Re: ASA DHCP Relay Feature

jonix.niebla · ‎09-29-2008

Hi,

I'm trying to remove the DHCP services from the ASA, thus I also need to enable the DHCP relay server feature. Do I have to disable the DHCPD config also for the management interface?

Thanks.

Marwan ALshawi · ‎09-29-2008

the following example will help u under stand the requiremnt

DHCP Relay Example

A DHCP relay is configured to accept DHCP requests from clients on the inside interface and

relay them to the DHCP server at 192.168.1.1 on the DMZ interface. The firewall waits 120

seconds for a reply from the DHCP server. The firewall's inside interface address is given to the

clients as a default gateway. You can use the following commands to accomplish this:

Firewall(config)# dhcprelay server 192.168.1.1 dmz

Firewall(config)# dhcprelay timeout 120

Firewall(config)# dhcprelay setroute inside

Firewall(config)# dhcprelay enable inside

if helpful Rate

jonix.niebla · ‎09-29-2008

Thank you. One more thing though, is it possible to have dhcprelay and dhcpd configuration active on your ASA?

Thanks again.

Marwan ALshawi · ‎09-29-2008

u can but they shoud operate in diffrent interfaces

if helpful rate

good luck

jonix.niebla · ‎09-29-2008

thank you very much

suschoud · ‎09-29-2008

Hi,

Unfortunately this is not possible.I am not sure why you were told yes by marva :

########

ASA5510-Single(config)# sh ip

System IP Addresses:

Interface Name IP address Subnet mask Method

Ethernet0/1 inside 192.168.16.9 255.255.255.128 CONFIG

Management0/0.2 newsubnet 10.10.0.7 255.255.255.224 CONFIG

Current IP Addresses:

Interface Name IP address Subnet mask Method

Ethernet0/1 inside 192.168.16.9 255.255.255.128 CONFIG

Management0/0.2 newsubnet 10.10.0.7 255.255.255.224 CONFIG

ASA5510-Single(config)# dhcprelay server 192.168.1.1 newsubnet

ASA5510-Single(config)# dhcprelay timeout 120

ASA5510-Single(config)# dhcprelay setroute inside

ASA5510-Single(config)# dhcprelay enable inside

ASA5510-Single(config)# dhc

ASA5510-Single(config)# dhcpd ena

ASA5510-Single(config)# dhcpd enable inside

DHCP: Interface 'inside' is currently configured as RELAY SERVER and cannot be c hanged to a SERVER by a SERVER feature

ASA5510-Single(config)# dhcpd enable newsubnet

DHCP: Interface 'newsubnet' is currently configured as RELAY and cannot be chang ed to a SERVER by a SERVER feature

###############

Regards,

Sushil

Marwan ALshawi · ‎09-29-2008

i said they should operate in diffrent interfaces

if hte relay is on the inside u may use the firewall as dhcp server for the dmz network

ofcourse u cant use the same interface as both

relay trnslate the broadcast to unicast for the dhcp server and dhcp server anser for client request

suschoud · ‎09-29-2008

in the above example,I tried setting dhcpd on both the interfaces,dmz ( newsubnet in my example ) and inside.None of that works.I know there is a documentation error or cco.But it never worked for me.....tested this a lot during my ccie prep. :)

Regards,

Sushil

Marwan ALshawi · ‎09-29-2008

Suhil

thefollowing config example i have just done it

interface inside firewall as dhcp server

dmz is dhcprelay to a server on dmz1

dhcpd address 192.168.1.1-192.168.1.10 inside

!

dhcprelay server 10.1.1.1 dmz1

dhcprelay enable dmz

dhcprelay timeout 60

!

but U were right !!

pixfirewall(config)# dhcpd enable inside

Can't start DHCP daemon - DHCP Relay Agent is running.

logicaly sounds ok but practicly not

thanks for pointing me out

suschoud · ‎09-29-2008

Sir,

Please enable the dhcp server on inside.By just defining a scope does not enable dhcp server on inside.

Try adding :

dhcpd enable inside

You would know what I am saying...

Regards,

Sushil

Marwan ALshawi · ‎09-29-2008

it sounds we overlaping in the posts i changed the post read the one above again

and i rated u as well :)

thansk

suschoud · ‎09-29-2008

Great,

Glad to share.Have a nice one.

Regards,

Sushil