DHCP Configuration and Messages

Questions and Answers

What is the primary function of the DHCP protocol?

To facilitate dynamic IP addressing management (correct)

To provide default gateway information only

To assign static IP addresses to clients

To manage MAC addresses for clients

Which UDP port is used by DHCP clients?

UDP port 68 (correct)

UDP port 67

UDP port 69

UDP port 53

What is the purpose of the 'show ip dhcp binding' command?

To configure DHCP servers

To assign IP addresses to clients

To display a list of IPv4 addresses and their corresponding MAC addresses (correct)

To renew IP address leases

What is the destination MAC address used by a DHCP client when sending a DHCP Discover message?

FF-FF-FF-FF-FF-FF

What is the purpose of the 'ip dhcp excluded-address' command?

To exclude specific IP addresses from being leased to DHCP clients

What is the default behavior of the 'ip helper-address' command?

It forwards eight specific UDP services

What type of message does a DHCP client send to identify available DHCP servers on the network?

DHCPDISCOVER message

What happens after a DHCP client receives a lease from a DHCP server?

The client must renew the lease through another DHCPREQUEST message

What happens when a host uses DHCP to automatically configure an IP address?

It sends a DHCPDISCOVER message and a DHCPREQUEST message as broadcasts.

What is the purpose of a DHCP client sending a broadcast DHCPREQUEST message?

To indicate to the offering DHCP server that it would like to accept the offer and bind the IP address.

What is the typical range of IP addresses assigned by a workstation when DHCP servers are not available?

169.254.0.0/16

What is the role of a DSL modem in a SOHO environment?

It is not involved in IP address allocation.

What happens when a Windows PC cannot communicate with an IPv4 DHCP server?

It assigns itself an IP address from the 169.254.0.0/16 network.

What is the purpose of a DHCP server sending a DHCPOFFER message?

To offer an IP address to the DHCP client.

What is the typical range of IP addresses assigned by the ISP to the wireless router in a SOHO environment?

Any valid IP address range

What happens when a DHCP client's IP address lease time expires?

It sends a DHCPREQUEST message to the DHCP server.

What should the host default gateway address be set to in a GLBP configuration?

The FHRP virtual IP address

Which FHRP protocol provides load sharing in addition to redundancy?

GLBP

What is the purpose of HSRP?

To allow for transparent failover of a first-hop IPv4 device

What is the main advantage of using TACACS+ or RADIUS for AAA authentication?

It is more scalable than local database authentication

What is the goal of a DHCP starvation attack?

To create a DoS for DHCP clients

What is used to form an IPv6 address when a PC is configured to use the SLAAC method?

A 64-bit interface ID and the RA message

What is the purpose of the O flag in DHCPv6?

To indicate stateless DHCPv6 operation

What is the main purpose of discovery protocols?

To provide hackers with sensitive network information

What is the main difference between HSRP and GLBP?

HSRP provides redundancy while GLBP provides load sharing

What is true about the interface IDs of clients in stateless DHCPv6 operation?

They are configured either by EUI-64 or a random number

What is the main advantage of using a local database for AAA authentication?

It does not require dedicated ACS servers

What is the purpose of the ACAD_CLASS in DHCPv6?

It is the name of the DHCP pool

What is true about stateful DHCPv6 pools?

They are configured with address prefixes for hosts via the address command

What is the command used to set the M flag to 1 in a RA message?

ipv6 nd managed-config-flag

What is the purpose of the GLBP protocol?

To provide load balancing between a group of redundant routers

What is VRRPv2?

A nonproprietary protocol

What is the role of the authenticator in the 802.1X authentication process?

Controls physical network access

What is the default mode for a port security violation on a Cisco switch?

Shut down the port

What happens to packets with unknown source addresses in the Protect violation mode?

They are dropped until a sufficient number of secure MAC addresses are removed

What is the role of the supplicant in the 802.1X authentication process?

Requests network access

What type of cable is used for connections between end devices and a switch?

Straight-through

What is the purpose of the switchport port-security command?

To enable port security for the port

What happens when the security violation counter for a port is incremented?

The port is shut down

How many violation modes are available on a Cisco switch?

3

Study Notes

DHCP Configuration

• The commands dhcp pool, ip default-gateway, and ip network are not valid DHCP configuration commands.
• When a DHCP client's IP address lease time expires, it sends a DHCPREQUEST unicast message directly to the DHCPv4 server that originally offered the IPv4 address.
• A DHCP client typically sends two messages: DHCPDISCOVER and DHCPREQUEST, which are usually sent as broadcasts to ensure all DHCP servers receive them.

DHCP Message Process

• The DHCP server responds to these messages using DHCPOFFER, DHCPACK, and DHCPNACK messages, depending on the circumstance.
• When a DHCP client receives DHCPOFFER messages, it will send a broadcast DHCPREQUEST message to:
  • Indicate to the offering DHCP server that it would like to accept the offer and bind the IP address.
  • Notify any other responding DHCP servers that their offers are declined.

IP Address Assignment

• When a workstation is configured to obtain an IP address automatically, but DHCP servers are not available, it assigns itself an IP address from the 169.254.0.0/16 network.
• If a Windows PC cannot communicate with an IPv4 DHCP server, it automatically assigns an IP address in the 169.254.0.0/16 range.

SOHO Environment

• In a SOHO environment, a wireless router connects to an ISP via a DSL or cable modem.
• The IP address between the wireless router and ISP site is typically assigned by the ISP through DHCP.
• This method facilitates IP addressing management, allowing IP addresses for clients to be dynamically assigned, making it easy to reassign IP addresses when a client is dropped.

DHCP Protocol

• The DHCP protocol operates with 2 UDP ports: UDP port 67 (destination port for DHCP servers) and UDP port 68 (used by DHCP clients).
• The show ip dhcp binding command shows a list of IPv4 addresses and the MAC addresses of the hosts to which they are assigned.

MAC Addresses

• There is a special MAC address for broadcast purposes: FF-FF-FF-FF-FF-FF.
• When a DHCP client needs to send a DHCP Discover message, it uses this MAC address as the destination MAC address in the Ethernet frame.

IP Helper Address

• The ip helper-address command forwards the following eight UDP services:
  • Port 37: Time
  • Port 49: TACACS
  • Port 53: DNS
  • Port 67: DHCP/BOOTP client
  • Port 68: DHCP/BOOTP server
  • Port 69: TFTP
  • Port 137: NetBIOS name service
  • Port 138: NetBIOS datagram service

DHCP Client/Server Communication

• The client broadcasts a DHCPDISCOVER message to identify available DHCP servers on the network.
• A DHCP server replies with a DHCPOFFER message, which contains information such as the IP address and subnet mask to be assigned, the IP address of the DNS server, and the IP address of the default gateway.

IPv6 Configuration

• When a PC is configured to use the SLAAC method for configuring IPv6 addresses, it uses the prefix and prefix-length information from the RA message, combined with a 64-bit interface ID, to form an IPv6 address.
• The IPv6 default gateway address is the link-local address of the router interface attached to the LAN segment.

Stateless DHCPv6

• In stateless DHCPv6 operation, the O flag is set to 1 and the M flag is left at 0 (default).
• Clients in stateless DHCPv6 operation configure their interface IDs using either EUI-64 or a random number.

FHRP

• HSRP (Hot Standby Router Protocol) is a Cisco-proprietary protocol that provides redundancy through active and standby devices.
• VRRP (Virtual Router Redundancy Protocol) is an open standard FHRP that provides redundancy through a virtual router master and one or more backups.
• GLBP (Gateway Load Balancing Protocol) is a Cisco-proprietary FHRP that provides load balancing in addition to redundancy.

AAA Authentication

• AAA authentication can be implemented with a local database or with usernames and passwords stored on network devices.
• TACACS+ or RADIUS protocol requires dedicated ACS servers, which scale well in large networks.
• After a user is authenticated through AAA, AAA servers keep a detailed log of exactly what actions the authenticated user takes on the device.

DHCP Starvation Attack

• A DHCP starvation attack is launched by an attacker with the intent to create a DoS for DHCP clients.
• The attacker uses a tool that sends many DHCPDISCOVER messages to lease the entire pool of available IP addresses, denying them to legitimate hosts.

802.1X Authentication

• The devices involved in the 802.1X authentication process are:
  • The supplicant (client requesting network access)
  • The authenticator (switch controlling physical network access)
  • The authentication server (performs the actual authentication)

Description

Quiz on DHCP configuration commands, IP address lease time, and DHCP messages such as DHCPDISCOVER and DHCPREQUEST.