Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2221
Views
15
Helpful
5
Replies

Cant configure FTD2100 DHCP Server to /23

Go to solution
jbates5873
Level 1
Level 1

‎02-15-2023 07:04 PM

Hi all,

I am trying to do a deployment that needs to use a /23 subnet. And unless im missing something super simple, it seems that the DHCP server cant do any more than a /24.

I have the interface set like below

jbates5873_0-1676515934743.png

 

results in this error

jbates5873_1-1676516430998.png

 

Looking at the CIDR breakout, my range should fall within the correct ranges.

jbates5873_2-1676516550023.png

 

 

Am i missing something here? or is there some hidden setting? If i drop the DHCP range to be < 255 ips, its all good. but fails as soon as i go over. even though the interface is set to /23

Thanks

Jasin

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni

‎02-16-2023 12:45 AM - edited ‎02-16-2023 01:04 AM

This is a FTD software limitation (even same apply with ASA code too). you can not exceed more than 256 host ip address. it has to be lower than 255 ip addresses.

unless otherwise you use a External DHCP server.

please do not forget to rate.

View solution in original post

Go to solution
Marius Gunnerud
VIP
VIP

‎02-16-2023 02:56 AM

Just to add to what @Sheraz.Salim has said,  Here is a link to documentation stating this limitation.

https://www.cisco.com/c/en/us/td/docs/security/firepower/720/fdm/fptd-fdm-config-guide-720/fptd-fdm-system.html#task_5E428B7B30F9436ABF3BD93608A5D1C5

Quote:

  • "Address Pool—The range of IP addresses from lowest to highest that the server is allowed to provide to clients that request an address. Specify the start and end address for the pool, separated by a hyphen. For example, 10.100.10.12-10.100.10.250.

    The range of IP addresses must be on the same subnet as the selected interface and cannot include: the IP address of the interface itself, the broadcast address, or the subnet network address.

    The size of the address pool is limited to 256 addresses per pool on the threat defense device. If the address pool range is larger than 253 addresses, the netmask of the threat defense interface cannot be a Class C address (for example, 255.255.255.0) and needs to be something larger, for example, 255.255.254.0."

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni

‎02-16-2023 12:45 AM - edited ‎02-16-2023 01:04 AM

This is a FTD software limitation (even same apply with ASA code too). you can not exceed more than 256 host ip address. it has to be lower than 255 ip addresses.

unless otherwise you use a External DHCP server.

please do not forget to rate.

Go to solution
Marius Gunnerud
VIP
VIP

‎02-16-2023 02:56 AM

Just to add to what @Sheraz.Salim has said,  Here is a link to documentation stating this limitation.

https://www.cisco.com/c/en/us/td/docs/security/firepower/720/fdm/fptd-fdm-config-guide-720/fptd-fdm-system.html#task_5E428B7B30F9436ABF3BD93608A5D1C5

Quote:

  • "Address Pool—The range of IP addresses from lowest to highest that the server is allowed to provide to clients that request an address. Specify the start and end address for the pool, separated by a hyphen. For example, 10.100.10.12-10.100.10.250.

    The range of IP addresses must be on the same subnet as the selected interface and cannot include: the IP address of the interface itself, the broadcast address, or the subnet network address.

    The size of the address pool is limited to 256 addresses per pool on the threat defense device. If the address pool range is larger than 253 addresses, the netmask of the threat defense interface cannot be a Class C address (for example, 255.255.255.0) and needs to be something larger, for example, 255.255.254.0."

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
jbates5873
Level 1
Level 1
In response to Marius Gunnerud

‎02-16-2023 02:59 AM

Thanks, but thats what I don't get, as I'm using a class a network (I think) 10.x.x.x/23

But it seems that it can't be done. Sigh. I will have to find another solution.
0 Helpful

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni
In response to jbates5873

‎02-16-2023 03:32 AM - edited ‎02-16-2023 03:36 AM

(preference 1)dont you have any external Server. or (preference 2) you can use the switch or router if you like for the DHCP server.

 

 

but thats what I don't get, as I'm using a class a network (I think) 10.x.x.x/23

as @Marius Gunnerud  noted from the documentation The size of the address pool is limited to 256 addresses per pool on the threat defense device. If the address pool range is larger than 253 addresses, the netmask of the threat defense interface cannot be a Class C address (for example, 255.255.255.0) and needs to be something larger, for example, 255.255.254.0."

 

in other words it a limitation on the appliances (software). 

please do not forget to rate.
0 Helpful

Go to solution
jbates5873
Level 1
Level 1
In response to Sheraz.Salim

‎02-16-2023 02:34 PM

Yes, i will have to go with preference 2 in this case.

Thanks all.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card