Ccnpv7.1 Switch Lab5-2 Dhcp46 Instructor
Ccnpv7.1 Switch Lab5-2 Dhcp46 Instructor
Ccnpv7.1 Switch Lab5-2 Dhcp46 Instructor
1 SWITCH
Objectives
Configure DHCP for IPv4
Configure Stateless DHCP for IPv6
Configure Stateful DHCP for IPv6
Background
To practice the various configuration and options associated with DHCP for IPv4 and IPv6, you will configure
a DHCP server on switch DLS1. Hosts A and B will receive IP addresses from DLS1 and validate continued
connectivity.
Note: This lab uses Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2)SE6 IP Services and
LAN Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates “dual-
ipv4-and-ipv6 routing” and “lanbase-routing”, respectively. Depending on the switch model and Cisco IOS
Software version, the commands available and output produced might vary from what is shown in this lab.
Catalyst 3650 switches (running any Cisco IOS XE release) and Catalyst 2960-Plus switches (running any
comparable Cisco IOS image) can be used in place of the Catalyst 3560 switches and the Catalyst 2960
switches.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 17
CCNPv7.1 SWITCH: Lab 5-2 – DHCP
Required Resources
2 Cisco 2960 with the Cisco IOS Release 15.0(2)SE6 C2960-LANBASEK9-M or comparable
2 Cisco 3560v2 with the Cisco IOS Release 15.0(2)SE6 C3560-IPSERVICESK9-M or comparable
Computer with terminal emulation software
Ethernet and console cables
3 Windows 7 PCs with appropriate software
Step 2: Configure IPv4 DHCP server on DLS1 for VLAN 99 and 120
Configure a DHCP server for IPv4 on DLS1 using the following parameters:
For VLAN 99:
- Exclude addresses 10.1.99.1 through 10.1.99.2 and 10.1.99.100 through 10.1.99.104
- Set the default router to 10.1.99.1
- Set the DNS server to 10.1.99.100
For VLAN 120:
- Exclude addresses 10.1.120.1 through 10.1.120.2 and 10.1.120.100 through 10.1.120.104
- Set the default router to 10.1.120.1
- Set the DNS server to 10.1.99.100
Configure Interface F0/6 as an access port in VLAN 99 and issue the no shut command
DLS1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
DLS1(config)#ip dhcp excluded-address 10.1.99.1 10.1.99.2
DLS1(config)#ip dhcp excluded-address 10.1.99.100 10.1.99.104
DLS1(config)#ip dhcp pool VLAN99_DHCP
DLS1(dhcp-config)#network 10.1.99.0 255.255.255.0
DLS1(dhcp-config)#default-router 10.1.99.1
DLS1(dhcp-config)#dns-server 10.1.99.100
DLS1(dhcp-config)#exit
DLS1(config)#end
DLS1#
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 17
CCNPv7.1 SWITCH: Lab 5-2 – DHCP
Step 5: Configure a STATELESS DHCP server for IPv6 on DLS1 using the following
parameters:
DLS1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
DLS1(config)#ipv6 dhcp pool MANAGEMENT_IPV6_DHCP
DLS1(config-dhcpv6)#dns-server 2001:db8:3115:99::100
DLS1(config-dhcpv6)#exit
DLS1(config)#interface vlan 99
DLS1(config-if)#ipv6 dhcp server MANAGEMENT_IPV6_DHCP
DLS1(config-if)#ipv6 nd other-config-flag
DLS1(config-if)#exit
DLS1(config)#end
DLS1#
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 17
CCNPv7.1 SWITCH: Lab 5-2 – DHCP
Step 6: Configure DHCP Relay on DLS2 for the VLAN 120 network
Redirect IPv4 and IPv6 DHCP requests to DLS1 at 10.1.99.1 and 2001:db8:3115:99::d1 respectively
DLS2(config)# int vlan 120
DLS2(config-if)# ipv6 dhcp relay destination 2001:db8:3115:99::d1 po2
DLS2(config-if)# ip helper-address 10.1.99.1
DLS2(config-if)# exit
Note: The passwords configured here are required for NETLAB compatibility only and are NOT
recommended for use in a live environment
In the ipconfig output above, notice that there are two IPv6 addresses. The first address listed,
2001:db8:3115:99:a940:91fe:38dd:da0c is a permanent address while the second address listed,
2001:db8:3115:99:75b4:31b7:6c26:50ad, is a temporary address.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 17
CCNPv7.1 SWITCH: Lab 5-2 – DHCP
Also notice that the interface portion of the permanent address is the same as the interface portion of the link-
local address.
The temporary address is generated automatically because privacy extensions are enabled.
The permanent address will be used in DNS registration and when this host is providing a service, while the
temporary address will be used when this host is serving in the client role and requesting services from
another host, with the idea that this helps provide some privacy to the host.
The temporary address is valid for one day then a new temporary address is generated and then the old
temporary address goes into a "deprecated" mode for seven days. The "active" temporary address may also
be referred to as "preferred".
The second thing to note is from the output of the route print -6 command:
The default route, expressed as ::/0, points to the link-local address of the default gateway; there is also a
route to the local IPv6 network 2001:db8:3115:99::/64 noted as "on link".
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 17
CCNPv7.1 SWITCH: Lab 5-2 – DHCP
Notice the IPv6 addresses. This machine has two addresses with the 2001:db8:3115:120::/64 prefix, and only
one from the 3333:120::/64 prefix. What happened?
The results here are a result of the autoconfig flag being set in the router advertisements sent by DLS2. The
“A” flag being on tells the host to use the RA to create an address, even if the “M” flag is on. To see the “A”
flag, you could use Wireshark on the host or simply debug ipv6 nd on DLS2:
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 17
CCNPv7.1 SWITCH: Lab 5-2 – DHCP
We used different numbers on the DLS2 VLAN120 interface and the DHCP scope to illustrate the impact of
the autoconfig flag.
To make DLS2 remove the autoconfig flag from the RA, add the ipv6 nd prefix xx::/yy no-autoconfig
interface configuration command (xx::/yy is the prefix assigned to int VLAN 120).
Please note that as of this writing, the no-autoconfig parameter is hidden, so it will not appear in help or tab-
completion.
Note: Due to the way the values are stored, your Windows 7 host may not release the originally configured
addresses in the 2001::db8:3115:120::/64 network.
Now, reconfigure the DHCP pool at DLS1 to use the correct prefix for VLAN 120 (2001:db8:3115:120::/64),
disable and re-enable the adapter on HOST B, and the host should receive a single IPv6 address. Due to the
fact that this is the same prefix, and the way Windows generates the random interface ID, this will most likely
be the same address.
DLS1(config)# no ipv6 dhcp pool VLAN120-IPV6-POOL
DLS1(config)# ipv6 dhcp pool VLAN120-IPV6-POOL
DLS1(config-dhcpv6)# address prefix 2001:db8:3115:120::/64
DLS1(config-dhcpv6)# dns-server 2001:db8:3115:99::100
DLS1(config-dhcpv6)# domain-name switch.ccnp
DLS1(config-dhcpv6)# interface po2
DLS1(config-if)# ipv6 dhcp server VLAN120-IPV6-POOL
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 7 of 17
CCNPv7.1 SWITCH: Lab 5-2 – DHCP
Device Configurations:
Below are the final configurations for each switch.
DLS1:
DLS1# show run | exclude !
Building configuration...
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 8 of 17
CCNPv7.1 SWITCH: Lab 5-2 – DHCP
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 9 of 17
CCNPv7.1 SWITCH: Lab 5-2 – DHCP
interface FastEthernet0/22
shutdown
interface FastEthernet0/23
shutdown
interface FastEthernet0/24
shutdown
interface GigabitEthernet0/1
shutdown
interface GigabitEthernet0/2
shutdown
interface Vlan1
no ip address
shutdown
interface Vlan99
ip address 10.1.99.1 255.255.255.0
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:3115:99::D1/64
ipv6 nd other-config-flag
ipv6 dhcp server MANAGEMENT_IPV6_DHCP
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 Port-channel2 172.16.12.2
ip route 10.1.100.0 255.255.255.0 Vlan99
ipv6 route ::/0 2001:DB8:3115:12::D2
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
password cisco
login
line vty 5 15
login
end
DLS2:
DLS2# show run | exclude !
Building configuration...
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 10 of 17
CCNPv7.1 SWITCH: Lab 5-2 – DHCP
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 11 of 17
CCNPv7.1 SWITCH: Lab 5-2 – DHCP
interface FastEthernet0/12
no switchport
no ip address
channel-group 2 mode desirable
interface FastEthernet0/13
shutdown
interface FastEthernet0/14
shutdown
interface FastEthernet0/15
shutdown
interface FastEthernet0/16
shutdown
interface FastEthernet0/17
shutdown
interface FastEthernet0/18
shutdown
interface FastEthernet0/19
shutdown
interface FastEthernet0/20
shutdown
interface FastEthernet0/21
shutdown
interface FastEthernet0/22
shutdown
interface FastEthernet0/23
shutdown
interface FastEthernet0/24
shutdown
interface GigabitEthernet0/1
shutdown
interface GigabitEthernet0/2
shutdown
interface Vlan1
no ip address
shutdown
interface Vlan110
ip address 10.1.110.1 255.255.255.0
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:3115:110::D2/64
interface Vlan120
ip address 10.1.120.1 255.255.255.0
ip helper-address 10.1.99.1
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:3115:120::D2/64
ipv6 nd prefix 2001:DB8:3115:120::/64 2592000 604800 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp relay destination 2001:DB8:3115:99::D1 Port-channel2
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 Port-channel2 172.16.12.1
ip route 10.1.100.0 255.255.255.0 Vlan110
ipv6 route ::/0 2001:DB8:3115:12::D1
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
password cisco
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 12 of 17
CCNPv7.1 SWITCH: Lab 5-2 – DHCP
login
line vty 5 15
login
end
ALS1:
ALS1# show run | exclude !
Building configuration...
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 13 of 17
CCNPv7.1 SWITCH: Lab 5-2 – DHCP
interface FastEthernet0/7
switchport trunk allowed vlan 1-109,111-4094
switchport mode trunk
channel-group 1 mode desirable
interface FastEthernet0/8
switchport trunk allowed vlan 1-109,111-4094
switchport mode trunk
channel-group 1 mode desirable
interface FastEthernet0/9
switchport trunk allowed vlan 110
switchport mode trunk
channel-group 4 mode desirable
interface FastEthernet0/10
switchport trunk allowed vlan 110
switchport mode trunk
channel-group 4 mode desirable
interface FastEthernet0/11
shutdown
interface FastEthernet0/12
shutdown
interface FastEthernet0/13
shutdown
interface FastEthernet0/14
shutdown
interface FastEthernet0/15
shutdown
interface FastEthernet0/16
shutdown
interface FastEthernet0/17
shutdown
interface FastEthernet0/18
shutdown
interface FastEthernet0/19
shutdown
interface FastEthernet0/20
shutdown
interface FastEthernet0/21
shutdown
interface FastEthernet0/22
shutdown
interface FastEthernet0/23
shutdown
interface FastEthernet0/24
shutdown
interface GigabitEthernet0/1
shutdown
interface GigabitEthernet0/2
shutdown
interface Vlan1
no ip address
shutdown
interface Vlan99
ip address 10.1.99.2 255.255.255.0
ipv6 address FE80::A1 link-local
ipv6 address 2001:DB8:3115:99::A1/64
interface Vlan100
ip address 10.1.100.1 255.255.255.0
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 14 of 17
CCNPv7.1 SWITCH: Lab 5-2 – DHCP
interface Vlan110
ip address 10.1.110.2 255.255.255.0
ip default-gateway 10.1.99.1
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.1.99.1
ip route 192.168.1.0 255.255.255.0 Vlan110
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
password cisco
login
line vty 5 15
login
end
ALS2:
ALS2# show run | exclude !
Building configuration...
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 15 of 17
CCNPv7.1 SWITCH: Lab 5-2 – DHCP
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 16 of 17
CCNPv7.1 SWITCH: Lab 5-2 – DHCP
line vty 0 4
login
line vty 5 15
login
end
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 17 of 17