Chapter 22 Advanced DHCP Server Properties

Configuring Virtual Private Networks and Subnet Allocation

Step 1 Create a DHCP address block for a subnet, set the initial subnet mask and its increment, and set other subnet allocation request attributes. Also, associate a policy or define an embedded policy.

If you use VPNs, you can specify a vpn or vpn-idattribute (see the “Configuring Virtual Private Networks Using DHCP” section on page 22-12).

Note Unsetting the VPN ID in the CLI reverts the value to the current session VPN.

The server uses the presence of the subnet-allocDNS option (220) in the request packet to determine that the packet is a subnet allocation request. You can configure the server to use the subnet-namesuboption (3) as a selection tag if you set the addr-blocks-use-selection-tagsattribute for the server or VPN.

You can optionally set a default selection tag by setting the addr-blocks-default-selection-tagsattribute for the DHCP server or VPN object. This identifies one or more subnets from which to allocate the addresses. If the relay agent sends a VPN string (via a VPN option or relay agent suboption), associated with a subnet, any address block with that string as one of its addr-blocks-default-selection-tagsvalues uses that subnet.

The default behavior on the server and for VPNs is that the DHCP server tries to allocate subnets to clients using address blocks that the clients already used. Disabling the addr-blocks-use-client-affinityattribute causes the server to supply subnets from any suitable address block, based on other selection data in the clients’ messages.

If you want to support configurations of multiple address blocks on a single LAN segment (analogous to using primary and secondary scopes), add a segment-nameattribute string value to the DHCP address block. When the relay agent sends a single subnet selection address, it selects address blocks tagged with that segment-namestring value. However, you must also explicitly enable the LAN segment capability (addr-blocks-use-lan-segments) at the server or VPN level.

Instead of associating a policy, you can set properties for the address block’s embedded policy. As in embedded policies for clients, client-classes, and scopes, you can enable, disable, set, unset, get, and show attributes for an address block policy. You can also set, unset, get, and list any DHCP options for it, as well as set, unset, and list vendor options. Note that deleting an address block embedded policy unsets all the embedded policy properties.

Step 2 Note that the server allocates subnets based on the relay agent request. If not requested, the default subnet size is a 28-bit address mask. You can change this default, if necessary, by setting the default-subnet-sizeattribute for the DHCP address block. For example:

nrcmd> dhcp-address-block red set default-subnet-size=25

Step 3 You can control any of the subnets the DHCP server creates from the address blocks. Identify the subnet in the form vpn-name/netipaddress/mask, with the vpn-nameoptional. Subnet control includes activating

and deactivating the subnet as you would a lease. Likewise, you can force a subnet to be available, with the condition that before you do so, that you check that the clients assigned the subnet are no longer using

it. First, show any subnets created. Step 4 Reload the DHCP server.

 

Cisco CNS Network Registrar User’s Guide

22-18

OL-6240-02

Page 18
Image 18
Cisco Systems OL-6240-02 manual 22-18

OL-6240-02 specifications

Cisco Systems OL-6240-02 is a highly regarded certification exam that delves into the realm of enterprise networking, particularly focusing on the Cisco Certified Network Professional (CCNP) Routing and Switching track. This particular exam serves as a critical test for network professionals aiming to validate their skills and knowledge in advanced routing technologies and network design.

One of the main features of OL-6240-02 is its emphasis on in-depth understanding of IP routing principles. Candidates are expected to demonstrate proficiency in configuring, maintaining, and troubleshooting complex routing protocols like OSPF (Open Shortest Path First), EIGRP (Enhanced Interior Gateway Routing Protocol), and BGP (Border Gateway Protocol). This includes comprehending routing algorithms, path selection, and the implementation of route redistribution, which are essential for optimizing network performance.

The exam also covers the characteristics of network security and infrastructure, where candidates must exhibit knowledge of implementing security protocols and best practices to safeguard network communications. This includes configuring virtual private networks (VPNs), utilizing access control lists (ACLs), and applying encryption techniques to secure data in transit.

Another crucial technology tested in OL-6240-02 is Quality of Service (QoS). Professionals must be adept at configuring QoS mechanisms to prioritize traffic, ensuring that critical applications receive the necessary bandwidth and latency requirements. This is increasingly important as businesses rely on a multitude of applications that have varying performance needs.

Cisco's emphasis on network automation and programmability is also a focal point of this certification. Candidates are expected to be familiar with using Cisco's software-defined networking (SDN) solutions and automation tools, which are essential for modern network management. This involves understanding how to leverage APIs and modeling tools to streamline network operations and enhance efficiency.

To succeed in OL-6240-02, candidates should possess a solid foundation in network fundamentals and have hands-on experience with Cisco devices. The certification not only validates expertise but also prepares professionals for real-world challenges in designing, implementing, and troubleshooting enterprise networks. Overall, OL-6240-02 is a stepping stone for network professionals seeking higher-level certifications and career advancements in the ever-evolving field of networking.