Configuring DHCP. Information About DHCP. License Requirement CHAPTER



Similar documents
Lab Configuring the PIX Firewall as a DHCP Server

DHCP and DNS Services

Configuring DHCP and DNS Services

Configuring DHCP. DHCP Server Overview

Using PIX Firewall in SOHO Networks

Configuring Dynamic DNS

DHCP Server Port-Based Address Allocation

Configuring the Transparent or Routed Firewall

Topic 7 DHCP and NAT. Networking BAsics.

NETGEAR ProSAFE WC9500 High Capacity Wireless Controller

- The PIX OS Command-Line Interface -

Securing Networks with PIX and ASA

Lab PC Network TCP/IP Configuration

Security Considerations in IP Telephony Network Configuration

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

DHCP Server. Heng Sovannarith

A DHCP Primer. Dario Laverde, 2002 Dario Laverde

PT Activity 8.1.2: Network Discovery and Documentation Topology Diagram

1 PC to WX64 direction connection with crossover cable or hub/switch

Network Protocol Configuration

Application Protocols for TCP/IP Administration

Adding an Extended Access List

Configuring DHCP Snooping and IP Source Guard

Configuration Guide. DHCP Server. LAN client

Chapter 3 LAN Configuration

IP Routing Features. Contents

MS Windows DHCP Server Configuration

Lab 5-5 Configuring the Cisco IOS DHCP Server

Configuring H.323 over Port Network Address Translation (PNAT) for Avaya IP Endpoints using the Avaya SG200 Security Gateway - Issue 1.

Configuring DHCP Snooping

Dynamic Host Configuration Protocol (DHCP)

Configuring Trend Micro Content Security

Using IPM to Measure Network Performance

Services. Vyatta System. REFERENCE GUIDE DHCP DHCPv6 DNS Web Caching LLDP VYATTA, INC.

Cisco Configuring Commonly Used IP ACLs

Configuring the Switch IP Address and Default Gateway

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Configuration of the DHCP server

BASIC ANALYSIS OF TCP/IP NETWORKS

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

The Cisco IOS Firewall feature set is supported on the following platforms: Cisco 2600 series Cisco 3600 series

Evaluation guide. Vyatta Quick Evaluation Guide

How to Install and Configure the DHCP Service in Windows Server 2008 R2

ICS 351: Today's plan

Module 6 Configure Remote Access VPN

Domain Name System (DNS) Services

Configuring DNS. Finding Feature Information

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

How To Load Balance On A Cisco Cisco Cs3.X With A Csono Css 3.X And Csonos 3.5.X (Cisco Css) On A Powerline With A Powerpack (C

SSVP SIP School VoIP Professional Certification

Chapter 8 Advanced Configuration

Table of Contents. Cisco How to Download a Software Image to a Cisco 2600 via TFTP Using the tftpdnld ROMmon Command

Chapter 5 Customizing Your Network Settings

Date 07/05/ :20:22. CENTREL Solutions. Author. Version Product XIA Configuration Server [ ]

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

WiNG 5.X Reference. DHCP Options. Part No. TME REV A

Dynamic Host Configuration Protocol (DHCP) 02 NAT and DHCP Tópicos Avançados de Redes

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Sample Configuration Using the ip nat outside source static

Configuring Primary and Backup Proxy Servers for Standalone Content Engines

M2M Series Routers. Virtual Router Redundancy Protocol (VRRP) Configuration Whitepaper

- Advanced IOS Functions -

Cisco CNR and DHCP FAQs for Cable Environment

Configuring the Cisco PIX Firewall for SSH by Brian Ford

Domain Name System Server Round-Robin Functionality for the Cisco AS5800

Supported Platforms. Supported Standards, MIBs, and RFCs. Prerequisites. Related Features and Technologies. Related Documents. Improved Server Access

How To Plan Out Your Own Version Of Hpl (Dhcp) On A Network With A Network (Dns) On Your Network (Dhpl) On An Ipad Or Ipad On A Pc Or Ipa On A Server On A

Internetworking Microsoft TCP/IP on Microsoft Windows NT 4.0

Steps for Basic Configuration

Quick Note 53. Ethernet to W-WAN failover with logical Ethernet interface.

Application Description

Configuring the BIG-IP and Check Point VPN-1 /FireWall-1

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

HOW TO CONFIGURE CISCO FIREWALL PART I

Load Balancing Clearswift Secure Web Gateway

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

LAN TCP/IP and DHCP Setup

Scenario: Remote-Access VPN Configuration

Deployment Guide: Transparent Mode

FTP e TFTP. File transfer protocols PSA1

Network Load Balancing

Cisco AnyConnect Secure Mobility Solution Guide

21.4 Network Address Translation (NAT) NAT concept

Using WhatsUp IP Address Manager 1.0

IP Services REFERENCE GUIDE. VYATTA, INC. Vyatta System SSH. DHCP DNS Web Caching. Title

- Basic Router Security -

NAT Configuration. Contents. 1 NAT Configuration. 1.1 NAT Overview NAT Configuration

Basic IPv6 WAN and LAN Configuration

Configuring NetFlow Secure Event Logging (NSEL)

Table of Contents. Cisco How to Download a Software Image to a Cisco 2600 through TFTP Using the tftpdnld ROMmon Command

Configuring the Content Routing Software

Troubleshooting Tools

Computer Networks I Laboratory Exercise 1

Lab Characterizing Network Applications

KAREL UCAP DNS AND DHCP CONCEPTS MANUAL MADE BY: KAREL ELEKTRONIK SANAYI ve TICARET A.S. Organize Sanayi Gazneliler Caddesi 10

Network Security 2. Module 6 Configure Remote Access VPN

Firewall Stateful Inspection of ICMP

Advantech WebAccess Device Driver Guide. BwSNMP Advantech WebAccess to SNMP Agent (Simple Network Management Protocol) Device Driver Guide

Transcription:

11 CHAPTER This chapter describes how to configure the DHCP server and includes the following sections: Information About DHCP, page 11-1 Licensing Requirements for DHCP, page 11-1 Guidelines and Limitations, page 11-2 Configuring a DHCP Server, page 11-2 Relay Services, page 11-7 DHCP Monitoring s, page 11-8 Feature History for DHCP, page 11-8 Information About DHCP DHCP provides network configuration parameters, such as IP addresses, to DHCP clients. The ASA can provide a DHCP server or DHCP relay services to DHCP clients attached to ASA interfaces. The DHCP server provides network configuration parameters directly to DHCP clients. DHCP relay passes DHCP requests received on one interface to an external DHCP server located behind a different interface. Licensing Requirements for DHCP Table 11-1 shows the licensing requirements for DHCP. Table 11-1 Licensing Requirements Model All models License Requirement Base License. For the ASA 5505, the maximum number of DHCP client addresses varies depending on the license: If the limit is 10 hosts, the maximum available DHCP pool is 32 addresses. If the limit is 50 hosts, the maximum available DHCP pool is 128 addresses. If the number of hosts is unlimited, the maximum available DHCP pool is 256 addresses. 11-1

Guidelines and Limitations Chapter 11 By default, the ASA 5505 ships with a 10-user license. Guidelines and Limitations Use the following guidelines to configure the DHCP server: You can configure a DHCP server on each interface of the ASA. Each interface can have its own pool of addresses to draw from. However the other DHCP settings, such as DNS servers, domain name, options, ping timeout, and WINS servers, are configured globally and used by the DHCP server on all interfaces. You cannot configure a DHCP client or DHCP relay services on an interface on which the server is enabled. Additionally, DHCP clients must be directly connected to the interface on which the server is enabled. The ASA does not support QIP DHCP servers for use with DHCP proxy. The relay agent cannot be enabled if the DHCP server is also enabled. When it receives a DHCP request, the ASA sends a discovery message to the DHCP server. This message includes the IP address (within a subnetwork) configured with the dhcp-network-scope command in the group policy. If the server has an address pool that falls within that subnetwork, the server sends the offer message with the pool information to the IP address not to the source IP address of the discovery message. For example, if the server has a pool in the range of 209.165.200.225 to 209.165.200.254, mask 255.255.255.0, and the IP address specified by the dhcp-network-scope command is 209.165.200.1, the server sends that pool in the offer message to the ASA. Failover Guidelines Supports Active/Active and Active/Standby failover. Firewall Mode Guidelines Supported in routed and transparent firewall modes. Context Mode Guidelines Supported in single mode and multiple context mode. Configuring a DHCP Server This section describes how to configure a DHCP server provided by the ASA and includes the following topics: Enabling the DHCP Server, page 11-3 Options, page 11-4 Using Cisco IP Phones with a DHCP Server, page 11-6 DHCP Monitoring s, page 11-8 11-2

Chapter 11 Configuring a DHCP Server Enabling the DHCP Server The ASA can act as a DHCP server. DHCP is a protocol that provides network settings to hosts, including the host IP address, the default gateway, and a DNS server. The ASA DHCP server does not support BOOTP requests. In multiple context mode, you cannot enable the DHCP server or DHCP relay on an interface that is used by more than one context. To enable the DHCP server on a ASA interface, perform the following steps: Step 1 Step 2 dhcpd address ip_address-ip_address interface_name hostname(config)# dhcpd address 10.0.1.101-10.0.1.110 inside dhcpd dns dns1 [dns2] Create a DHCP address pool. The ASA assigns a client one of the addresses from this pool to use for a given length of time. These addresses are the local, untranslated addresses for the directly connected network. The address pool must be on the same subnet as the ASA interface. (Optional) Specifies the IP address(es) of the DNS server(s). Step 3 Step 4 Step 5 hostname(config)# dhcpd dns 209.165.201.2 209.165.202.129 dhcpd wins wins1 [wins2] hostname(config)# dhcpd wins 209.165.201.5 dhcpd lease lease_length hostname(config)# dhcpd lease 3000 dhcpd domain domain_name (Optional) Specifies the IP address(es) of the WINS server(s). You can specify up to two WINS servers. (Optional) Change the lease length to be granted to the client. This lease equals the amount of time (in seconds) the client can use its allocated IP address before the lease expires. Enter a value between 0 to 1,048,575. The default value is 3600 seconds. (Optional) Configures the domain name. Step 6 hostname(config)# dhcpd domain example.com dhcpd ping_timeout milliseconds hostname(config)# dhcpd ping timeout 20 (Optional) Configures the DHCP ping timeout value. To avoid address conflicts, the ASA sends two ICMP ping packets to an address before assigning that address to a DHCP client. This command specifies the timeout value for those packets. 11-3

Configuring a DHCP Server Chapter 11 Step 7 Step 8 dhcpd option 3 ip gateway_ip hostname(config)# dhcpd option 3 ip 10.10.1.1 dhcpd enable interface_name hostname(config)# dhcpd enable outside Defines a default gateway that is sent to DHCP clients. If you do not use the dhcpd option 3 command to define the default gateway, DHCP clients use the IP address of the management interface. As a result, the DHCP ACK does not include this option. The management interface does not route traffic. Enables the DHCP daemon within the ASA to listen for DHCP client requests on the enabled interface. Options You can configure the ASA to send information for the DHCP options listed in RFC 2132. The DHCP options include the following three categories: Options that Return an IP Address, page 11-4 Options that Return a Text String, page 11-4 Options that Return a Hexadecimal Value, page 11-5 The ASA supports all three categories. To configure a DHCP option, choose one of the following commands: Options that Return an IP Address dhcpd option code ip addr_1 [addr_2] Configures a DHCP option that returns one or two IP addresses. hostname(config)# dhcpd option 2 ip 10.10.1.1 10.10.1.2 Options that Return a Text String dhcpd option code ascii text Configures a DHCP option that returns a text string. hostname(config)# dhcpd option 2 ascii examplestring 11-4

Chapter 11 Configuring a DHCP Server Options that Return a Hexadecimal Value dhcpd option code hex value Configures a DHCP option that returns a hexadecimal value. hostname(config)# dhcpd option 2 hex 22.0011.01.FF1111.00FF.0000.AAAA.1111.1111.1111.11 The ASA does not verify that the option type and value that you provide match the expected type and value for the option code as defined in RFC 2132. For example, you can enter the dhcpd option 46 ascii hello command, and the ASA accepts the configuration, although option 46 is defined in RFC 2132 to expect a single-digit, hexadecimal value. For more information about the option codes and their associated types and expected values, see RFC 2132. Table 11-2 shows the DHCP options that are not supported by the dhcpd option command. Table 11-2 Unsupported DHCP Options Option Code Description 0 DHCPOPT_PAD 1 HCPOPT_SUBNET_MASK 12 DHCPOPT_HOST_NAME 50 DHCPOPT_REQUESTED_ADDRESS 51 DHCPOPT_LEASE_TIME 52 DHCPOPT_OPTION_OVERLOAD 53 DHCPOPT_MESSAGE_TYPE 54 DHCPOPT_SERVER_IDENTIFIER 58 DHCPOPT_RENEWAL_TIME 59 DHCPOPT_REBINDING_TIME 61 DHCPOPT_CLIENT_IDENTIFIER 67 DHCPOPT_BOOT_FILE_NAME 82 DHCPOPT_RELAY_INFORMATION 255 DHCPOPT_END DHCP options 3, 66, and 150 are used to configure Cisco IP Phones. For more information about configuring these options, see the Using Cisco IP Phones with a DHCP Server section on page 11-6. 11-5

Configuring a DHCP Server Chapter 11 Using Cisco IP Phones with a DHCP Server Enterprises with small branch offices that implement a Cisco IP Telephony Voice over IP solution typically implement Cisco CallManager at a central office to control Cisco IP Phones at small branch offices. This implementation allows centralized call processing, reduces the equipment required, and eliminates the administration of additional Cisco CallManager and other servers at branch offices. Cisco IP Phones download their configuration from a TFTP server. When a Cisco IP Phone starts, if it does not have both the IP address and TFTP server IP address preconfigured, it sends a request with option 150 or 66 to the DHCP server to obtain this information. DHCP option 150 provides the IP addresses of a list of TFTP servers. DHCP option 66 gives the IP address or the hostname of a single TFTP server. Cisco IP Phones might also include DHCP option 3 in their requests, which sets the default route. A single request might include both options 150 and 66. In this case, the ASA DHCP server provides values for both options in the response if they are already configured on the ASA. You can configure the ASA to send information for most options listed in RFC 2132. The following examples show the syntax for any option number, as well as the syntax for options 3, 66, and 150: dhcpd option number value hostname(config)# dhcpd option 2 Provides information for DHCP requests that include an option number as specified in RFC-2132. dhcpd option 66 ascii server_name Provides the IP address or name of a TFTP server for option 66. hostname(config)# dhcpd option 66 ascii exampleserver dhcpd option 150 ip server_ip1 [server_ip2] hostname(config)# dhcpd option 150 ip 10.10.1.1 Provides the IP address or names of one or two TFTP servers for option 150. The server_ip1 is the IP address or name of the primary TFTP server while server_ip2 is the IP address or name of the secondary TFTP server. A maximum of two TFTP servers can be identified using option 150. 11-6

Chapter 11 Relay Services dhcpd option 3 ip router_ip1 Sets the default route. hostname(config)# dhcpd option 3 ip 10.10.1.1 Relay Services A DHCP relay agent allows the ASA to forward DHCP requests from clients to a router connected to a different interface. The following restrictions apply to the use of the DHCP relay agent: The relay agent cannot be enabled if the DHCP server feature is also enabled. DHCP clients must be directly connected to the ASA and cannot send requests through another relay agent or a router. For multiple context mode, you cannot enable DHCP relay on an interface that is used by more than one context. DHCP Relay services are not available in transparent firewall mode. An ASA in transparent firewall mode only allows ARP traffic through; all other traffic requires an access list. To allow DHCP requests and replies through the ASA in transparent mode, you need to configure two access lists, one that allows DCHP requests from the inside interface to the outside, and one that allows the replies from the server in the other direction. When DHCP relay is enabled and more than one DHCP relay server is defined, the ASA forwards client requests to each defined DHCP relay server. Replies from the servers are also forwarded to the client until the client DHCP relay binding is removed. The binding is removed when the ASA receives any of the following DHCP messages: ACK, NACK, or decline. You cannot enable DHCP Relay on an interface running DHCP Proxy. You must Remove VPN DHCP configuration first or you will see an error message. This error happens if both DHCP relay and DHCP proxy are enabled. Ensure that either DHCP relay or DHCP proxy are enabled, but not both. To enable DHCP relay, perform the following steps: Step 1 Step 2 dhcprelay server ip_address if_name hostname(config)# dhcprelay server 201.168.200.4 outside dhcprelay enable interface Set the IP address of a DHCP server on a different interface from the DHCP client. You can use this command up to ten times to identify up to ten servers. Enables DHCP relay on the interface connected to the clients. hostname(config)# dhcprelay enable inside 11-7

DHCP Monitoring s Chapter 11 Step 3 Step 4 dhcprelay timeout seconds hostname(config)# dhcprelay timeout 25 dhcprelay setroute interface_name hostname(config)# dhcprelay setroute inside (Optional) Set the number of seconds allowed for relay address negotiation. (Optional) Change the first default router address in the packet sent from the DHCP server to the address of the ASA interface. This action allows the client to set its default route to point to the ASA even if the DHCP server specifies a different router. If there is no default router option in the packet, the ASA adds one containing the interface address. DHCP Monitoring s To monitor DHCP, enter one of the following commands: show running-config dhcpd Shows the current DHCP configuration. show running-config dhcprelay Shows the current DHCP relay services status. Feature History for DHCP Table 11-3 lists each feature change and the platform release in which it was implemented. Table 11-3 Feature History for DHCP Feature Name Releases Description DHCP 7.0(1) The ASA can provide a DHCP server or DHCP relay services to DHCP clients attached to ASA interfaces. We introduced the following commands: dhcp client update dns, dhcpd address, dhcpd domain, dhcpd enable, dhcpd lease, dhcpd option, dhcpd ping timeout, dhcpd update dns, dhcpd wins, dhcp-network-scope, dhcprelay enable, dhcprelay server, dhcprelay setroute, dhcprelay trusted, dhcp-server. show running-config dhcpd, and show running-config dhcprelay. 11-8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information