Cisco Systems OL-6240-02 Server User Manual


 
22-18
Cisco CNS Network Registrar User’s Guide
OL-6240-02
Chapter 22 Advanced DHCP Server Properties
Configuring Virtual Private Networks and Subnet Allocation
Step 1 Create a DHCP address block for a subnet, set the initial subnet mask and its increment, and set other
subnet allocation request attributes. Also, associate a policy or define an embedded policy.
If you use VPNs, you can specify a vpn or vpn-id attribute (see the “Configuring Virtual Private
Networks Using DHCP” section on page 22-12).
Note Unsetting the VPN ID in the CLI reverts the value to the current session VPN.
The server uses the presence of the subnet-alloc DNS option (220) in the request packet to determine
that the packet is a subnet allocation request. You can configure the server to use the subnet-name
suboption (3) as a selection tag if you set the addr-blocks-use-selection-tags attribute for the server
or VPN.
You can optionally set a default selection tag by setting the addr-blocks-default-selection-tags
attribute for the DHCP server or VPN object. This identifies one or more subnets from which to
allocate the addresses. If the relay agent sends a VPN string (via a VPN option or relay agent
suboption), associated with a subnet, any address block with that string as one of its
addr-blocks-default-selection-tags values uses that subnet.
The default behavior on the server and for VPNs is that the DHCP server tries to allocate subnets to
clients using address blocks that the clients already used. Disabling the
addr-blocks-use-client-affinity attribute causes the server to supply subnets from any suitable
address block, based on other selection data in the clients’ messages.
If you want to support configurations of multiple address blocks on a single LAN segment
(analogous to using primary and secondary scopes), add a segment-name attribute string value to the
DHCP address block. When the relay agent sends a single subnet selection address, it selects address
blocks tagged with that segment-name string value. However, you must also explicitly enable the
LAN segment capability (addr-blocks-use-lan-segments) at the server or VPN level.
Instead of associating a policy, you can set properties for the address block’s embedded policy. As
in embedded policies for clients, client-classes, and scopes, you can enable, disable, set, unset, get,
and show attributes for an address block policy. You can also set, unset, get, and list any DHCP
options for it, as well as set, unset, and list vendor options. Note that deleting an address block
embedded policy unsets all the embedded policy properties.
Step 2 Note that the server allocates subnets based on the relay agent request. If not requested, the default
subnet size is a 28-bit address mask. You can change this default, if necessary, by setting the
default-subnet-size attribute for the DHCP address block. For example:
nrcmd> dhcp-address-block red set default-subnet-size=25
Step 3 You can control any of the subnets the DHCP server creates from the address blocks. Identify the subnet
in the form vpn-name/netipaddress/mask, with the vpn-name optional. Subnet control includes activating
and deactivating the subnet as you would a lease. Likewise, you can force a subnet to be available, with
the condition that before you do so, that you check that the clients assigned the subnet are no longer using
it. First, show any subnets created.
Step 4 Reload the DHCP server.