https://community.cisco.com/t5/network-security/using-asa-as-dhcp-server-for-multiple-vlans/m-p/1651368#M589639 <P>i have a requirement to use an ASA as the DHCP server.</P><P></P><P>My questions are.....If I have multiple vlans behind the ASA</P><P></P><P>1 - Can I use the ASA with sub interfaces as the default gateway for each of these vlans ?</P><P></P><P>2 - Can I use the DHCP server feature on the ASA to assign ip addresses to each of the clients on each of the vlans ?</P><P></P><P>So vlan 10 subnet would be 192.168.10.0 /24 DHCP scope would be 192.168.10.10 - 254</P><P></P><P>and</P><P></P><P>vlan 20 subnet would be 192.168.20.0 /24 DHCP scope would be 192.168.20.10 - 254</P><P></P><P>I know I can use the ASA as a dhcp server, just not sure if it can assign different scopes to different VLAN clients.</P><P></P><P>Any help would be appreciated.</P><P></P><P>Cheers</P><P></P><P>Dave</P> Mon, 11 Mar 2019 20:04:27 GMT dclee 2019-03-11T20:04:27Z https://community.cisco.com/t5/network-security/using-asa-as-dhcp-server-for-multiple-vlans/m-p/1651368#M589639 <P>i have a requirement to use an ASA as the DHCP server.</P><P></P><P>My questions are.....If I have multiple vlans behind the ASA</P><P></P><P>1 - Can I use the ASA with sub interfaces as the default gateway for each of these vlans ?</P><P></P><P>2 - Can I use the DHCP server feature on the ASA to assign ip addresses to each of the clients on each of the vlans ?</P><P></P><P>So vlan 10 subnet would be 192.168.10.0 /24 DHCP scope would be 192.168.10.10 - 254</P><P></P><P>and</P><P></P><P>vlan 20 subnet would be 192.168.20.0 /24 DHCP scope would be 192.168.20.10 - 254</P><P></P><P>I know I can use the ASA as a dhcp server, just not sure if it can assign different scopes to different VLAN clients.</P><P></P><P>Any help would be appreciated.</P><P></P><P>Cheers</P><P></P><P>Dave</P> Mon, 11 Mar 2019 20:04:27 GMT https://community.cisco.com/t5/network-security/using-asa-as-dhcp-server-for-multiple-vlans/m-p/1651368#M589639 dclee 2019-03-11T20:04:27Z https://community.cisco.com/t5/network-security/using-asa-as-dhcp-server-for-multiple-vlans/m-p/1651369#M589640 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>You can configure a DHCP server on each interface of the ASA (I assume this also means subinterfaces however I haven't tried it).</P><P></P><P>Keep in mind the license restrictions also (ASA 5505):<BR />For a 10-user license, the max. DHCP clients is 32. For 50 users, the max. is 128. For unlimited users, the max. is 250, which is the max. for other models.</P><P></P><P>Also, the ASA only assigns IPs to directly connected subnets... meaning it won't assign IPs to hosts that are 1 or more layer 3 hops away (on a different subnet).</P><P></P><P>Hope it helps.</P><P></P><P>Federico.</P></BODY></HTML> Thu, 10 Mar 2011 19:16:54 GMT https://community.cisco.com/t5/network-security/using-asa-as-dhcp-server-for-multiple-vlans/m-p/1651369#M589640 Federico Coto Fajardo 2011-03-10T19:16:54Z https://community.cisco.com/t5/network-security/using-asa-as-dhcp-server-for-multiple-vlans/m-p/1651370#M589641 <HTML><HEAD></HEAD><BODY><P>Thanks it does help. I'll have to set it up in the lab and verify that I can indeed setup</P><P>a DHCP server per sub interface.</P><P></P><P>Thanks</P><P><BR />Dave</P></BODY></HTML> Thu, 10 Mar 2011 20:02:51 GMT https://community.cisco.com/t5/network-security/using-asa-as-dhcp-server-for-multiple-vlans/m-p/1651370#M589641 dclee 2011-03-10T20:02:51Z https://community.cisco.com/t5/network-security/using-asa-as-dhcp-server-for-multiple-vlans/m-p/1651371#M589642 <HTML><HEAD></HEAD><BODY><P>Dave ,&nbsp; as Federico have indicated&nbsp; you can use DHCP when using subinterfaces. DHCP services are&nbsp; bound to nameif&nbsp; rather than the interface/subinterface, so regardles wether you use actual physical or logical subinterface you use the interface nameif to activate DHCP services when working with dhcp command syntax.</P><P><BR />Exmaple ; using your IP scheme.</P><P></P><P>lets assume you will&nbsp; use physical&nbsp; e0/2 for your trunk and work your subinterfaces and DHCP</P><P></P><P></P><P>interface Ethernet0/2.10<BR />vlan 10<BR />nameif DMZ10<BR />security-level 100<BR />ip address 192.168.10.1 255.255.255.0</P><P><BR />interface Ethernet0/2.20<BR />vlan 20&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR />nameif DMZ20 <BR />security-level 100<BR />ip address 192.168.20.1 255.255.255.0 </P><P><BR />dhcpd address 192.168.10.10-192.168.10.254 DMZ10<BR />dhcpd dns x.x.x.x&nbsp; y.y.y.y interface DMZ10<BR />dhcpd enable DMZ10</P><P><BR />dhcpd address 192.168.20.10-192.168.20.254 DMZ20<BR />dhcpd dns h.h.h.h&nbsp; z.z.z.z interface DM20<BR />dhcpd enable DMZ20</P><P></P><P>Some references <BR /><A href="http://www.cisco.com/en/US/partner/docs/security/asa/asa82/command/reference/d2.html#wp1948446">http://www.cisco.com/en/US/partner/docs/security/asa/asa82/command/reference/d2.html#wp1948446</A></P><P></P><P><BR />Regards</P></BODY></HTML> Thu, 10 Mar 2011 22:26:34 GMT https://community.cisco.com/t5/network-security/using-asa-as-dhcp-server-for-multiple-vlans/m-p/1651371#M589642 JORGE RODRIGUEZ 2011-03-10T22:26:34Z https://community.cisco.com/t5/network-security/using-asa-as-dhcp-server-for-multiple-vlans/m-p/1651372#M589643 <HTML><HEAD></HEAD><BODY><P>Thanks for the info, got it up and running in the lab <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/happy.gif"></SPAN></P><P></P><P>Cheers</P><P></P><P>Dave</P></BODY></HTML> Fri, 11 Mar 2011 21:32:58 GMT https://community.cisco.com/t5/network-security/using-asa-as-dhcp-server-for-multiple-vlans/m-p/1651372#M589643 dclee 2011-03-11T21:32:58Z https://community.cisco.com/t5/network-security/using-asa-as-dhcp-server-for-multiple-vlans/m-p/1651373#M589644 <HTML><HEAD></HEAD><BODY><P> I got in same situation with Dave and tried to apply your nameif on other interface but found out that I could not do it with the ASA based 10 license, got the error message</P><P>ERROR: This license does not allow configuring more than 2 interfaces with</P><P>nameif and without a "no forward" command on this interface or on 1 interface(s)</P><P>with nameif already configured.</P><P></P><P>I&nbsp; just want to share that</P></BODY></HTML> Fri, 13 Jan 2012 21:44:03 GMT https://community.cisco.com/t5/network-security/using-asa-as-dhcp-server-for-multiple-vlans/m-p/1651373#M589644 vinlata2007 2012-01-13T21:44:03Z https://community.cisco.com/t5/network-security/using-asa-as-dhcp-server-for-multiple-vlans/m-p/1651374#M589645 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>The issue you are getting is related to a license restriction on your ASA 5505 where with a base license you only have 2 unrestricted interface, in this case I think you already have vlan 1 as inside and vlan2 as outside, and you want to use a dhcp server on a different vlan. The problem is again you have a restricted license. so the 3 vlan can be configured but just passing traffic to one interface.</P><P></P><P>You will need the following to make it work:</P><P></P><P>interface ethernet 0/2</P><P>no forward interface vlan 1</P><P>nameif dmz</P><P>ip address x.x.x.x</P><P>security level #</P><P></P><P>Then you can give it a try .</P><P></P><P>Regards,</P><P></P><P>Julio</P></BODY></HTML> Fri, 13 Jan 2012 22:51:17 GMT https://community.cisco.com/t5/network-security/using-asa-as-dhcp-server-for-multiple-vlans/m-p/1651374#M589645 Julio Carvajal 2012-01-13T22:51:17Z