IP-Helper Misconceptions

Like many other, I was under a misconception that IP-HELPER command was only used for relaying DHCP packets, until recently I found other uses of IP-HELPER.

As we know we configure helper address so that the L3 device can redirect the broadcast packets as a unicast to the helper address. Routers use helper addresses to forward broadcasts to another server or router on another network.

DHCP is not the only critical service that uses broadcasts. Cisco routers and other devices might use broadcasts to locate TFTP servers. Some clients might need to broadcast to locate a TACACS security server. In a complex hierarchical network, clients might not reside on the same subnet as key servers. These broadcast requests would be dropped by the Router as per its default behavior.

Some clients are unable to make a connection without services such as DHCP. For this reason, the administrator must provide DHCP and DNS servers on all subnets or use the Cisco IOS software helper address feature. Running services such as DHCP or DNS on several computers creates overhead and administrative problems, so the first option is not very appealing. When possible, administrators use the ip helper-address command to relay broadcast requests for these key User Datagram Protocol (UDP) services.

By using the ip helper-address command, a router can be configured to accept a broadcast request for a UDP service and then forward it as a unicast to a specific IP addressBy using the ip helper-address command, a router can be configured to accept a broadcast request for a UDP service and then forward it as a unicast to a specific IP address.

By default, the ip helper-address command forwards the eight UDP services.By default, the ip helper-address command forwards the eight UDP services

Service Port
Time 37
TACACS 49
DNS 53
BOOTP/DHCP Server 67
BOOTP/DHCP Client 68
TFTP 69
NetBIOS name service 137
NetBIOS datagram service 138

 

In addition to the default eight services the Cisco IOS software provides the global configuration command ip forward-protocol to allow an administrator to forward any UDP port.

To forward UDP on port 517, use the global configuration command ip forward-protocol udp 517. You can also take off the default services using the same command using the keyword “no”.

Example:
==========
RTA(config-if)#ip helper-address 192.168.1.254
RTA(config-if)#exit
RTA(config)#ip forward-protocol udp 517
RTA(config)#no ip forward-protocol udp 37
RTA(config)#no ip forward-protocol udp 49
RTA(config)#no ip forward-protocol udp 137

 

Hope this was helpful…

One thought on “IP-Helper Misconceptions

Leave a Reply

Your email address will not be published. Required fields are marked *