiple PDCs then you have to > give the directed-broadcast address and also have to > use ip directed-broadcast command). > > I hope this will work > > Muhammad Khalilullah > CCNP, MCSE > > --- David Eitel wrote: > > I have two routers connected via serial point to > > point link. Router 1 has > > an ethernet segment with PDC info I want forwarded > > to Router 2 ethernet > > segment. No ip directed broadcast is configured on > > all interfaces. I want > > netbios traffic passed from one segment to the > > other. I have placed an IP > > helper-address statement on the ethernet interface > > needing the help. Do I > > need to use the ip helper-address on all interfaces > > to the source ip > > helper-address? Is the ip forward-protocol also > > necessary? Any advice would > > be greatly appreciated > > > > David Eitel > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > __ > Do You Yahoo!? > Get email at your own domain with Yahoo! Mail. > http://personal.mail.yahoo.com/ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=563&t=247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Helper-address questions [7:247]
I happen to be a ccnp and mcse. I get how ip helper-address works. Also work with microsoft dhcp servers. How do you setup a scope for a remote subnet, and how does the dhcp server know how to hand out the correct ip leases for a non-connected subnet? Does the dhcp server look at the source address of the interface of the forwarded helper-address packets? Then match up the correct scope with the router interface ip address? ""Jason J. Roysdon"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Here's a fun link explaining ip helper: > http://routergod.com/trinity/ > > -- > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > List email: [EMAIL PROTECTED] > Homepage: http://jason.artoo.net/ > > > > ""Muhammed Khalilullah"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Actually, the IP helper command is placed on the > > interface that is recieving the broadcasts. Now you > > have to decide which router is supposed to recieve the > > broadcasts. But in usual case, Clients usually try to > > communcate with the PDC for authentication and other > > stuffs. So, i think it would work to configure ip > > helper-address w.x.y.z on the ethernet interface of > > router 1 only (where w.x.y.z is the ip address of your > > PDC, but if you have multiple PDCs then you have to > > give the directed-broadcast address and also have to > > use ip directed-broadcast command). > > > > I hope this will work > > > > Muhammad Khalilullah > > CCNP, MCSE > > > > --- David Eitel wrote: > > > I have two routers connected via serial point to > > > point link. Router 1 has > > > an ethernet segment with PDC info I want forwarded > > > to Router 2 ethernet > > > segment. No ip directed broadcast is configured on > > > all interfaces. I want > > > netbios traffic passed from one segment to the > > > other. I have placed an IP > > > helper-address statement on the ethernet interface > > > needing the help. Do I > > > need to use the ip helper-address on all interfaces > > > to the source ip > > > helper-address? Is the ip forward-protocol also > > > necessary? Any advice would > > > be greatly appreciated > > > > > > David Eitel > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to > > [EMAIL PROTECTED] > > > > > > __ > > Do You Yahoo!? > > Get email at your own domain with Yahoo! Mail. > > http://personal.mail.yahoo.com/ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=720&t=247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Helper-address questions [7:247]
Yup, you got it. Just set up the extra scope(s) for the subnet(s) you have the ip helper-address enabled port(s) on. The DHCP server sees the source address (or perhaps network address/mask, I'm not sure the down and dirty details), and sends an appropriate DHCP address from the scope that fits that subnet. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Michael Snyder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I happen to be a ccnp and mcse. I get how ip helper-address works. Also > work with microsoft dhcp servers. > > How do you setup a scope for a remote subnet, and how does the dhcp server > know how to hand out the correct ip leases for a non-connected subnet? > > Does the dhcp server look at the source address of the interface of the > forwarded helper-address packets? Then match up the correct scope with the > router interface ip address? > > > > > ""Jason J. Roysdon"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Here's a fun link explaining ip helper: > > http://routergod.com/trinity/ > > > > -- > > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > > List email: [EMAIL PROTECTED] > > Homepage: http://jason.artoo.net/ > > > > > > > > ""Muhammed Khalilullah"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Actually, the IP helper command is placed on the > > > interface that is recieving the broadcasts. Now you > > > have to decide which router is supposed to recieve the > > > broadcasts. But in usual case, Clients usually try to > > > communcate with the PDC for authentication and other > > > stuffs. So, i think it would work to configure ip > > > helper-address w.x.y.z on the ethernet interface of > > > router 1 only (where w.x.y.z is the ip address of your > > > PDC, but if you have multiple PDCs then you have to > > > give the directed-broadcast address and also have to > > > use ip directed-broadcast command). > > > > > > I hope this will work > > > > > > Muhammad Khalilullah > > > CCNP, MCSE > > > > > > --- David Eitel wrote: > > > > I have two routers connected via serial point to > > > > point link. Router 1 has > > > > an ethernet segment with PDC info I want forwarded > > > > to Router 2 ethernet > > > > segment. No ip directed broadcast is configured on > > > > all interfaces. I want > > > > netbios traffic passed from one segment to the > > > > other. I have placed an IP > > > > helper-address statement on the ethernet interface > > > > needing the help. Do I > > > > need to use the ip helper-address on all interfaces > > > > to the source ip > > > > helper-address? Is the ip forward-protocol also > > > > necessary? Any advice would > > > > be greatly appreciated > > > > > > > > David Eitel > > > > FAQ, list archives, and subscription info: > > > > http://www.groupstudy.com/list/cisco.html > > > > Report misconduct and Nondisclosure violations to > > > [EMAIL PROTECTED] > > > > > > > > > __ > > > Do You Yahoo!? > > > Get email at your own domain with Yahoo! Mail. > > > http://personal.mail.yahoo.com/ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=728&t=247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Helper-address questions [7:247]
At 01:52 PM 4/15/01, Michael Snyder wrote: >I happen to be a ccnp and mcse. I get how ip helper-address works. Also >work with microsoft dhcp servers. > >How do you setup a scope for a remote subnet, and how does the dhcp server >know how to hand out the correct ip leases for a non-connected subnet? > >Does the dhcp server look at the source address of the interface of the >forwarded helper-address packets? Then match up the correct scope with the >router interface ip address? The source MAC address is the router's address (assuming the packet only went one hop), but the source IP address is 0.0.0.0, so that doesn't help. What does help is that the DHCP packet has a GIAddr (Gateway IP Address) field. The router that forwards the packet puts its own address in that field. The router puts the address for the interface that the DHCP Discover packet came in on. The remote DHCP server can figure out which scope it's dealing with from that info. The GIAddr should be from the same subnet as the requesting host. Priscilla >""Jason J. Roysdon"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Here's a fun link explaining ip helper: > > http://routergod.com/trinity/ > > > > -- > > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > > List email: [EMAIL PROTECTED] > > Homepage: http://jason.artoo.net/ > > > > > > > > ""Muhammed Khalilullah"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Actually, the IP helper command is placed on the > > > interface that is recieving the broadcasts. Now you > > > have to decide which router is supposed to recieve the > > > broadcasts. But in usual case, Clients usually try to > > > communcate with the PDC for authentication and other > > > stuffs. So, i think it would work to configure ip > > > helper-address w.x.y.z on the ethernet interface of > > > router 1 only (where w.x.y.z is the ip address of your > > > PDC, but if you have multiple PDCs then you have to > > > give the directed-broadcast address and also have to > > > use ip directed-broadcast command). > > > > > > I hope this will work > > > > > > Muhammad Khalilullah > > > CCNP, MCSE > > > > > > --- David Eitel wrote: > > > > I have two routers connected via serial point to > > > > point link. Router 1 has > > > > an ethernet segment with PDC info I want forwarded > > > > to Router 2 ethernet > > > > segment. No ip directed broadcast is configured on > > > > all interfaces. I want > > > > netbios traffic passed from one segment to the > > > > other. I have placed an IP > > > > helper-address statement on the ethernet interface > > > > needing the help. Do I > > > > need to use the ip helper-address on all interfaces > > > > to the source ip > > > > helper-address? Is the ip forward-protocol also > > > > necessary? Any advice would > > > > be greatly appreciated > > > > > > > > David Eitel > > > > FAQ, list archives, and subscription info: > > > > http://www.groupstudy.com/list/cisco.html > > > > Report misconduct and Nondisclosure violations to > > > [EMAIL PROTECTED] > > > > > > > > > __ > > > Do You Yahoo!? > > > Get email at your own domain with Yahoo! Mail. > > > http://personal.mail.yahoo.com/ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=736&t=247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Helper-address questions [7:247]
Yes, The DHCP server will check the IP address of the interface on which you have configured the IP Helper address command. So make pools on the DHCP server accordingly. eg: Router's interface 192.168.1.1/16 Server' pool 192.168.0.1-192.168.255.254 wil work. Muhammad Khalilullah CCNP, MCSE --- "Jason J. Roysdon" wrote: > Yup, you got it. Just set up the extra scope(s) for > the subnet(s) you have > the ip helper-address enabled port(s) on. The DHCP > server sees the source > address (or perhaps network address/mask, I'm not > sure the down and dirty > details), and sends an appropriate DHCP address from > the scope that fits > that subnet. > > -- > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, > Network+, A+ > List email: [EMAIL PROTECTED] > Homepage: http://jason.artoo.net/ > > > > ""Michael Snyder"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I happen to be a ccnp and mcse. I get how ip > helper-address works. Also > > work with microsoft dhcp servers. > > > > How do you setup a scope for a remote subnet, and > how does the dhcp server > > know how to hand out the correct ip leases for a > non-connected subnet? > > > > Does the dhcp server look at the source address of > the interface of the > > forwarded helper-address packets? Then match up > the correct scope with > the > > router interface ip address? > > > > > > > > > > ""Jason J. Roysdon"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Here's a fun link explaining ip helper: > > > http://routergod.com/trinity/ > > > > > > -- > > > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, > Network+, A+ > > > List email: [EMAIL PROTECTED] > > > Homepage: http://jason.artoo.net/ > > > > > > > > > > > > ""Muhammed Khalilullah"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Actually, the IP helper command is placed on > the > > > > interface that is recieving the broadcasts. > Now you > > > > have to decide which router is supposed to > recieve the > > > > broadcasts. But in usual case, Clients usually > try to > > > > communcate with the PDC for authentication and > other > > > > stuffs. So, i think it would work to configure > ip > > > > helper-address w.x.y.z on the ethernet > interface of > > > > router 1 only (where w.x.y.z is the ip address > of your > > > > PDC, but if you have multiple PDCs then you > have to > > > > give the directed-broadcast address and also > have to > > > > use ip directed-broadcast command). > > > > > > > > I hope this will work > > > > > > > > Muhammad Khalilullah > > > > CCNP, MCSE > > > > > > > > --- David Eitel wrote: > > > > > I have two routers connected via serial > point to > > > > > point link. Router 1 has > > > > > an ethernet segment with PDC info I want > forwarded > > > > > to Router 2 ethernet > > > > > segment. No ip directed broadcast is > configured on > > > > > all interfaces. I want > > > > > netbios traffic passed from one segment to > the > > > > > other. I have placed an IP > > > > > helper-address statement on the ethernet > interface > > > > > needing the help. Do I > > > > > need to use the ip helper-address on all > interfaces > > > > > to the source ip > > > > > helper-address? Is the ip forward-protocol > also > > > > > necessary? Any advice would > > > > > be greatly appreciated > > > > > > > > > > David Eitel > > > > > FAQ, list archives, and subscription info: > > > > > http://www.groupstudy.com/list/cisco.html > > > > > Report misconduct and Nondisclosure > violations to > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > __ > > > > Do You Yahoo!? > > > > Get email at your own domain with Yahoo! Mail. > > > > http://personal.mail.yahoo.com/ > > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > > Report misconduct and Nondisclosure violations > to [EMAIL PROTECTED] > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations > to [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=758&t=247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Helper-address questions [7:247]
Actually, you'll want to make the pools only as big as the subnet, unless you know some trick I don't Muhammed. Each pool will need a default gateway assigned as part of the scope, and unless you're doing a /16 range for 192.168/16, then you'll want a pool for each 192.168/24 network. Don't forget to take advantage of the global attributes. Set your DNS, WINS, and whatever settings are the same for each pool as a global setting, and only those settings that need to be unique for each pool (Gateway is all I can think of). This way you don't have to specify these same settings for each pool. A pool-specific attribute will also override the Global attribute for that pool, so even if you had a local WINS and/or DNS server that you want one network to use, still set the Global for whatever is the main configuration. Don't forget if you use WINS to set the node type to 0x8 (hybrid). -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Muhammed Khalilullah"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Yes, The DHCP server will check the IP address of the > interface on which you have configured the IP Helper > address command. So make pools on the DHCP server > accordingly. eg: Router's interface 192.168.1.1/16 > Server' pool 192.168.0.1-192.168.255.254 wil work. > > Muhammad Khalilullah > CCNP, MCSE > --- "Jason J. Roysdon" wrote: > > Yup, you got it. Just set up the extra scope(s) for > > the subnet(s) you have > > the ip helper-address enabled port(s) on. The DHCP > > server sees the source > > address (or perhaps network address/mask, I'm not > > sure the down and dirty > > details), and sends an appropriate DHCP address from > > the scope that fits > > that subnet. > > > > -- > > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, > > Network+, A+ > > List email: [EMAIL PROTECTED] > > Homepage: http://jason.artoo.net/ > > > > > > > > ""Michael Snyder"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > I happen to be a ccnp and mcse. I get how ip > > helper-address works. Also > > > work with microsoft dhcp servers. > > > > > > How do you setup a scope for a remote subnet, and > > how does the dhcp server > > > know how to hand out the correct ip leases for a > > non-connected subnet? > > > > > > Does the dhcp server look at the source address of > > the interface of the > > > forwarded helper-address packets? Then match up > > the correct scope with > > the > > > router interface ip address? > > > > > > > > > > > > > > > ""Jason J. Roysdon"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Here's a fun link explaining ip helper: > > > > http://routergod.com/trinity/ > > > > > > > > -- > > > > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, > > Network+, A+ > > > > List email: [EMAIL PROTECTED] > > > > Homepage: http://jason.artoo.net/ > > > > > > > > > > > > > > > > ""Muhammed Khalilullah"" wrote in message > > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > Actually, the IP helper command is placed on > > the > > > > > interface that is recieving the broadcasts. > > Now you > > > > > have to decide which router is supposed to > > recieve the > > > > > broadcasts. But in usual case, Clients usually > > try to > > > > > communcate with the PDC for authentication and > > other > > > > > stuffs. So, i think it would work to configure > > ip > > > > > helper-address w.x.y.z on the ethernet > > interface of > > > > > router 1 only (where w.x.y.z is the ip address > > of your > > > > > PDC, but if you have multiple PDCs then you > > have to > > > > > give the directed-broadcast address and also > > have to > > > > > use ip directed-broadcast command). > > > > > > > > > > I hope this will work > > > > > > > > > > Muhammad Khalilullah > > > > > CCNP, MCSE > > > > > > > > > > --- David Eitel wrote: > > > > > > I have two routers connected via serial > > point to > > > > > > point link. Router 1 has > > > > > > an ethernet segment with PDC info I want > > forwarded > > > > > > to Router 2 ethernet > > > > > > segment. No ip directed broadcast is > > configured on > > > > > > all interfaces. I want > > > > > > netbios traffic passed from one segment to > > the > > > > > > other. I have placed an IP > > > > > > helper-address statement on the ethernet > > interface > > > > > > needing the help. Do I > > > > > > need to use the ip helper-address on all > > interfaces > > > > > > to the source ip > > > > > > helper-address? Is the ip forward-protocol > > also > > > > > > necessary? Any advice would > > > > > > be greatly appreciated > > > > > > > > > > > > David Eitel > > > > > > FAQ, list archives, and subscription info: > > > > > > http://www.groupstudy.com/list/cisco.html > > > > > > Report misconduct and Nondisclosure > > violations to > > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > __ > >
RE: IP helper address and subnet broadcast [7:25692]
sorry if you've received this before...I'm having problems posting it seems... -Original Message- From: R. Benjamin Kessler [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 08, 2001 10:01 AM To: Priscilla Oppenheimer; Cisco GroupStudy List Subject: RE: IP helper address and subnet broadcast [7:25485] I had a similar situation in the past where the DHCP servers were on *nix boxes and they got flooded with the NetBT stuff (from 3000+ workstations) needlessly. In this type of a situation "no ip forward protocol" is your friend. To just foward the DHCP requests you need to do the following: no ip forward-protocol udp tftp no ip forward-protocol udp nameserver no ip forward-protocol udp domain no ip forward-protocol udp time no ip forward-protocol udp netbios-ns no ip forward-protocol udp netbios-dgm no ip forward-protocol udp tacacs It would be nice if you could disable all and then specifically add the ones you want (i.e. the passive-interface default / no passive-interface method) but - at least on the versions I've tried - she's a no go. You can disable all udp flooding with the command: no ip forward-protocol udp But as soon as you enable a specific service this command gets 'un-done'...perhaps a it can be a feature request for the programmers @ Cisco watching this list (do any?). Hope this helps. Ben -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 07, 2001 2:44 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: IP helper address and subnet broadcast [7:25485] Thank-you very much for your research and testing, Ben. The person who started this discussion (offline) also wrote back and confirmed that the subnet broadcasts are indeed forwarded to the address in his IP helper address command. I agree that it makes sense from the point of view that the subnet broadcast (10.10.255.255) is no different from an ordinary broadcast (255.255.255.255) at the MAC layer. They both go to FF:FF:FF:FF:FF:FF. There are concerns about this behavior however. In his case the DHCP server is the helper address. It is receiving all sorts of junk that it shouldn't receive, including WINS and BROWSE stuff. The IP Helper Address configuration is causing these packets to be sent as unicast packets to the DHCP server. It's probably just a minor performance issue, but worth fixing. I don't know enough about his network to recommend this definitely, but he may be able to configure "no ip forward-protocol 137" and "no ip forward-protocol 138" to ensure that the WINS and BROWSE stuff is not forwarded. I believe he has an actual WINS server also that can handle the WINS service and the nodes are configured as H-Nodes so they are unicasting to the WINS server in addition to sending their broadcasts. I thought this was interesting! I wonder how many people have thought about how much junk by default gets forwarded with IP helper address. And offline, some experts asked me why would a router forward a subnet broadcast, so they all agreed that this was not completely expected behavior. Thanks again, Priscilla At 10:00 AM 11/7/01, R. Benjamin Kessler wrote: >I setup a remote unix box running nmap and had it send packets to the subnet >broadcast address (in my case 192.168.72.255). I configured my router with >an ip helper command (sending to a single host). I executed the nmap >command with and without IP directed broadcast configured on the router >interface and didn't see any difference. > >Running a sniffer-like device on the target (of the ip helper command) I was >able to verify the receipt of the packets sent via nmap. > >Given a network similar to the following: > > +---++---+ >-| rtr a || rtr b |- > e0 +---+ e1 e1 +---+ e0 > >My understanding of directed-broadcast is that if a packet sourced from rtr >a's e0 network is sent to the broadcast address of rtr b's e0; rtr b will >forward it if directed-broadcast is enabled and drop if not. > >IP helper impacts packets heading out (from the router) to the interface in >question not packets inbound. > >To take this discussion a step further, the IP helper function processes >packets sent to the MAC-layer broadcast address for the specified protocols. >A packet sent to the local IP broadcast address (10.10.255.255 in >Priscilla's example) will have the same MAC-layer destination address as a >packet sent to 255.255.255.255. > >Comments, questions? Anyone think my logic is all wet? > >-----Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Priscilla Oppenheimer >Sent: Tuesday, November 06, 2001 9:43 PM >To: [EMAIL PROTECTED] >Subject: Re: IP helper address and subnet broadcast [7:25485] > > >I know
Re: IP helper address and subnet broadcast [7:25485]
Priscilla Oppenheimer wrote: > Thank-you very much for your research and testing, Ben. > > The person who started this discussion (offline) also wrote back and > confirmed that the subnet broadcasts are indeed forwarded to the address in > his IP helper address command. I agree that it makes sense from the point > of view that the subnet broadcast (10.10.255.255) is no different from an > ordinary broadcast (255.255.255.255) at the MAC layer. They both go to > FF:FF:FF:FF:FF:FF. > > There are concerns about this behavior however. In his case the DHCP server > is the helper address. It is receiving all sorts of junk that it shouldn't > receive, including WINS and BROWSE stuff. The IP Helper Address > configuration is causing these packets to be sent as unicast packets to the > DHCP server. It's probably just a minor performance issue, but worth fixing. > > I don't know enough about his network to recommend this definitely, but he > may be able to configure "no ip forward-protocol 137" and "no ip > forward-protocol 138" to ensure that the WINS and BROWSE stuff is not > forwarded. I believe he has an actual WINS server also that can handle the > WINS service and the nodes are configured as H-Nodes so they are unicasting > to the WINS server in addition to sending their broadcasts. > > I thought this was interesting! I wonder how many people have thought about > how much junk by default gets forwarded with IP helper address. And > offline, some experts asked me why would a router forward a subnet > broadcast, so they all agreed that this was not completely expected behavior. > > Thanks again, > > Priscilla > > At 10:00 AM 11/7/01, R. Benjamin Kessler wrote: > >I setup a remote unix box running nmap and had it send packets to the subnet > >broadcast address (in my case 192.168.72.255). I configured my router with > >an ip helper command (sending to a single host). I executed the nmap > >command with and without IP directed broadcast configured on the router > >interface and didn't see any difference. > > > >Running a sniffer-like device on the target (of the ip helper command) I was > >able to verify the receipt of the packets sent via nmap. > > > >Given a network similar to the following: > > > > +---++---+ > >-| rtr a || rtr b |- > > e0 +---+ e1 e1 +---+ e0 > > > >My understanding of directed-broadcast is that if a packet sourced from rtr > >a's e0 network is sent to the broadcast address of rtr b's e0; rtr b will > >forward it if directed-broadcast is enabled and drop if not. > > > >IP helper impacts packets heading out (from the router) to the interface in > >question not packets inbound. > > > >To take this discussion a step further, the IP helper function processes > >packets sent to the MAC-layer broadcast address for the specified protocols. > >A packet sent to the local IP broadcast address (10.10.255.255 in > >Priscilla's example) will have the same MAC-layer destination address as a > >packet sent to 255.255.255.255. > > > >Comments, questions? Anyone think my logic is all wet? > > > >-Original Message- > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > >Priscilla Oppenheimer > >Sent: Tuesday, November 06, 2001 9:43 PM > >To: [EMAIL PROTECTED] > >Subject: Re: IP helper address and subnet broadcast [7:25485] > > > > > >I know how IP helper address, directed broadcasts, NetBIOS, etc. work. > >(NetBIOS session service doesn't broadcast, by the way, and in fact uses > >TCP not UDP, so I doubt that it needs to be added to the list. It's used > >between a client and server after the client has mapped the NetBIOS name to > >the server's address.) > > > >The question is: will the router (with IP helper address) forward if the > >source sends to a subnet broadcast such as 10.10.255.255 instead of sending > >to 255.255.255.255? Nowhere does the documentation say that it won't, so I > >guess it will. > > > >Note that I am not asking about the forwarding of directed broadcasts. The > >IP helper address is configured with an actual server's address, not a > >directed broadcast address. > > > >I'm not looking for the boring answers to the boring questions. The > >question is not the same one that you have seen many times. ;-) > > > >Priscilla > > > > Priscilla Oppenheimer > http://www.priscilla.com Many of the big corporations have been aware of it for some time. When I had to set up DHCP at a certain Silicon Valley giant corporation in 1996, I came across their white paper on setting up DHCP relay via Cisco's ip helper-address, with specific instructions to do a "no ip forward" on UDP 137 and 138. Jonathan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=25734&t=25485 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP helper address and subnet broadcast [7:25485]
I had a similar situation in the past where the DHCP servers were on *nix boxes and they got flooded with the NetBT stuff (from 3000+ workstations) needlessly. In this type of a situation "no ip forward protocol" is your friend. To just foward the DHCP requests you need to do the following: no ip forward-protocol udp tftp no ip forward-protocol udp nameserver no ip forward-protocol udp domain no ip forward-protocol udp time no ip forward-protocol udp netbios-ns no ip forward-protocol udp netbios-dgm no ip forward-protocol udp tacacs It would be nice if you could disable all and then specifically add the ones you want (i.e. the passive-interface default / no passive-interface method) but - at least on the versions I've tried - she's a no go. You can disable all udp flooding with the command: no ip forward-protocol udp But as soon as you enable a specific service this command gets 'un-done'...perhaps a it can be a feature request for the programmers @ Cisco watching this list (do any?). Hope this helps. Ben -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 07, 2001 2:44 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: IP helper address and subnet broadcast [7:25485] Thank-you very much for your research and testing, Ben. The person who started this discussion (offline) also wrote back and confirmed that the subnet broadcasts are indeed forwarded to the address in his IP helper address command. I agree that it makes sense from the point of view that the subnet broadcast (10.10.255.255) is no different from an ordinary broadcast (255.255.255.255) at the MAC layer. They both go to FF:FF:FF:FF:FF:FF. There are concerns about this behavior however. In his case the DHCP server is the helper address. It is receiving all sorts of junk that it shouldn't receive, including WINS and BROWSE stuff. The IP Helper Address configuration is causing these packets to be sent as unicast packets to the DHCP server. It's probably just a minor performance issue, but worth fixing. I don't know enough about his network to recommend this definitely, but he may be able to configure "no ip forward-protocol 137" and "no ip forward-protocol 138" to ensure that the WINS and BROWSE stuff is not forwarded. I believe he has an actual WINS server also that can handle the WINS service and the nodes are configured as H-Nodes so they are unicasting to the WINS server in addition to sending their broadcasts. I thought this was interesting! I wonder how many people have thought about how much junk by default gets forwarded with IP helper address. And offline, some experts asked me why would a router forward a subnet broadcast, so they all agreed that this was not completely expected behavior. Thanks again, Priscilla At 10:00 AM 11/7/01, R. Benjamin Kessler wrote: >I setup a remote unix box running nmap and had it send packets to the subnet >broadcast address (in my case 192.168.72.255). I configured my router with >an ip helper command (sending to a single host). I executed the nmap >command with and without IP directed broadcast configured on the router >interface and didn't see any difference. > >Running a sniffer-like device on the target (of the ip helper command) I was >able to verify the receipt of the packets sent via nmap. > >Given a network similar to the following: > > +---++---+ >-| rtr a || rtr b |- > e0 +---+ e1 e1 +---+ e0 > >My understanding of directed-broadcast is that if a packet sourced from rtr >a's e0 network is sent to the broadcast address of rtr b's e0; rtr b will >forward it if directed-broadcast is enabled and drop if not. > >IP helper impacts packets heading out (from the router) to the interface in >question not packets inbound. > >To take this discussion a step further, the IP helper function processes >packets sent to the MAC-layer broadcast address for the specified protocols. >A packet sent to the local IP broadcast address (10.10.255.255 in >Priscilla's example) will have the same MAC-layer destination address as a >packet sent to 255.255.255.255. > >Comments, questions? Anyone think my logic is all wet? > >-Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Priscilla Oppenheimer >Sent: Tuesday, November 06, 2001 9:43 PM >To: [EMAIL PROTECTED] >Subject: Re: IP helper address and subnet broadcast [7:25485] > > >I know how IP helper address, directed broadcasts, NetBIOS, etc. work. >(NetBIOS session service doesn't broadcast, by the way, and in fact uses >TCP not UDP, so I doubt that it needs to be added to the list. It's used >between a client and server after the client has mapped the NetBIOS name to >the server'
RE: IP helper address and subnet broadcast [7:25485]
Depends on what you're trying to do...the utility I used here is just "nmap" - see www.insecure.org (note: this is a bit of a "hacking" tool, so use with caution). This is basically a port scanning tool, you can specify a remote subnet to scan but you give it the range of addresses to probe, I don't see why you couldn't probe a remote host that just happened to have the same address as the subnet broadcast somewhere. I guess by definition, if you've got a default gateway configured and are sending traffic to a remote subnet you'll have the local router's MAC address as the destination. If you're looking to do something a bit more elaborate you can try to use a Sniffer to manufacture a string of packets but it is probably more trouble than it's worth. I'm sure that there are plenty of hacker tools that will do this but you'll probably need to go lurking on some different lists to find them... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Logan, Harold Sent: Wednesday, November 07, 2001 2:32 PM To: [EMAIL PROTECTED] Subject: RE: IP helper address and subnet broadcast [7:25485] Interesting... By any chance do you have a packet manipulator available? For added fun you could put together a frame with a destination IP of the subnet's broadcast addy, and a destination MAC of the routers MAC address... > -Original Message- > From: R. Benjamin Kessler [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, November 07, 2001 2:03 PM > To: [EMAIL PROTECTED] > Subject: RE: IP helper address and subnet broadcast [7:25485] > > > I setup a remote unix box running nmap and had it send > packets to the subnet > broadcast address (in my case 192.168.72.255). I configured > my router with > an ip helper command (sending to a single host). I executed the nmap > command with and without IP directed broadcast configured on > the router > interface and didn't see any difference. > > Running a sniffer-like device on the target (of the ip helper > command) I was > able to verify the receipt of the packets sent via nmap. > > Given a network similar to the following: > > +---++---+ > -| rtr a || rtr b |- > e0 +---+ e1 e1 +---+ e0 > > My understanding of directed-broadcast is that if a packet > sourced from rtr > a's e0 network is sent to the broadcast address of rtr b's > e0; rtr b will > forward it if directed-broadcast is enabled and drop if not. > > IP helper impacts packets heading out (from the router) to > the interface in > question not packets inbound. > > To take this discussion a step further, the IP helper > function processes > packets sent to the MAC-layer broadcast address for the > specified protocols. > A packet sent to the local IP broadcast address (10.10.255.255 in > Priscilla's example) will have the same MAC-layer destination > address as a > packet sent to 255.255.255.255. > > Comments, questions? Anyone think my logic is all wet? > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Priscilla Oppenheimer > Sent: Tuesday, November 06, 2001 9:43 PM > To: [EMAIL PROTECTED] > Subject: Re: IP helper address and subnet broadcast [7:25485] > > > I know how IP helper address, directed broadcasts, NetBIOS, etc. work. > (NetBIOS session service doesn't broadcast, by the way, and > in fact uses > TCP not UDP, so I doubt that it needs to be added to the > list. It's used > between a client and server after the client has mapped the > NetBIOS name to > the server's address.) > > The question is: will the router (with IP helper address) > forward if the > source sends to a subnet broadcast such as 10.10.255.255 > instead of sending > to 255.255.255.255? Nowhere does the documentation say that > it won't, so I > guess it will. > > Note that I am not asking about the forwarding of directed > broadcasts. The > IP helper address is configured with an actual server's address, not a > directed broadcast address. > > I'm not looking for the boring answers to the boring questions. The > question is not the same one that you have seen many times. ;-) > > Priscilla > > At 10:09 PM 11/6/01, Erick B. wrote: > >Priscalla, > > > >They need to enable one more 'ip forward-protocol udp' > >globally for this to work, as well as enable > >directed-broadcast on target router interface where > >ip-helper is forwarding to. > > > >Also, I replied to nrf on this as well in more detail > >just explaining helper-address and > >directed-broadcasts. > > > >
RE: IP helper address and subnet broadcast [7:25485]
The few times I've needed a packet manipulator, SnifferPro has worked fine for me. The idea I was shooting for (please keep in mind that yesterday I was working on 3 hours of sleep and no caffeine) was to put together a layer 3 broadcast with a layer 2 unicast address, specifically the destination MAC of the router's ethernet interface. That, combined with some packet debugging or accounting on the far router, could tell you if the router forwards traffic to the ip helper address because the layer 2 destination addy is all F's, or if it forwards to the ip helper addres because the layer 3 destination address is the subnet's broadcast addy. I suppose if I'm that curious I should get off my arse and set up such a scenario here, but I let someone else label the cables in my pod, and I'm still working on fixing it... right now the classroom where we keep the routers has v.35 and cat5 cables strewn all over the place. Argh. Hal Logan Network Specialist / Adjunct Faculty Computing and Engineering Technology Manatee Community College > -Original Message- > From: R. Benjamin Kessler [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, November 07, 2001 5:18 PM > To: Logan, Harold; [EMAIL PROTECTED] > Subject: RE: IP helper address and subnet broadcast [7:25485] > > > Depends on what you're trying to do...the utility I used here is just > "nmap" - see www.insecure.org (note: this is a bit of a > "hacking" tool, so > use with caution). > > This is basically a port scanning tool, you can specify a > remote subnet to > scan but you give it the range of addresses to probe, I don't > see why you > couldn't probe a remote host that just happened to have the > same address as > the subnet broadcast somewhere. > > I guess by definition, if you've got a default gateway > configured and are > sending traffic to a remote subnet you'll have the local router's MAC > address as the destination. > > If you're looking to do something a bit more elaborate you > can try to use a > Sniffer to manufacture a string of packets but it is probably > more trouble > than it's worth. I'm sure that there are plenty of hacker > tools that will > do this but you'll probably need to go lurking on some > different lists to > find them... > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Logan, Harold > Sent: Wednesday, November 07, 2001 2:32 PM > To: [EMAIL PROTECTED] > Subject: RE: IP helper address and subnet broadcast [7:25485] > > > Interesting... By any chance do you have a packet manipulator > available? > For added fun you could put together a frame with a destination IP of > the subnet's broadcast addy, and a destination MAC of the routers MAC > address... > > > > -Original Message- > > From: R. Benjamin Kessler [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, November 07, 2001 2:03 PM > > To: [EMAIL PROTECTED] > > Subject: RE: IP helper address and subnet broadcast [7:25485] > > > > > > I setup a remote unix box running nmap and had it send > > packets to the subnet > > broadcast address (in my case 192.168.72.255). I configured > > my router with > > an ip helper command (sending to a single host). I > executed the nmap > > command with and without IP directed broadcast configured on > > the router > > interface and didn't see any difference. > > > > Running a sniffer-like device on the target (of the ip helper > > command) I was > > able to verify the receipt of the packets sent via nmap. > > > > Given a network similar to the following: > > > > +---++---+ > > -| rtr a || rtr b |- > > e0 +---+ e1 e1 +---+ e0 > > > > My understanding of directed-broadcast is that if a packet > > sourced from rtr > > a's e0 network is sent to the broadcast address of rtr b's > > e0; rtr b will > > forward it if directed-broadcast is enabled and drop if not. > > > > IP helper impacts packets heading out (from the router) to > > the interface in > > question not packets inbound. > > > > To take this discussion a step further, the IP helper > > function processes > > packets sent to the MAC-layer broadcast address for the > > specified protocols. > > A packet sent to the local IP broadcast address (10.10.255.255 in > > Priscilla's example) will have the same MAC-layer destination > > address as a > > packet sent to 255.255.255.255. > > > > Comments, questions? Anyone think my logi
Re: IP helper-address, domain browsing & N [7:36089]
I am going to venture a guess :- According to MS NT's static ports assignment, TCP: 42 is for WINS replication, perhaps by changing this statetment from ip nat inside source static 10.0.3.40 xxx.xxx.xxx.156 extendable to ip nat inside source static 10.0.3.40 42 xxx.xxx.xxx.156 42 extendable may solve the problem. However, according to MS two other ports are also used in WINS functions: TCP:135 for WINS Manager and TCP:137 for WINS Registration. Interest to know if this helps. ""Kurdziel Peter"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Does anyone know of any issues using the IP helper-address and domain > browsing while using NAT? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36220&t=36089 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP helper-address, domain browsing & N [7:36089]
Is Nat on on the NJ router? If so, just Nat from CA only. -- RFC 1149 Compliant. ""Kurdziel Peter"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Does anyone know of any issues using the IP helper-address and domain > browsing while using NAT? > > > I have 2 locations, CA and NJ. > CA has a connection to the internet, NJ does not. CA and NJ are connected > via a point-to-point link via their serial insterfaces. With the help of > NATting NJ now is able to access the internet via the router in CA. > > My problem is that I need the servers at each location to replicate their > WINS databases. To try and solve this issues I added IP Helper-adress to the > serial point to point link on both side. If I remove the ip nat inside or > the ip nat outside command from either the fastethernet or the serail > interfaces I can broswe the domain and replicate the Wins database in either > location. But the NJ location does not have internet access. > > What do I need to do to enable both browsing to and from either location and > Internet access at both locations. > > > Here is a copy of my config from both locations. > > hostname California > ! > enable secret > ! > ! > ! > ! > ! > memory-size iomem 25 > ip subnet-zero > ! > ! > ! > ! > interface Serial0 > description Connection to ISP > ip address 10.0.10.1 255.255.255.252 > ip nat outside > no fair-queue > > > interface Serial1 > description point to point t1 to New Jersey > ip address 192.168.254.2 255.255.255.252 > ip helper-address 10.0.3.40 ***Server's IP in New Jersey* > no fair-queue > ! > interface FastEthernet0 > ip address 10.0.2.1 255.255.255.0 secondary > ip address xxx.xxx.xxx.155 255.255.255.248 > ip nat inside > speed auto > ! > ip nat pool local xxx.xxx.xxx.155 xxx.xxx.xxx.155 prefix-length 28 > ip nat inside source list 1 pool local overload > ip nat inside source static 10.0.3.40 xxx.xxx.xxx.156 extendable > ip classless > > ip route 0.0.0.0 0.0.0.0 serial0 > ip route 10.0.3.0 255.255.255.0 192.168.254.1 > ip route xxx.xxx.xxx.0 255.255.255.248 192.168.254.1 > > > no ip http server > ! > access-list 1 permit 10.0.2.0 0.0.0.255 > ! > line con 0 > password > line aux 0 > password > line vty 0 4 > password > ! > end > > > > hostname NewJersy > ! > enable secret > ! > ! > ! > ! > ! > memory-size iomem 25 > ip subnet-zero > ! > ! > ! > ! > interface Serial0 > description point to point t1 to California > ip address 192.168.254.1 255.255.255.252 > ip nat outside > no fair-queue > service-module t1 timeslots 1-24 > ! > interface FastEthernet0 > ip address 10.0.3.1 255.255.255.0 secondary > ip address xxx.xxx.xxx.46 255.255.255.248 > ip helper-address 10.0.2.9 ***Server's IP in California* > ip nat inside > speed auto > ! > ip nat pool local xxx.xxx.xxx.46 xxx.xxx.xxx.46 prefix-length 28 > ip nat inside source list 1 pool local overload > ip nat inside source static 10.0.3.40 xxx.xxx.xxx.45 extendable > ip classless > ip route 0.0.0.0 0.0.0.0 192.168.254.2 > no ip http server > ! > access-list 1 permit 10.0.3.0 0.0.0.255 > ! > line con 0 > password > line aux 0 > password > line vty 0 4 > password > ! > end Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36204&t=36089 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP helper-address, domain browsing & N [7:36089]
"Dennis Bailey" wrote in message news:... > Hi Peter, > > Here is how I would change the configs: > > The helper-address would go on the fast ethernet interface of both routers > not the serial interface, > > Get rid of the secondary address and NAT on the NJ router--anything that the > NJ router does not have a route for will be forwarded to the CA router based > on the default route that you have on the NJ router--ip route 0.0.0.0 > 0.0.0.0 192.168.254.2 > > change the nat pool on the CA router to include the subnet or hosts from the > NJ sites that need to go to the Internet. > access-list 1 permit 10.0.2.0 0.0.0.255 > access-list 1 permit 10.0.3.0 0.0.0.255 > and add ip nat inside to interface serial 1 of the California router > > Dennis > > > ""Kurdziel Peter"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Does anyone know of any issues using the IP helper-address and domain > > browsing while using NAT? > > > > > > I have 2 locations, CA and NJ. > > CA has a connection to the internet, NJ does not. CA and NJ are connected > > via a point-to-point link via their serial insterfaces. With the help of > > NATting NJ now is able to access the internet via the router in CA. > > > > My problem is that I need the servers at each location to replicate their > > WINS databases. To try and solve this issues I added IP Helper-adress to > the > > serial point to point link on both side. If I remove the ip nat inside or > > the ip nat outside command from either the fastethernet or the serail > > interfaces I can broswe the domain and replicate the Wins database in > either > > location. But the NJ location does not have internet access. > > > > What do I need to do to enable both browsing to and from either location > and > > Internet access at both locations. > > > > > > Here is a copy of my config from both locations. > > > > hostname California > > ! > > enable secret > > ! > > ! > > ! > > ! > > ! > > memory-size iomem 25 > > ip subnet-zero > > ! > > ! > > ! > > ! > > interface Serial0 > > description Connection to ISP > > ip address 10.0.10.1 255.255.255.252 > > ip nat outside > > no fair-queue > > > > > > interface Serial1 > > description point to point t1 to New Jersey > > ip address 192.168.254.2 255.255.255.252 > > ip helper-address 10.0.3.40 ***Server's IP in New Jersey* > > no fair-queue > > ! > > interface FastEthernet0 > > ip address 10.0.2.1 255.255.255.0 secondary > > ip address xxx.xxx.xxx.155 255.255.255.248 > > ip nat inside > > speed auto > > ! > > ip nat pool local xxx.xxx.xxx.155 xxx.xxx.xxx.155 prefix-length 28 > > ip nat inside source list 1 pool local overload > > ip nat inside source static 10.0.3.40 xxx.xxx.xxx.156 extendable > > ip classless > > > > ip route 0.0.0.0 0.0.0.0 serial0 > > ip route 10.0.3.0 255.255.255.0 192.168.254.1 > > ip route xxx.xxx.xxx.0 255.255.255.248 192.168.254.1 > > > > > > no ip http server > > ! > > access-list 1 permit 10.0.2.0 0.0.0.255 > > ! > > line con 0 > > password > > line aux 0 > > password > > line vty 0 4 > > password > > ! > > end > > > > > > > > hostname NewJersy > > ! > > enable secret > > ! > > ! > > ! > > ! > > ! > > memory-size iomem 25 > > ip subnet-zero > > ! > > ! > > ! > > ! > > interface Serial0 > > description point to point t1 to California > > ip address 192.168.254.1 255.255.255.252 > > ip nat outside > > no fair-queue > > service-module t1 timeslots 1-24 > > ! > > interface FastEthernet0 > > ip address 10.0.3.1 255.255.255.0 secondary > > ip address xxx.xxx.xxx.46 255.255.255.248 > > ip helper-address 10.0.2.9 ***Server's IP in California* > > ip nat inside > > speed auto > > ! > > ip nat pool local xxx.xxx.xxx.46 xxx.xxx.xxx.46 prefix-length 28 > > ip nat inside source list 1 pool local overload > > ip nat inside source static 10.0.3.40 xxx.xxx.xxx.45 extendable > > ip classless > > ip route 0.0.0.0 0.0.0.0 192.168.254.2 > > no ip http server > > ! > > access-list 1 permit 10.0.3.0 0.0.0.255 > > ! > > line con 0 > > password > > line aux 0 > > password > > line vty 0 4 > > password > > ! > > end Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36353&t=36089 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ip helper address: which is the mac address? [7:44608]
TP wrote: > Where DHCP will read the correct mac address before giving the right IP > address? >From the CHADDR (Client Hardware ADDRess) field in the DHCP packet. Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44609&t=44608 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ip helper address: which is the mac address? [7:44608]
The DHCP server doesn't read the actually MAC address of the client PC. The DHCP client builds a DHCP request packet that includes the client's MAC address. The DHCP relay just passes that packet to the DHCP server, along with additional information (such as what subnet the request is coming from). Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44615&t=44608 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP helper address with multiple vlans and 1 DHCP [7:351]
Ruddy, If I understand the question (not necessarily a true statement): When the DHCP client (PC host) comes up it will send a broadcast for DHCP service, the vlan router will see the request packet and forward the request to the DHCP server using the IP helper address setup in the interface config. When the request is sent it indicates to the DHCP server which network this request is coming from and the DHCP will search the available scopes and select the scope that is for the requesting network. The server offer will be returned to the router which in turn sends it to the original requestor at which time the conversation becomes a unicast between the DHCP client and server. On the other hand if you are trying to reserver a specific IP within a scope for a specific PC host it must be setup on the DHCP server with the clients macaddr as a M-DHCP (manual dhcp). The conversation occurs as before except on a specific IP will be returned that satifies the macaddr -to- IP reservation setup on the DHCP server. Repost with clarifications if this has not help resolve the issue. ""Ruddy Cordero"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I know you guys talked about this earlier but how can I configured the router > to limit exclusively an ip scope for a vlan when I only have one DHCP with > multiple scopes and a switch with multiple vlans > > > Ruddy > CCNP, CCDA > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=412&t=351 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
