Archive

Archive for May, 2010

IPv6 Troubleshooting

May 30th, 2010 jud 1 comment

IPV6 Addressing
• 128 bit addresses.
• Simplified header with fewer fields; IPv4 has 12 fields, IPv6 has 5 fields;
• No checksum in the header. This results in more efficient process because in IPv4 the TTL is decremented at each hop, the checksum had to be recalculated at each hop, that is not the case with IPv6.
• No packet fragmentation done by the router, instead an ICMP “packet too big” message is sent to the client. Fragmentation information has been moved to an extension header.

Types of IPv6 Addresses
• Unicast — Send to one interface.
• Multicast — Send to many hosts in a group in the FF00::/8 address range.
• Anycast — Send to the nearest host in a group.

Abbreviate IPv6 Addresses
• Leading zeros in a field can be omitted.
• Contiguous fields containing zeros can be abbreviated with “::”.
• eui-64 addresses use the MAC address for the lower 64 bits of an IPv6 address. The MAC address is split in half and FFFE is placed between the two halves to make the 48 bit MAC into 64 bits, universal/local (U/L) flag (bit 7) in the OUI portion of the address is flipped as well.

Troubleshoot IPv6
sh ipv6 int — Validates the IPv6 and status of interfaces.
sh ipv6 routers — Displays IPv6 router advertisements.
sh ipv6 route — Shows the routing table. DUH.
sh ipv6 protocols — Shows parameters and state of the active IPv6 protocols.
debug ipv6 nd — Debug IPv6 neighbor discovery.
debug ipv6 routing — Display debugging messages for IPv6 routing table and route cache updates.
debug ipv6 packet — Displays the debugging messages for IPv6 packets.

IPv6 Configuration
ipv6 cef
ipv6 unicast-routing
ipv6 address xxxx::xxxx/xxx

OSPFv3
Configure OSPFv3
ipv6 router ospf 6
router-id 10.1.1.10
log-adjacency-changes

interface Tunnel0
no ip address
ipv6 address 2026::34:2/122
ipv6 ospf 6 area 34

Troubleshoot OSPFv3
sh ipv ospf neigh
sh ipv ospf
sh ipv ospf int

sh ipv ospf neigh

R4#sh ipv osp neigh

Neighbor ID     Pri   State           Dead Time   Interface ID    Interface
10.1.1.9          1   FULL/  -        00:00:35    14              Tunnel0

sh ipv ospf

R4#sh ipv ospf
 Routing Process "ospfv3 6" with ID 10.1.1.10
 SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
 Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
 LSA group pacing timer 240 secs
 Interface flood pacing timer 33 msecs
 Retransmission pacing timer 66 msecs
 Number of external LSA 0. Checksum Sum 0x000000
 Number of areas in this router is 1. 1 normal 0 stub 0 nssa
 Reference bandwidth unit is 100 mbps
    Area 34
    Number of interfaces in this area is 1
    SPF algorithm executed 3 times
    Number of LSA 8. Checksum Sum 0x03A4B8
    Number of DCbitless LSA 0
    Number of indication LSA 0
    Number of DoNotAge LSA 0
    Flood list length 0

sh ipv ospf int

R4#sh ipv ospf int
Tunnel0 is up, line protocol is up
  Link Local Address FE80::A01:10A, Interface ID 11
  Area 34, Process ID 6, Instance ID 0, Router ID 10.1.1.10
  Network Type POINT_TO_POINT, Cost: 11111
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:04
  Index 1/1/1, flood queue length 0
  Next 0x0(0)/0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 3
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 10.1.1.9
  Suppress hello for 0 neighbor(s)

RIPng
• IPv6 multicast address FF02::9 is the destination address for RIPng update messages.
• Link-local addresses used for next-hop addresses
• Metric is hop count and 15 is still the maximum, 16 is unreachable.
• Distance-vector

Configure RIPng
To set up a 3560 switch for IPv6 you must first configure the switch database management (SDM) template to one that supprts IPV6. The rest of the configuration is the same on a router and a layer 3 switch.

DSW1(config)#sdm prefer dual-ipv4-and-ipv6 routing
DSW1(config)#^Z
DSW1#wri mem
DSW1#reload
DSW1(config)#ipv6 cef
DSW1(config)#ipv6 unicast-routing
DSW1(config)#ipv6 router rip RIP_ZONE
DSW1(config-rtr)#int fa0/1
DSW1(config-if)#ipv6 address 2026::2:2/122
DSW1(config-if)#ipv6 rip RIP_ZONE enable

Troubleshoot RIPng
sh ipv6 protocols — What protocols are running on what interfaces.
sh ipv6 rip RIP_ZONE — Show general RIPng information concerning the specific RIP_ZONE.
sh ipv6 rip database — Shows the routes in the RIB.
sh ipv6 rip next-hops — Next hops out of this router as seen by RIPng.

sh ipv6 protocols

R4#sh ipv6 protocols
IPv6 Routing Protocol is "connected"
IPv6 Routing Protocol is "static"
IPv6 Routing Protocol is "ospf 6"
  Interfaces (Area 34):
    Tunnel0
  Redistribution:
    None
IPv6 Routing Protocol is "rip RIP_ZONE"
  Interfaces:
    FastEthernet0/1
    FastEthernet0/0
  Redistribution:
    Redistributing protocol ospf 6 with metric 5

sh ipv6 rip RIP_ZONE

R4#sh ipv6 rip RIP_ZONE
RIP process "RIP_ZONE", port 521, multicast-group FF02::9, pid 195
     Administrative distance is 120. Maximum paths is 16
     Updates every 30 seconds, expire after 180
     Holddown lasts 0 seconds, garbage collect after 120
     Split horizon is on; poison reverse is off
     Default routes are not generated
     Periodic updates 15471, trigger updates 7
  Interfaces:
    FastEthernet0/1
    FastEthernet0/0
  Redistribution:
    Redistributing protocol ospf 6 with metric 5

sh ipv6 rip database

R4#sh ipv6 rip database
RIP process "RIP_ZONE", local RIB
 2026::2:0/122, metric 2
     FastEthernet0/0/FE80::212:D9FF:FEA5:1541, expires in 166 secs

<strong>sh ipv6 rip next-hops</strong>
<code>    
R4#sh ipv6 rip next-hops
 RIP process "RIP_ZONE", Next Hops
  FE80::212:D9FF:FEA5:1541/FastEthernet0/0 [1 paths]
Categories: CCNP TSHOOT, Routing Tags:

The rest of the story.

May 30th, 2010 jud No comments

In short, I returned my e-book to Narbik. I would recommend Micronicstraining to anyone. In fact I am now even more likely to go to Narbik’s class then I was before this incident.

The long version.
Later that day I called Micronicstraining to discuss my misgivings with them and actually spoke with Narbik. He was very helpful and understood my concerns saying that there would be no problem giving me licenses for more than one computer. With that I got off the phone placated to some extent. I tried to install LockLizard onto Wine and figured I would just deal with the inconvenience. But the installation onto Wine failed and I did not install LockLizard on Windows nor did I try to open the e-book. I didn’t even unrar the files.

That night I tossed and turned, woke up in the middle of the night and pondered my predicament. I figured I had nothing to loose by asking for my money back. That next morning I sent an email to Narbik explaining my dilemma. It is below.

Sir,

Regretfully I am writing to you to request a refund. I have not
activated my LockLizard license and am requesting that you have it
deactivated.

I would like to thank you for taking the time with me on the phone
yesterday. I had fewer misgivings concerning the number of computers
I would be allowed to study on after our conversation, however, I have
developed a study routine over the past 18 months and shoehorning
Windows into that process would not be beneficial at this time. I do
realize the lab PC runs Windows but I had already decided the last few
months of lab practice would be done in a Windows environment, not the
core of my studies.

I am truly disappointed. I downloaded the free workbook and have done
a number of labs from it. Because of that previous experience with
Micronics I did not expect the type of copy protection used in the
workbook as there is no mention of LockLizard on the Micronics
website. Over the past few months I have frequently visited the table
of contents for your workbook to map out my studies. My work
environment is based upon Linux, I do not have a Windows PC at home,
and I would be forced to change my study process in order to use the
workbook.

If you decide to change your copy protection to something more along
the lines of O’Reilly Media or Internetwork Expert please contact me,
I will be the first to purchase your workbook in a more portable
format. If you need to speak with me directly, my office phone number
is (xxx) xxx-xxxx and my cell phone number is (xxx) xxx-xxxx.

Sincerely,

Jud Bishop

Categories: Linux, Musings, Routing Tags:

I feel like I got ripped off.

May 25th, 2010 jud 4 comments

Yesterday I ordered the Advanced CCIE Routing & Switching 2.0 Work Book from Narbik and figured I would share my experience.

If you have read my post on the TSHOOT book you have an understanding of my disdain for DRM and the reasons for it. It boils down to the fact that I use Linux as my primary environment at work and home, we don’t even have a Windows PC at home, and most of the DRM out there requires Windows. So then I have to load whatever I need on my work laptop, but if I am studying at home I have to make sure I bring my laptop home.

Imagine my disappointment when I got the following email from Micronics after I spent $350 on an e-book. I could not find anything on the Micronics website that says the DRM is this draconian.

If you follow the link inside the quote, it says you must use either Windows or a Mac. I am going to say this again, get SafariBooksOnline, O’Reilly is a company that understands technical people and caters to them. I am sure that Narbik is a great teacher and I hope these books are as good as they say, otherwise I will know I got ripped off.

Dear Student,

You will receive three separate emails.
1. Locklizard License
2. Vol. I & II
3. Vol. III

Since you will have only one license, choose a PC or Laptop that your Secured File will reside.

Please follow these procedures before you open the attached file:
1. First you need to open, Download and Install Lizard Safeguard Secure PDF Viewer Email (sometimes this email is considered a SPAM and if you have Gmail it goes to “7 or More” section of your Gmail).

2. Once you completed this step, you need to scroll down the page and double click on the .llv file and download.

3. After installing your PDF Viewer, open the Secured PDF Files that you have received as an attachment.

You can check the operating systems requirement on the following link:

http://www.locklizard.com/LockLizard_Secure_PDF_Viewer_v25.pdf

If you have difficulty opening your files you contact me as soon as possible so we can walk you through this process.

Thank you for your business – we appreciate it very much.

Janet Kocharians
Director of Marketing & Sales
Micronics Inc.
Mobile: (818) 331-2419
Fax: (818) 249-8388

Categories: Musings, Routing Tags:

Integrate McKesson MSE into AD

May 24th, 2010 jud No comments

I use the term hacking in the classic sense, not in the cracker sense.

We moved one of our enterprise electronic medical records (EMR) from AIX to Linux over the last few weeks. Go-live was last Thursday night, and I would like to take the time to discuss one of the more interesting hacks we did. It was a long project with some interesting puzzles but this was the most interesting to me.

We were told that you cannot integrate Star/MSE into active directory. As far as I was concerned that was throwing down the gauntlet of a challenge to make it work. We have had our fair share of problems with Samba and AD over the years so my boss was pushing to use Likewise rather than pure Samba. We have split infrastructure, most of the virtual servers use Likewise because my boss set them up, whereas all of the pure Linux servers use Samba because I set them up. It boiled down to my boss can hack around Likewise and I am more comfortable hacking Samba. I talked him into Samba so I had to make it work. My boss had hacked Likewise to do something similar so we discussed it and the resulting code is below.

For those who use Star/MSE you probably understand the login process, however, for those who don’t let me explain. Every user who gets a GUI interface on a Star server shares the same home directory under a restricted korn shell. We have about 1,500 users that all share one home directory but it doesn’t matter because the .profile just fires off a GUI program. In a typical setup all of the users are in the hbo group and in the password file their home points to /home/mse.

We configured winbind to use the system files first, then AD. This is so that we could have an orderly move from system authentication to AD authentication.

# cat /etc/nsswitch.conf | grep winbind
passwd:     files winbind
shadow:     files winbind
group:      files winbind

In AD we made two groups, hbo to map to the Linux hbo group and a nomse group. Then we forced every AD user into /home/mse directory upon login with the following configuration in /etc/samba/smb.conf.

template shell = /bin/rksh
template homedir = /home/mse
winbind use default domain = true
obey pam restrictions = yes

The point of the nomse group is to be able to pick out the users who should not have the GUI fired off upon login. Even though the group numbers do not match and they are not group mapped with the net groupmap command it doesn’t matter. The trick here is that I am looking for group names in the .profile rather than gids. Below is a portion of the .profile, I would include more but I am not sure of the copyright and it is not pertinent to the discussion.

## 2010-05-19  Jud Bishop
## This is for Active Directory integration of MSE.
## DO NOT CHANGE THIS PORTION OF THE FILE OR USERS WILL NOT BE ABLE TO LOGIN.

USER=`whoami`

for I in `groups |cut -d \: -f 2`
do
        if [ "$I" = "nomse" ]
        then
                export HOME="/home/AD/$USER"
                export SHELL="/bin/bash"
                # The MSEFLAG used to be set below, it is now set here for AD integration.
                MSEFLAG=NO
                # This break is crucial because it exits out with the correct $HOME
                break
        else
                export HOME="/home/mse"
                MSEFLAG=YES
        fi
done
echo "Setting home directory to $HOME"
cd $HOME
Categories: Linux Tags:

Troubleshoot Voice, Video and Multicast

May 10th, 2010 jud No comments

I have had a hard time figuring out how they are going to test us for voice troubleshooting when the only real command they cover is auto qos and and the MQC. As a result I’m going to concentrate on the definitions.

Voice Definitions
Gatekeeper — provides bandwidth management through call admission control (CAC).
Gateway — ensures interoperability between VOIP and the public switched telephone network (PSTN).
Jitter (delay variation) — When consecutive packets experience different amounts of delay. Data applications tend to be much more forgiving of jitter than voice and video.
Delay — There are multiple types of delay in a network. Some are standard or fixed and some are variable in their affects, the TSHOOT book describes delay as propagation delay, the time it takes to get a bit from one end of a link to the other.
Drops — Congested packets overflow a buffer.

Cisco Phone Boot Process
1. Power, PoE
2. Load firmware from flash.
3. Catalyst switch informs the phone it’s voice VLAN.
4. DHCP for ip address and TFTP server.
5. Downloads configuration using TFTP.
6. Registers with call agent or Call Manager.

QoS Metrics for Video

QoS Metric HQ Audio & Video PC Video Conference Video Surveillance VOIP
One-Way Delay 150 ms 200 ms max 500 ms 150-200 ms1, 2
Jitter4 10 ms 10 ms 10 ms 30 ms
Loss 0.05 % max 0.05 % max 0.5 % max 1.0 % max 3

Sources:
1 — ONT Certification Guide p.62
2 — Cisco DocWiki
3 — Enabling VOIP
4 — TSHOOT Book

Multicasting
Class D IP address in the range 224.0.0.0 through 239.255.255.255. Source sends one packet stream to the multicast address and all hosts that have joined that group receive that packet.

Internet Group Management Protocol (IGMP)
Hosts join a multicast group by sending an IGMP join message to router, which then knows to send multicast messages out that interface. IGMP snooping allows a switch to learn which interfaces desire multicast traffic by listening for IGMP traffic between routers and hosts. This stops the switch from flooding multicast traffic out all ports.

IGMP Version 1 — Hosts join a multicast group by sending a membership report to its local router. Every 60 seconds the querier router sends a messages to all-hosts 224.0.0.1 to ensure that there is a host on that network segment that is still in the group. IGMPv1 does not have a mechanism for hosts to leave a group, and it takes three query intervals (3 minutes) to stop sending multicast traffic to a segment.

IGMP Version 2 — Adds the ability for routers to query a specific multicast group, elect a querier for a segment and allows a host to send a leave group message to the all routers address 224.0.0.2. All routers start as queriers, however, if a router hears a query from another router, the router with the highest IP address on the segment becomes the querier for that segment.

Reverse Path Forwarding (RPF) — Verifies that multicast traffic flows away from the source or root and is flowing toward the branch or host.

Protocol Independent Multicast (PIM) — Allows multicast to build distribution trees regardless of the unicast routing protocol which is running such as EIGRP or OSPF.

PIM Dense Mode (PIM-DM) — Uses a source distribution tree. At first all routers receive traffic for the group, but if no host joins using IGMP the router sends a prune message so that unnecessary traffic does not continue. Most often used when recipients are on every subnet, densely populated.

PIM Sparse Mode (PIM-SM) — Uses a shared tree with a root router or rendezvous point (RP) that is not necessarily the multicast source but is usually centrally located on the network. All multicast streams go through this router, hence the name share tree or shared distribution tree. A router only joins the tree when a host has joined the multicast group. It is built opposite of dense mode, the tree is built from the leaves to the root, it is only when a host joins a multicast group that the router forwards the membership report to the RP.

PIM Sparse-Dense Mode — Allows a router to use sparse or dense-mode or both at the same time. Dense mode is used to flood RP discovery and announcement messages so that the client can find the RP and use the RP to find the multicast server.

Multicast Configuration

switch(config)# ip igmp snooping
switch(config)# ip igmp snooping vlan x

router(config)# ip multicast-routing
router(config)# ip pim {dense-mode | sparse-mode | sparse-dense-mode}
router(config)# ip pim version {1 | 2}

Multicast Troubleshooting
ip igmp join-group — Let’s a router join a group in order to test.
sh ip igmp group — Shows the groups a router has joined.
sh ip igmp interface — Shows IGMP information for each interface.

sh ip mroute
ping multicast address
sh ip pim rp
sh ip rpf

sh ip igmp group

R1#sh ip igmp groups
IGMP Connected Group Membership
Group Address    Interface                Uptime    Expires   Last Reporter   Group Accounted
232.32.32.32     Loopback1                00:06:35  00:02:18  192.168.1.1    
224.0.1.40       Loopback1                00:06:35  00:02:16  192.168.1.1

sh ip igmp interface

R1#sh ip igmp interface
Loopback1 is up, line protocol is up
  Internet address is 192.168.1.1/24
  IGMP is enabled on interface
  Current IGMP host version is 2
  Current IGMP router version is 2
  IGMP query interval is 60 seconds
  IGMP querier timeout is 120 seconds
  IGMP max query response time is 10 seconds
  Last member query count is 2
  Last member query response interval is 1000 ms
  Inbound IGMP access group is not set
  IGMP activity: 2 joins, 0 leaves
  Multicast routing is enabled on interface
  Multicast TTL threshold is 0
  Multicast designated router (DR) is 192.168.1.1 (this system)
  IGMP querying router is 192.168.1.1 (this system)
  Multicast groups joined by this system (number of users):
      224.0.1.40(1)  232.32.32.32(1)

sh ip mroute

R1#sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
 Timers: Uptime/Expires
 Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 232.32.32.32), 00:21:25/stopped, RP 0.0.0.0, flags: DCL
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial1/1, Forward/Dense, 00:21:25/00:00:00
    Serial1/0, Forward/Dense, 00:21:25/00:00:00
    Loopback1, Forward/Dense, 00:21:25/00:00:00

ping multicast address

R1#ping 232.32.32.32    

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 232.32.32.32, timeout is 2 seconds:

Reply to request 0 from 172.16.102.2, 12 ms
Reply to request 0 from 172.16.103.3, 16 ms
Reply to request 0 from 192.168.1.1, 16 ms
Categories: CCNP TSHOOT, Routing Tags:

There’s a command for that.TM

May 3rd, 2010 jud No comments

Last week we had in a consultant from one of our electronic medical record (EMR) vendors and we were working on a RedHat cluster. He was asking me to check whether a service started at a runlevel and wanted me to ls /etc/rc.d/rc5.d, I looked at him and said, “There’s a command for that.” (The command is chkconfig.) I’ve been chuckling about it for the past few days.

The Linux and BSD foundations need to get together and start an advertising campaign, it would be a great parody.

Categories: Linux, Musings Tags:

TSHOOT Sidenote

May 2nd, 2010 jud No comments

I added some more flashcards in the files directory. These all have a file name of tshoot-topic.csv and are for the Flashcards Deluxe iPhone app.

If you notice any errors in the cards please shoot an email or make a comment. At this point I have not downloaded all of them so there may be serious errors or formatting changes. I made them from my notes so any errors are mine.

Categories: CCNP TSHOOT, Routing Tags:

Troubleshoot DHCP

May 2nd, 2010 jud No comments

I am not going to get into a long discussion of DHCP. I run the DNS/DHCP servers at work and have a pretty good idea of how it all works. Even though the basics are the same, BIND is a different animal than IOS.

The DCHP process from debug messages
–> DHCPD: DHCPDISCOVER received from client
<-- DHCPD: Sending DHCPOFFER to client
–> DHCPD: DHCPREQUEST received from client
<-- DHCPD: Sending DHCPACK to client

And the actual debug output.

R4#debug ip dhcp server packet
DHCP server packet debugging is on.
R4#
*Apr 28 22:51:33.407: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d30.3030.342e.6464.3639.2e66.6430.312d.4661.302f.30 through relay 10.2.1.1.
*Apr 28 22:51:33.407: DHCPD: Allocate an address without class information (10.2.1.0)
R4#
*Apr 28 22:51:35.407: DHCPD: Sending DHCPOFFER to client 0063.6973.636f.2d30.3030.342e.6464.3639.2e66.6430.312d.4661.302f.30 (10.2.1.7).
*Apr 28 22:51:35.407: DHCPD: unicasting BOOTREPLY for client 0004.dd69.fd01 to relay 10.2.1.1.
*Apr 28 22:51:35.411: DHCPD: DHCPREQUEST received from client 0063.6973.636f.2d30.3030.342e.6464.3639.2e66.6430.312d.4661.302f.30.
*Apr 28 22:51:35.411: DHCPD: No default domain to append - abort update
*Apr 28 22:51:35.411: DHCPD: Sending DHCPACK to client 0063.6973.636f.2d30.3030.342e.6464.3639.2e66.6430.312d.4661.302f.30 (10.2.1.7).
*Apr 28 22:51:35.411: DHCPD: unicasting BOOTREPLY for client 0004.dd69.fd01 to relay 10.2.1.1.

DHCP Message Table

Message Use
DHCPDISCOVER Host is querying available servers, sent to broadcast address 255.255.255.255 on UDP port 67.
DHCPOFFER Server responds on UDP port 68.
DHCPREQUEST Client broadcasts to a specific DHCP server requesting the offered parameters from that server
DHCPDECLINE Message sent from the client to the server that the address is already in use.
DHCPACK The server sends configuration parameters including network address to a client.
DHCPNAK The server sends a refusal to the client for request for configuration.
DHCPRELEASEClient tells a server it is giving up an address and the remaining lease.
DHCPINFORM A client already has an IP address but is requesting other configuration paramets that the DHCP server is configured to deliver such as DNS or Winbind addresses.

IOS DHCP Server Configuration
The lease command is in days. Also, the excluded-address field can be a range low to high, for instance the snippet below will exclude the range of .1 to .50 on the 10.2.1.x subnet.

ip dhcp excluded-address 10.2.1.1 10.2.1.50

DHCP Server configuration:

no ip dhcp use vrf connected
ip dhcp excluded-address 10.2.1.1
ip dhcp excluded-address 10.2.1.2
ip dhcp excluded-address 10.2.1.254
!
ip dhcp pool vlan10
   network 10.2.1.0 255.255.255.0
   default-router 10.2.1.1
   lease 5

DHCP Helper Address
DHCP uses broadcast address because the client does not have an IP address with which to communicate. Routers do not forward broadcasts, therefore routers need to set up to forward DHCP traffic, the IP helper-address command also forwards the following protocols:
TFTP
Domain Name System (DNS)
Internet Time Service (ITS)
NetBIOS name server
NetBIOS datagram server
BootP
TACACS

interface Vlan10
 ip address 10.2.1.1 255.255.255.0
 ip helper-address 10.1.4.5

An IOS router as a DHCP client:

interface FastEthernet0/0
 ip address dhcp

DHCP Troubleshooting
show ip dhcp conflict
show ip dhcp binding

R4#sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/          Lease expiration        Type
            Hardware address/
            User name
10.2.1.5            0063.6973.636f.2d30.    May 06 2010 11:16 AM    Automatic
                    3064.302e.6262.6566.
                    2e36.3463.312d.4661.
                    302f.30
10.2.1.8            0063.6973.636f.2d30.    May 07 2010 07:09 PM    Automatic
                    3030.342e.6464.3639.
                    2e66.6430.312d.4661.
                    302f.30

clear ip dhcp binding *
This is not necessarily the best command to run on a production router because you clear the addresses the router knows it has given out.
clear ip dhcp conflict *
debug ip dhcp server packet
See the listing above.
debug ip dhcp server events

R4#debug ip dhcp server events
DHCP server event debugging is on.
R4#
*May  2 19:07:21.660: DHCPD: checking for expired leases.
R4#
*May  2 19:07:59.764: DHCPD: Sending notification of TERMINATION:
*May  2 19:07:59.764:  DHCPD: address 10.2.1.7 mask 255.255.255.0
*May  2 19:07:59.764:  DHCPD: reason flags: RELEASE
*May  2 19:07:59.764:   DHCPD: htype 1 chaddr 0004.dd69.fd01
*May  2 19:07:59.764:   DHCPD: lease time remaining (secs) = 315841
*May  2 19:07:59.764: DHCPD: returned 10.2.1.7 to address pool vlan10.
R4#
*May  2 19:09:04.224: DHCPD: Sending notification of DISCOVER:
*May  2 19:09:04.224:   DHCPD: htype 1 chaddr 0004.dd69.fd01
*May  2 19:09:04.224:   DHCPD: remote id 020a00000a01040500000000
*May  2 19:09:04.224:   DHCPD: circuit id 00000000
*May  2 19:09:04.224: DHCPD: Seeing if there is an internally specified pool class:
*May  2 19:09:04.224:   DHCPD: htype 1 chaddr 0004.dd69.fd01
*May  2 19:09:04.224:   DHCPD: remote id 020a00000a01040500000000
*May  2 19:09:04.224:   DHCPD: circuit id 00000000
R4#
*May  2 19:09:06.224: DHCPD: Adding binding to radix tree (10.2.1.8)
*May  2 19:09:06.224: DHCPD: Adding binding to hash tree
*May  2 19:09:06.224: DHCPD: assigned IP address 10.2.1.8 to client 0063.6973.636f.2d30.3030.342e.6464.3639.2e66.6430.312d.4661.302f.30.
*May  2 19:09:06.228: DHCPD: Sending notification of ASSIGNMENT:
*May  2 19:09:06.228:  DHCPD: address 10.2.1.8 mask 255.255.255.0
*May  2 19:09:06.228:   DHCPD: htype 1 chaddr 0004.dd69.fd01
*May  2 19:09:06.228:   DHCPD: lease time remaining (secs) = 432000
R4#
*May  2 19:09:21.660: DHCPD: checking for expired leases.

sh ip dhcp pool

R4#sh ip dhcp pool

Pool vlan10 :
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)       : 0 / 0
 Total addresses                : 254
 Leased addresses               : 1
 Pending event                  : none
 1 subnet is currently in the pool :
 Current index        IP address range                    Leased addresses
 10.2.1.10            10.2.1.1         - 10.2.1.254        1

Additional Source:
Document ID: 27470

Categories: CCNP TSHOOT, Routing Tags: