22-13
Cisco CNS Network Registrar User’s Guide
OL-6240-02
Chapter22 Advanced DHCP Server Properties
Configuring Virtual Private Networks and Subnet Allocation
•Querying subnet utilization (see the “Generating Subnet Utilization History Reports” section on
page 8-13).
•Querying lease history (see the “Running IP Lease Histories” section on page 21-16).
If you do not configure a VPN, Network Registrar uses the global VPN of 0 on each scope.
To configure a VPN whereby a client can request IP addresses from a DHCP server using a relay agent,
you must define the VPN and associate a scope with it. Specifically:
1. Ensure that the relay agents that handle DHCP VPN traffic are configured with a version of Cisco
IOS software that supports the vpn-id suboption of the relay-agent-info option (82) in DHCP.
2. Coordinate with the Cisco IOS relay agent administrator that the VPN is identified either by a VPN
ID or a VPN Routing and Forwarding instance (VRF) name.
3. Create a scope for the VPN.
Typical Virtual Private NetworksFigure 18-4 on page18-5 shows a VPN scenario with DHCP client 1 as part of VPN blue and DHCP
client 2 in VPN red. Both have the same private network address: 192.168.1.0/24. The DHCP relay agent
has gateway addresses that are in the two VPNs as well as a global one (172.27.180.232). There are two
failover DHCP servers, both of which know the relay agent through its external gateway address.
Here is the processing that takes place for the server to issue a VPN-supported address to a client:
1. DHCP client 1 broadcasts a DHCPDISCOVER packet, including its MAC address, host name, and
any requested DHCP options.
2. DHCP relay agent at address 192.168.1.1 picks up the broadcast packet. It adds a relay-agent-info
option (82) to the packet and includes the subnet-selection suboption that identifies 192.168.1.0 as
the subnet. The packet also includes the vpn-id suboption that identifies the VPN as blue. Because
the DHCP server cannot communicate directly with the requesting client, the server-id-override
suboption contains the address of the relay agent as known by the client (192.168.1.1). The relay
agent also includes in the packet its external gateway address (giaddr), 172.27.180.232.
3. The relay agent unicasts the DHCPDISCOVER packet to the configured DHCP server on its subnet.
4. DHCP server 1 receives the packet and uses the vpn-id and subnet-selection suboptions to allocate
an IP address from the proper VPN address space. It finds the available address 192.168.1.37 in the
subnet and VPN, and places it in the yiaddr field of the packet (the address offered to the client).
5. The server unicasts a DHCPOFFER packet to the relay agent that is identified by the giaddr value.
6. The relay agent removes the relay-agent-info option and sends the packet to DHCP client 1.
7. DHCP client 1 broadcasts a DHCPREQUEST message requesting the same IP address that it was
offered. The relay agent receives this broadcast message.
8. The relay agent forwards the DHCPREQUEST packet to DHCP server 1, which replies with a
unicast DHCPACK packet to the client.
9. For a lease renewal, the client unicasts a DHCPRENEW packet to the IP address found in the
dhcp-server-identifier option of the DHCPACK message. This is 192.168.1.1, the address of the
relay agent. The relay agent unicasts the packet to the DHCP server. The server does its normal
renewal processing, without necessarily knowing whether it was the server that gave out the original
address in the first place. The server replies in a unicast DHCPACK packet. The relay agent then
forwards the DHCPACK packet to the client IP address identified by the ciaddr field value.