02-15-2023 07:04 PM
Hi all,
I am trying to do a deployment that needs to use a /23 subnet. And unless im missing something super simple, it seems that the DHCP server cant do any more than a /24.
I have the interface set like below
results in this error
Looking at the CIDR breakout, my range should fall within the correct ranges.
Am i missing something here? or is there some hidden setting? If i drop the DHCP range to be < 255 ips, its all good. but fails as soon as i go over. even though the interface is set to /23
Thanks
Jasin
Solved! Go to Solution.
02-16-2023 12:45 AM - edited 02-16-2023 01:04 AM
This is a FTD software limitation (even same apply with ASA code too). you can not exceed more than 256 host ip address. it has to be lower than 255 ip addresses.
unless otherwise you use a External DHCP server.
02-16-2023 02:56 AM
Just to add to what @Sheraz.Salim has said, Here is a link to documentation stating this limitation.
Quote:
"Address Pool—The range of IP addresses from lowest to highest that the server is allowed to provide to clients that request an address. Specify the start and end address for the pool, separated by a hyphen. For example, 10.100.10.12-10.100.10.250.
The range of IP addresses must be on the same subnet as the selected interface and cannot include: the IP address of the interface itself, the broadcast address, or the subnet network address.
The size of the address pool is limited to 256 addresses per pool on the threat defense device. If the address pool range is larger than 253 addresses, the netmask of the threat defense interface cannot be a Class C address (for example, 255.255.255.0) and needs to be something larger, for example, 255.255.254.0."
02-16-2023 12:45 AM - edited 02-16-2023 01:04 AM
This is a FTD software limitation (even same apply with ASA code too). you can not exceed more than 256 host ip address. it has to be lower than 255 ip addresses.
unless otherwise you use a External DHCP server.
02-16-2023 02:56 AM
Just to add to what @Sheraz.Salim has said, Here is a link to documentation stating this limitation.
Quote:
"Address Pool—The range of IP addresses from lowest to highest that the server is allowed to provide to clients that request an address. Specify the start and end address for the pool, separated by a hyphen. For example, 10.100.10.12-10.100.10.250.
The range of IP addresses must be on the same subnet as the selected interface and cannot include: the IP address of the interface itself, the broadcast address, or the subnet network address.
The size of the address pool is limited to 256 addresses per pool on the threat defense device. If the address pool range is larger than 253 addresses, the netmask of the threat defense interface cannot be a Class C address (for example, 255.255.255.0) and needs to be something larger, for example, 255.255.254.0."
02-16-2023 02:59 AM
02-16-2023 03:32 AM - edited 02-16-2023 03:36 AM
(preference 1)dont you have any external Server. or (preference 2) you can use the switch or router if you like for the DHCP server.
but thats what I don't get, as I'm using a class a network (I think) 10.x.x.x/23
as @Marius Gunnerud noted from the documentation The size of the address pool is limited to 256 addresses per pool on the threat defense device. If the address pool range is larger than 253 addresses, the netmask of the threat defense interface cannot be a Class C address (for example, 255.255.255.0) and needs to be something larger, for example, 255.255.254.0."
in other words it a limitation on the appliances (software).
02-16-2023 02:34 PM
Yes, i will have to go with preference 2 in this case.
Thanks all.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide