Cisco FTD 7.0 manage by FDM - DHCP Relay

beejrteek · ‎09-18-2021

Hello Guys,

Today, I upgraded my two FTD (1140) from 6.6.4 to 7.0 and after upgrade I met problem related to DHCP Relay and SNMP which I had before configured via FlexConfig (very simple config) but.... on version 7.0 Cisco removed this possibility and transfer this config to API...... I don't know why, I don't understand this decision but... yes - it is true. Now this two features are configured via API Exploler and it's not as easy as before so I decided to share my knowledge of how to do it, so that you do not have to get tired. Below config:

{
"version": "string",
"name": "dhcprelay",
"ipv4RelayTimeout": 60,
"ipv6RelayTimeout": 60,
"servers": [
{
"server": {
"id": "string",
"type": "networkobject",
"version": "string",
"name": "dhcpHost"
},
"interface": {
"id": "string",
"type": "string",
"version": "string",
"name": "servers"
},
"type": "dhcprelayserver"
}
],
"agents": [
{
"enableIpv4Relay": true,
"enableIpv6Relay": true,
"setRoute": false,
"interface": {
"id": "string,
"type": "string",
"version": "string",
"name": "aaaa"
},
"type": "dhcprelayagent"
},
{
"enableIpv4Relay": true,
"enableIpv6Relay": true,
"setRoute": false,
"interface": {
"id": "string",
"type": "string",
"version": "string",
"name": "bbbb"
},
"type": "dhcprelayagent"
},
{
"enableIpv4Relay": true,
"enableIpv6Relay": true,
"setRoute": false,
"interface": {
"id": "string",
"type": "string",
"version": "string",
"name": "cccc"
},
"type": "dhcprelayagent"
},
{
"enableIpv4Relay": true,
"enableIpv6Relay": true,
"setRoute": false,
"interface": {
"id": "string",
"type": "string",
"version": "string",
"name": "dddd"
},
"type": "dhcprelayagent"
},
{
"enableIpv4Relay": true,
"enableIpv6Relay": true,
"setRoute": false,
"interface": {
"id": "string",
"type": "string",
"version": "string",
"name": "eeee"
},
"type": "dhcprelayagent"
},
{
"enableIpv4Relay": true,
"enableIpv6Relay": true,
"setRoute": false,
"interface": {
"id": "string",
"type": "string",
"version": "string",
"name": "ffff"
},
"type": "dhcprelayagent"
}
],
"id": "string",
"type": "dhcprelayservice",
"links": {
"self": "string"
}
}

You need to fill "string" your correct value which you can take from API (you need to do GET method for all interfaces on which you want to enable dhcp relay, also you need to create object with dhcp server IP, GET for DHCPRelay Service to take id and self link. The above configuration corresponds to the one below:

dhcprelay server X.X.X.X servers
dhcprelay enable aaaa
dhcprelay enable bbbb
dhcprelay enable cccc
dhcprelay enable dddd
dhcprelay enable eeee

dhcprelay enable ffff

In my opinion Flex was nice, this solution is very hmm... this is some kind of misunderstanding

Also, it is very similar problem with SNMP - you need to configure SNMP via API....

I hope that Cisco will change it, but now - this is only way to enable this feature.

Marvin Rhoads · ‎09-19-2021

Thanks for sharing.

I too have encountered frustration in this seemingly backwards feature removal. I've provided feedback to several Cisco engineers and manager and hope that others will do the same.

dart1609 · ‎01-14-2022

Hi,

I know this post is a little bit old, but today I struggled with the same problem. Good news first, in 7.1 Relay should be implemented in the GUI.

I've reduced the body to the for me important fields. I've come to this body

{
"version": "$VERSION",
"ipv4RelayTimeout": 60,
"ipv6RelayTimeout": 60,
"servers": [
{
"server": {
"type": "networkobject",
"name": "$SRV_RELAY"
},
"interface": {
"type": "$SRV_INT_TYPE",
"name": "$SRV_INT"
},
"type": "dhcprelayserver"
}
],
"agents": [
{
"enableIpv4Relay": true,
"setRoute": true,
"interface": {
"type": "$CLNT_INT_TYPE",
"name": "$CLNT_INT"
},
"type": "dhcprelayagent"
}
],
"type": "dhcprelayservice"
}

The Strings a represented by variables with "$" for this you have to enter your values.

First of all you have to use the api explorrer of the fdm and get the objectID and the verion of the running DHCP Relay. You can get this by using the get request /devicesettings/default/dhcprelayservices

There you got the $VERSION and $ID variables.

Now note the interface name and type of your interface directing to your server and the one directing to your client. Note that the interface type can be different. physicalinterface, subinterface, vlaninterface, etc.

Now you have the variables

$SRV_INT

$SRV_INT _TYPE

$CLNT_INT

$CLNT_INT_TYPE

Now you have to create an Network Object which is the DHCP Server IP address. If you already have one skip the creation. The name of the object ist the variable $SRV_RELAY

Now you can use the api explorrer with the put /devicesettings/default/dhcprelayservices/{objId}. Paste the $ID into the sepperated line and the rest in the body field.

Here is an example body

{
"version": "bbwwjrqxqscke",
"ipv4RelayTimeout": 60,
"ipv6RelayTimeout": 60,
"servers": [
{
"server": {
"type": "networkobject",
"name": "IP.HBW-PS-DC05.v4"
},
"interface": {
"type": "physicalinterface",
"name": "inside"
},
"type": "dhcprelayserver"
}
],
"agents": [
{
"enableIpv4Relay": true,
"setRoute": true,
"interface": {
"type": "subinterface",
"name": "wlan-clients"
},
"type": "dhcprelayagent"
}
],
"type": "dhcprelayservice"
}

jocke9292 · ‎08-18-2022

I don't get my relay to work. Do I need to add any firewall rules if I don't allow trafic between the network or does the firewall create exceptions for itself?

If I don't want the relay, how do I remove it?