Chapter 22 Advanced DHCP Server Properties

Configuring Virtual Private Networks and Subnet Allocation

Querying subnet utilization (see the “Generating Subnet Utilization History Reports” section on page 8-13).

Querying lease history (see the “Running IP Lease Histories” section on page 21-16).

If you do not configure a VPN, Network Registrar uses the global VPN of 0 on each scope.

To configure a VPN whereby a client can request IP addresses from a DHCP server using a relay agent, you must define the VPN and associate a scope with it. Specifically:

1.Ensure that the relay agents that handle DHCP VPN traffic are configured with a version of Cisco IOS software that supports the vpn-idsuboption of the relay-agent-infooption (82) in DHCP.

2.Coordinate with the Cisco IOS relay agent administrator that the VPN is identified either by a VPN ID or a VPN Routing and Forwarding instance (VRF) name.

3.Create a scope for the VPN.

Typical Virtual Private Networks

Figure 18-4 on page 18-5shows a VPN scenario with DHCP client 1 as part of VPN blue and DHCP client 2 in VPN red. Both have the same private network address: 192.168.1.0/24. The DHCP relay agent has gateway addresses that are in the two VPNs as well as a global one (172.27.180.232). There are two failover DHCP servers, both of which know the relay agent through its external gateway address.

Here is the processing that takes place for the server to issue a VPN-supported address to a client:

1.DHCP client 1 broadcasts a DHCPDISCOVER packet, including its MAC address, host name, and any requested DHCP options.

2.DHCP relay agent at address 192.168.1.1 picks up the broadcast packet. It adds a relay-agent-infooption (82) to the packet and includes the subnet-selectionsuboption that identifies 192.168.1.0 as the subnet. The packet also includes the vpn-idsuboption that identifies the VPN as blue. Because the DHCP server cannot communicate directly with the requesting client, the server-id-overridesuboption contains the address of the relay agent as known by the client (192.168.1.1). The relay agent also includes in the packet its external gateway address (giaddr), 172.27.180.232.

3.The relay agent unicasts the DHCPDISCOVER packet to the configured DHCP server on its subnet.

4.DHCP server 1 receives the packet and uses the vpn-idand subnet-selectionsuboptions to allocate an IP address from the proper VPN address space. It finds the available address 192.168.1.37 in the subnet and VPN, and places it in the yiaddr field of the packet (the address offered to the client).

5.The server unicasts a DHCPOFFER packet to the relay agent that is identified by the giaddr value.

6.The relay agent removes the relay-agent-infooption and sends the packet to DHCP client 1.

7.DHCP client 1 broadcasts a DHCPREQUEST message requesting the same IP address that it was offered. The relay agent receives this broadcast message.

8.The relay agent forwards the DHCPREQUEST packet to DHCP server 1, which replies with a unicast DHCPACK packet to the client.

9.For a lease renewal, the client unicasts a DHCPRENEW packet to the IP address found in the dhcp-server-identifieroption of the DHCPACK message. This is 192.168.1.1, the address of the relay agent. The relay agent unicasts the packet to the DHCP server. The server does its normal renewal processing, without necessarily knowing whether it was the server that gave out the original address in the first place. The server replies in a unicast DHCPACK packet. The relay agent then forwards the DHCPACK packet to the client IP address identified by the ciaddr field value.

 

 

Cisco CNS Network Registrar User’s Guide

 

 

 

 

 

 

OL-6240-02

 

 

22-13

 

 

 

 

 

Page 13
Image 13
Cisco Systems OL-6240-02 manual Typical Virtual Private Networks, 22-13

OL-6240-02 specifications

Cisco Systems OL-6240-02 is a highly regarded certification exam that delves into the realm of enterprise networking, particularly focusing on the Cisco Certified Network Professional (CCNP) Routing and Switching track. This particular exam serves as a critical test for network professionals aiming to validate their skills and knowledge in advanced routing technologies and network design.

One of the main features of OL-6240-02 is its emphasis on in-depth understanding of IP routing principles. Candidates are expected to demonstrate proficiency in configuring, maintaining, and troubleshooting complex routing protocols like OSPF (Open Shortest Path First), EIGRP (Enhanced Interior Gateway Routing Protocol), and BGP (Border Gateway Protocol). This includes comprehending routing algorithms, path selection, and the implementation of route redistribution, which are essential for optimizing network performance.

The exam also covers the characteristics of network security and infrastructure, where candidates must exhibit knowledge of implementing security protocols and best practices to safeguard network communications. This includes configuring virtual private networks (VPNs), utilizing access control lists (ACLs), and applying encryption techniques to secure data in transit.

Another crucial technology tested in OL-6240-02 is Quality of Service (QoS). Professionals must be adept at configuring QoS mechanisms to prioritize traffic, ensuring that critical applications receive the necessary bandwidth and latency requirements. This is increasingly important as businesses rely on a multitude of applications that have varying performance needs.

Cisco's emphasis on network automation and programmability is also a focal point of this certification. Candidates are expected to be familiar with using Cisco's software-defined networking (SDN) solutions and automation tools, which are essential for modern network management. This involves understanding how to leverage APIs and modeling tools to streamline network operations and enhance efficiency.

To succeed in OL-6240-02, candidates should possess a solid foundation in network fundamentals and have hands-on experience with Cisco devices. The certification not only validates expertise but also prepares professionals for real-world challenges in designing, implementing, and troubleshooting enterprise networks. Overall, OL-6240-02 is a stepping stone for network professionals seeking higher-level certifications and career advancements in the ever-evolving field of networking.