Default gateway (canonical definition)

A default gateway is the IP address of a router interface on the local network segment that a host uses to send traffic destined for remote networks.

Discover, Offer, Request, Acknowledge – the four main steps of the DHCP lease process.

Authentication, Authorization, and Accounting; a framework for controlling and tracking user access to network devices and services.

Network Time Protocol, used to synchronize time across devices using a hierarchical stratum system over UDP port 123.

Core IP Services: DHCP, DNS, NTP, and Device Management — CCNA 200-301 Deep-Dive Masterclass: From Network Fundamentals to Automation

Big Picture: Core IP Services on Every Network

Why These Services Matter

This module connects four core IP services: DHCP, DNS, NTP, and secure device management (SSH, Telnet, AAA). They make networks usable and are heavily tested on CCNA.

High-Level Roles

DHCP: automates IP configuration
DNS: maps names to IPs
NTP: synchronizes clocks
Device management: lets you log in remotely to configure and verify all of this

How They Tie Together

DHCP gives clients their IP, subnet mask, default gateway, and DNS servers. DNS resolves hostnames, NTP aligns time across devices, and SSH/Telnet with AAA secures admin access.

DHCP Fundamentals and Message Flow

DHCP Canonical Definition

The Dynamic Host Configuration Protocol (DHCP) automatically assigns IP configuration parameters such as IP address, subnet mask, default gateway, and DNS servers to clients.

DORA Message Flow

The IPv4 lease process: Discover (client broadcast), Offer (server), Request (client), Acknowledge (server). Remember DORA for CCNA questions.

Key DHCP Details

DHCP uses UDP ports 67/68. It provides IP, mask, default gateway, DNS servers, and lease time. Broadcasts stay in the local subnet, so remote servers need DHCP relay.

Configuring a Basic DHCP Server on a Cisco Router

Scenario Overview

Router is default gateway and DHCP server for 192.168.10.0/24. It will hand out 192.168.10.50–200, with 192.168.10.1 as default gateway and 8.8.8.8 as DNS.

Key DHCP Commands

Use `ip dhcp excluded-address` to reserve addresses, then `ip dhcp pool`, `network`, `default-router`, `dns-server`, and `lease` to define the pool.

Verifying DHCP Operation

On the router, `show ip dhcp binding` and `show ip dhcp pool`. On the client, confirm it obtained IP, mask, default gateway, and DNS via DHCP.

DHCP Relay (IP Helper) on Cisco Devices

Why DHCP Relay?

Broadcast DHCPDISCOVER messages do not cross routers. DHCP relay lets a router forward client broadcasts as unicast to a remote DHCP server.

ip helper-address

On the client-facing interface or SVI, configure `ip helper-address <DHCP-server-IP>`. The router relays DHCP and some other UDP services by default.

Verification and Exam Trap

Use `show ip interface` to see helper addresses. Exam trap: configuring helper on the server-facing interface instead of the client-facing one.

DNS Fundamentals and Client Perspective

DNS Canonical Definition

The Domain Name System (DNS) is a distributed database that maps human-readable hostnames to IP addresses and other resource records.

Record Types and Client Flow

Key types: A, AAAA, CNAME, MX. Clients query DNS (UDP 53) when they need to turn names into IPs; servers may resolve recursively and return cached results.

DNS on Cisco Devices

Use `ip domain-lookup`, `ip name-server`, and `ip domain-name` so the router can resolve hostnames and support features like SSH host keys and pings by name.

NTP: Keeping Network Time in Sync

Why NTP Matters

NTP keeps clocks in sync for logging, security, and troubleshooting. Without it, timestamps across routers, switches, and servers become unreliable.

Stratum and Protocol Basics

NTP uses UDP 123 and a stratum hierarchy. Stratum 0 are reference clocks; higher numbers are less accurate but still synchronized.

Configuring and Verifying NTP

Use `ntp server <IP>` and then `show clock detail`, `show ntp status`, and `show ntp associations` to verify synchronization and stratum.

Device Management: SSH, Telnet, and Basic AAA Awareness

Telnet vs SSH

Telnet sends everything in clear text and is insecure. SSH encrypts the session and is the recommended protocol for remote CLI access on Cisco devices.

Enabling SSH on IOS

Set hostname and domain, create a local user, generate RSA keys, then on VTY lines use `transport input ssh` and `login local`.

AAA Concepts

AAA = Authentication, Authorization, Accounting. It controls who can log in, what they can do, and records what they did.

End-to-End Lab: DHCP, DNS, NTP, and SSH Together

Lab Topology Overview

R1 is the default gateway and DHCP relay for VLAN 10. Central servers provide DHCP, DNS, and NTP. PC1 is a DHCP client using all three services.

Key Config on R1

R1 uses `ip helper-address` for DHCP (and optionally DNS), `ntp server` for time, `ip name-server` for its own DNS, and SSH for secure management.

End-to-End Flow

PC1 gets its IP and default gateway via DHCP, resolves names via DNS, R1 syncs time via NTP, and you SSH into R1 to verify everything.

Thought Exercise: Troubleshooting Common Scenarios

Work through these scenarios mentally (or jot notes). This mirrors CCNA troubleshooting questions.

Scenario 1: No IP address on clients

PC1 on VLAN 10 shows `169.254.x.x` (APIPA) instead of 192.168.10.x.
You confirm the DHCP server is up and has a correct scope.
Question: On which device and interface do you check for `ip helper-address`, and what should it point to?

Think: The issue is likely the relay. You should check the router SVI or routed interface that faces VLAN 10. It must have `ip helper-address <DHCP-server-IP>` pointing to the DHCP server subnet.

Scenario 2: Can ping IPs, but not resolve names

PC1 has a valid IP, mask, and default gateway.
It can `ping 8.8.8.8` but `ping www.example.com` fails.
Question: Which setting from DHCP is probably wrong or missing, and how would you verify from the client and the router?

Think: The DNS server address is likely missing or incorrect. On the client, check `ipconfig` or `nmcli` to see which DNS server is set. On the router, verify the DHCP scope options (if it is the server) or that the DHCP server is configured to hand out the correct DNS IP.

Scenario 3: Logs show timestamps from 1993

Router just rebooted and syslog messages show an obviously wrong year.
Question: Which protocol fixes this, and which two commands on the router help you confirm synchronization?

Think: NTP fixes this. Use `ntp server <IP>` to configure, then `show clock detail` and `show ntp status` to verify.

Quiz 1: DHCP and DNS Basics

Test your understanding of DHCP and DNS fundamentals.

Which statement best describes the role of DHCP in an IPv4 network?

It encrypts management traffic between clients and routers.
It automatically assigns IP configuration parameters such as IP address, subnet mask, default gateway, and DNS servers to clients.
It maps human-readable hostnames to IP addresses and other resource records.
It synchronizes device clocks using a stratum hierarchy.

Show Answer

Answer: B) It automatically assigns IP configuration parameters such as IP address, subnet mask, default gateway, and DNS servers to clients.

The canonical definition you must memorize is: "The Dynamic Host Configuration Protocol (DHCP) automatically assigns IP configuration parameters such as IP address, subnet mask, default gateway, and DNS servers to clients." The other options describe SSH/TLS, DNS, and NTP respectively.

Quiz 2: NTP and Device Management

Check your understanding of NTP and secure device access.

You notice that a router's logs have inconsistent timestamps after a reboot. Which combination of protocol and verification command is most appropriate to fix and confirm accurate time?

Use DNS and verify with `show ip dns`.
Use DHCP and verify with `show ip dhcp binding`.
Use NTP and verify with `show ntp status` and `show clock detail`.
Use SSH and verify with `show users`.