DHCP Relay setup using 2 Cisco routers not working

Posted on 2003-02-19
Medium Priority
Last Modified: 2012-06-27
I have 2 networks linked by 2 CPA1005 Cisco switches (IOS 11.1), using a 64K PPP circuit.

I`ve already set the Scope on my Win2K DHCP Server, but couldn`t config my Cisco routers. My topology is:

DHCP Server:


I`ve made the following configs:

router#config t
router(config)#ip dhcp-server
router(config)#int s0
router(config-int)#ip helper-address

router#config t
router(config)#ip forward-protocol udp 67
router(config)#ip forward-protocol udp 68
router(config)#no ip bootp server
router(config)#int e0
router(config-int)#ip helper-address

But after that, on B-side, my config got as follows:

router#sh run
Building configuration...

Current configuration:
version 11.1
service slave-log
service password-encryption
service udp-small-servers
service tcp-small-servers
hostname router
enable secret 5 $xxxx
enable password 7 xxxx
no ip bootp server
interface Ethernet0
 ip address
 ip helper-address
interface Serial0
 ip address
 encapsulation ppp
 keepalive 32767
 no fair-queue
 compress stac
no ip classless
ip route Serial0
line con 0
line vty 0 4
 password 7 xxxx

My questions are:

1) Should the line "no ip bootp server" be appearing on sh run? All I wanted to do was to be sure this function was disabled

2) Shouldn`t the "ip forward" lines appear on sh run?

Despite the 2 questions, did I chose the right commands to issue? Would this allow me to get DHCP-assigned IPs on B-Side?

Question by:RicardoBSF
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 79

Accepted Solution

lrmoore earned 200 total points
ID: 7985187
G'day RicardoBSF

1) the "no ip bootp server" is OK that just means the router itself is not going to be a bootp server
2) no, because the one command "ip forward-protocol" opens those udp ports (among several others), so they will not appear by themselves in the config.

First, remove these commands from A - not needed at all. you don't need any configuration on the side with the DHCP server itself

> router(config)#ip dhcp-server
> router(config)#int s0
> router(config-int)#ip helper-address

On B-side remove these lines:
>router(config)#ip forward-protocol udp 67
>router(config)#ip forward-protocol udp 68

Assuming that your DHCP server's default gateway is the IP address of ETH0 port on A-side router
AND, the scope is properly set up for, then yes, this will let the clients on side B get DHCP addresses from the server at side A.

I know it works. I have one network with 45 remote sites and only 1 DHCP server.

NOTE: I would NOT use 128.x.x.x ip addresses, unless these are your public assigned addresses. You should use the "private" RFC 1918 address space of or
I just spent 4 months helping a customer move from a 128.x.x.x address scheme to a private IP network. belongs to BBN Communications, Boston, MA


Expert Comment

ID: 7985339
the ip helper address will cause the router to automatically forward udp 67 and 68 without the need of the ip forward-protocol commands :)

Author Comment

ID: 7993916
Hello lrmoore

Thanks a lot for your fine comment (also thanks for the other pal who posted about IP Helper). I will try these configs later on the routers.

About the 128.x.x.x range, you're correct. I've already suggested the change to a 192.168.x.x range, hope someone accepts this suggestion.


Author Comment

ID: 7995668
Hi lrmoore (& all...)

What if my DHCP server's default gateway is not directed to E0 on A-Side Router? I'm telling this because, on A-Side, I've 2 routers: 1 pointing to the remote site (e0= and other pointing to the Internet (e0=, and the default gateway for DHCP is

On the Internet router I do have the following config:

ip route Serial0
ip route
access-list 1 permit
access-list 101 deny   tcp any any eq ftp
access-list 101 deny   tcp any any eq 22
access-list 101 deny   tcp any any eq telnet
access-list 101 deny   tcp any any eq smtp
access-list 101 deny   tcp any any eq pop3
access-list 101 deny   tcp any any eq www
access-list 101 deny   tcp any any eq 443
access-list 101 deny   tcp any any eq 3389
access-list 101 deny   tcp any any eq 5800
access-list 101 deny   tcp any any eq 5900
access-list 101 deny   tcp any any eq 1436
access-list 101 deny   tcp any any eq 3306
access-list 101 permit ip any any

In this case, do I need to add any additional config to the A-Side router? I believe the ip routes set have nothing to do with BOOTP requests, right?

Many thanks,

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question