IP Helper Address in Cisco Routers

Cisco is a very successful company that mainly deals with manufacturing, design and sales of networking equipment. The company as founded in 1984 and since then has revolutionized how people the world over connect and use the internet. At present, the company is valued at over $100 billion and has an annual net income of $9 billion. Cisco offers several certifications for those interested in becoming networking professionals, suitable for different levels of experience. If you’re looking for a career in networking, taking one of their certified courses will boost your career prospects – and not just with Cisco. This course on implementing Cisco IP routing is a good place to start, in your journey to become a Cisco certified professional.

In this tutorial, we’re going to take a look at the IP Helper address utilization in Cisco routers. You need to have a basic understanding of hardware and networking terminology to understand this tutorial. If these are new to you, you can quickly learn the basics of the TCP/IP stack with this video course.

IP Helper Address

The IP Helper address command is a feature offered by Cisco routers. It is an essential service needed in large, complex networks. What does the IP Helper address command do exactly? It lets routers relay User Datagram Protocol requests when necessary. It makes the router a middleman of sorts – it allows a broadcast to pass through a router to its destination.

Some routers broadcast to locate key servers, like TFTP servers or TACACS servers. However, in complex, large networks, these routers (and by extension clients, or the computers attached to those routers) may not be located on the same subnet as the server. Most routers do not support client forwarding beyond a subnet by default. In this case, the broadcast is lost and the client can’t locate the server. Having trouble grasping the concept? Suppose your flight needs to go to Australia from Europe via Singapore, but it is denied entry at Singapore. You are prevented from reaching your destination, just like a broadcast is prevented from passing beyond a router. The IP Helper address command is a workaround that lets a broadcast pass through a Cisco router that supports the feature.

There is a normal workaround for this problem, of course. You can assign DNS and DHCP addresses to all computers on the network. However, this consumes additional resources and is a headache for system administrators, especially on large and complex networks. The IP Helper address feature is the preferred solution in such situations, though it only works with Cisco routers. You can learn more about other networking workarounds and network terminology, like UDP, DNS, DHCP and TFTP with this course on IP address and subnetting.

Configuring the IP Helper Address

The IP Helper address forwards a broadcast to a single specified IP. Before using the IP Helper command, you must first change the interface to prepare the router to relay broadcasts. The command (courtesy the official documentation) is as follows:

RTA(config-if)#ip helper-address 192.168.1.254
RTA(config-if)#exit

This will configure the router to forward several UDP protocols, like DNS and BOOTP.

You can prevent the router from forwarding traffic by using the ip forward-protocol to block any or all UDP ports:

RTA(config)#ip forward-protocol udp 517
RTA(config)#no ip forward-protocol udp 37
RTA(config)#no ip forward-protocol udp 49
RTA(config)#no ip forward-protocol udp 137
RTA(config)#no ip forward-protocol udp 138
All these commands need to be typed in Global Configuration interface. You can block all services to block forwarding completely, or you can block a few and keep a few open, according to your needs.

Supported UDP services

By default, the IP Helper address command forwards 8 UDP services:

• Time on port number 37
• DNS on port number 53
• TACACS on port number 49
• BOOTP DHCP Client on port number 68
• BOOTP DHCP Server on port number 67
• NetBIOS Name on port number 137
• TFTP on port number 69
• NetBIOS Datagram service on port number 138

What if you need a service that isn’t included in these default 8 UDP services? You can use the ip forward-protcol command, along with the port number, to create a new UDP service. For example, if your UDP service was located on port 139, you can use the following command:

ip forward-protocol udp 139

You can also use this command to remove a service from the list of default services. The IP Helper command lets you clear bottlenecks in the network. Note that this is just one step in properly configuring a Cisco router. To become a fully certified Cisco professional you may want to take this all-in-one BootCamp for CCNP 2014.