Cisco Systems OL-6240-02 Setting Dhcp Forwarding, VPN and Subnet Allocation Tuning Parameters

Page 19

Chapter 22 Advanced DHCP Server Properties

Setting DHCP Forwarding

VPN and Subnet Allocation Tuning Parameters

Consider these tuning parameters for VPNs and on-demand address pools.

Keep orphaned leases that have nonexistent VPNs—Network Registrar usually maintains leases that do not have an associated VPN in Network Registrar’s state database. You can change this by enabling the DHCP attribute delete-orphaned-leases. The server maintains a lease state database that associates clients with leases. If a scope modification renders the existing leases invalid, the lease database then has orphaned lease entries. These are typically not removed even after the lease expires, because the server tries to use this data in the future to reassociate a client with a lease. One downside to this is that the lease database may consume excessive disk space. When you enable the delete-orphaned-leasesattribute, such lease database entries are removed during the next server reload. However, be cautious when enabling this attribute, because rendering leases invalid can result in clients using leases that the server believes to be free. This can compromise network stability.

Keep orphaned subnets that have nonexistent VPNs or address blocks—This is the default behavior, although you can change it by enabling the DHCP attribute dhcp enable delete-orphaned-subnets. As the DHCP server starts up, it reads its database of subnets and tries to locate the parent VPN and address block of each subnet. With the attribute enabled, if a subnet refers to a VPN that is no longer configured in the server, or if the server cannot locate a parent address block that contains the subnet, the server permanently deletes the subnet from the state database.

Keep the VPN communication open—This is the default behavior, although you can change it by disabling the DHCP attribute vpn-communication. The server can communicate with clients that reside on a different VPN from that of the server by using an enhanced DHCP relay agent capability. This is signaled by the appearance of the vpn-idsuboption of the relay-agent-infooption (82). You can disable the vpn-communicationattribute if the server is not expected to communicate with clients on a different VPN than the server. The motivation is typically to enhance network security by preventing unauthorized DHCP client access.

Setting DHCP Forwarding

The Network Registrar DHCP server supports forwarding DHCP packets to another DHCP server on a per-client basis. For example, you might want to redirect address requests from certain clients, with specific MAC address prefixes, to another DHCP server. This can be useful and important in situations where the server being forwarded to is not one that you manage. This occurs in environments where multiple service providers supply DHCP services for clients on the same virtual LAN.

Enabling DHCP forwarding requires implementing an extension script. The DHCP server intercepts the specified clients and calls its forwarding code, which checks the specified list of forwarded server addresses. It then forwards the requests rather than processing them itself. You attach and detach extensions to and from the DHCP server using dhcp attachExtension and dhcp detachExtension.

The DHCP forwarding feature works like this:

1.When DHCP is initialized, the server opens a UDP socket, which it uses to send forwarded packets. To support servers with multiple IP addresses, the socket address pair consists of INADDR_ANY and any port number. This enables clients to use any one of the server’s IP addresses.

2.When the DHCP server receives a request from a client, it processes these extension point scripts:

post-packet-decode

pre-client-lookup

post-client-lookup

 

 

Cisco CNS Network Registrar User’s Guide

 

 

 

 

 

 

OL-6240-02

 

 

22-19

 

 

 

 

 

Page 18 Page 20
Image 19
Page 18 Page 20
Contents About Bootp Configuring Bootp22-1 22-2 Enabling Bootp for ScopesSetting Advanced Dhcp Server Parameters Moving or Decommissioning Bootp ClientsUsing Dynamic Bootp Bootp Relay22-4 Advanced Parameter Action Description22-5 22-6 Deferring Lease Extensions22-7 Integrating Windows System Management Servers22-8 Using Extensions to Affect Dhcp Server Behavior22-9 Unix22-10 Tuning the Dhcp Server22-11 Dhcp set activity-summary-interval22-12 Configuring Virtual Private Networks Using Dhcp22-13 Typical Virtual Private Networks22-14 Creating Virtual Private Networks22-15 Then22-16 VPN Usage22-17 Configuring Dhcp Subnet Allocation22-18 VPN and Subnet Allocation Tuning Parameters Setting Dhcp Forwarding22-19 22-20

OL-6240-02 specifications

Cisco Systems OL-6240-02 is a highly regarded certification exam that delves into the realm of enterprise networking, particularly focusing on the Cisco Certified Network Professional (CCNP) Routing and Switching track. This particular exam serves as a critical test for network professionals aiming to validate their skills and knowledge in advanced routing technologies and network design.

One of the main features of OL-6240-02 is its emphasis on in-depth understanding of IP routing principles. Candidates are expected to demonstrate proficiency in configuring, maintaining, and troubleshooting complex routing protocols like OSPF (Open Shortest Path First), EIGRP (Enhanced Interior Gateway Routing Protocol), and BGP (Border Gateway Protocol). This includes comprehending routing algorithms, path selection, and the implementation of route redistribution, which are essential for optimizing network performance.

The exam also covers the characteristics of network security and infrastructure, where candidates must exhibit knowledge of implementing security protocols and best practices to safeguard network communications. This includes configuring virtual private networks (VPNs), utilizing access control lists (ACLs), and applying encryption techniques to secure data in transit.

Another crucial technology tested in OL-6240-02 is Quality of Service (QoS). Professionals must be adept at configuring QoS mechanisms to prioritize traffic, ensuring that critical applications receive the necessary bandwidth and latency requirements. This is increasingly important as businesses rely on a multitude of applications that have varying performance needs.

Cisco's emphasis on network automation and programmability is also a focal point of this certification. Candidates are expected to be familiar with using Cisco's software-defined networking (SDN) solutions and automation tools, which are essential for modern network management. This involves understanding how to leverage APIs and modeling tools to streamline network operations and enhance efficiency.

To succeed in OL-6240-02, candidates should possess a solid foundation in network fundamentals and have hands-on experience with Cisco devices. The certification not only validates expertise but also prepares professionals for real-world challenges in designing, implementing, and troubleshooting enterprise networks. Overall, OL-6240-02 is a stepping stone for network professionals seeking higher-level certifications and career advancements in the ever-evolving field of networking.
Top Page Image Contents