Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
3845
Views
11
Helpful
4
Replies

Cisco FTD 7.0 manage by FDM - DHCP Relay

mikiNet
Level 1
Level 1

ā€Ž09-18-2021 02:22 PM

Hello Guys,

Today, I upgraded my two FTD (1140) from 6.6.4 to 7.0 and after upgrade I met problem related to DHCP Relay and SNMP which I had before configured via FlexConfig (very simple config) but.... on version 7.0 Cisco removed this possibility and transfer this config to API...... I don't know why, I don't understand this decision but... yes - it is true. Now this two features are configured via API Exploler and it's not as easy as before so I decided to share my knowledge of how to do it, so that you do not have to get tired. Below config:

 

{
"version": "string",
"name": "dhcprelay",
"ipv4RelayTimeout": 60,
"ipv6RelayTimeout": 60,
"servers": [
{
"server": {
"id": "string",
"type": "networkobject",
"version": "string",
"name": "dhcpHost"
},
"interface": {
"id": "string",
"type": "string",
"version": "string",
"name": "servers"
},
"type": "dhcprelayserver"
}
],
"agents": [
{
"enableIpv4Relay": true,
"enableIpv6Relay": true,
"setRoute": false,
"interface": {
"id": "string,
"type": "string",
"version": "string",
"name": "aaaa"
},
"type": "dhcprelayagent"
},
{
"enableIpv4Relay": true,
"enableIpv6Relay": true,
"setRoute": false,
"interface": {
"id": "string",
"type": "string",
"version": "string",
"name": "bbbb"
},
"type": "dhcprelayagent"
},
{
"enableIpv4Relay": true,
"enableIpv6Relay": true,
"setRoute": false,
"interface": {
"id": "string",
"type": "string",
"version": "string",
"name": "cccc"
},
"type": "dhcprelayagent"
},
{
"enableIpv4Relay": true,
"enableIpv6Relay": true,
"setRoute": false,
"interface": {
"id": "string",
"type": "string",
"version": "string",
"name": "dddd"
},
"type": "dhcprelayagent"
},
{
"enableIpv4Relay": true,
"enableIpv6Relay": true,
"setRoute": false,
"interface": {
"id": "string",
"type": "string",
"version": "string",
"name": "eeee"
},
"type": "dhcprelayagent"
},
{
"enableIpv4Relay": true,
"enableIpv6Relay": true,
"setRoute": false,
"interface": {
"id": "string",
"type": "string",
"version": "string",
"name": "ffff"
},
"type": "dhcprelayagent"
}
],
"id": "string",
"type": "dhcprelayservice",
"links": {
"self": "string"
}
}

 

You need to fill "string" your correct value which you can take from API (you need to do GET method for all interfaces on which you want to enable dhcp relay, also you need to create object with dhcp server IP, GET for DHCPRelay Service to take id and self link. The above configuration corresponds to the one below:

 

dhcprelay server X.X.X.X servers
dhcprelay enable aaaa
dhcprelay enable bbbb
dhcprelay enable cccc
dhcprelay enable dddd
dhcprelay enable eeee

dhcprelay enable ffff

 

In my opinion Flex was nice, this solution is very hmm... this is some kind of misunderstanding

Also, it is very similar problem with SNMP - you need to configure SNMP via API....

 

I hope that Cisco will change it, but now - this is only way to enable this feature.

 
 
 
 
 
4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

ā€Ž09-19-2021 04:39 AM

Thanks for sharing.

I too have encountered frustration in this seemingly backwards feature removal. I've provided feedback to several Cisco engineers and manager and hope that others will do the same.

0 Helpful

dart1609
Level 1
Level 1

ā€Ž01-14-2022 05:54 AM

Hi,


I know this post is a little bit old, but today I struggled with the same problem. Good news first, in 7.1 Relay should be implemented in the GUI.


I've reduced the body to the for me important fields. I've come to this body


{
"version": "$VERSION",
"ipv4RelayTimeout": 60,
"ipv6RelayTimeout": 60,
"servers": [
{
"server": {
"type": "networkobject",
"name": "$SRV_RELAY"
},
"interface": {
"type": "$SRV_INT_TYPE",
"name": "$SRV_INT"
},
"type": "dhcprelayserver"
}
],
"agents": [
{
"enableIpv4Relay": true,
"setRoute": true,
"interface": {
"type": "$CLNT_INT_TYPE",
"name": "$CLNT_INT"
},
"type": "dhcprelayagent"
}
],
"type": "dhcprelayservice"
}


The Strings a represented by variables with "$" for this you have to enter your values.


First of all you have to use the api explorrer of the fdm and get the objectID and the verion of the running DHCP Relay. You can get this by using the get request /devicesettings/default/dhcprelayservices

There you got the $VERSION and $ID variables.


Now note the interface name and type of your interface directing to your server and the one directing to your client. Note that the interface type can be different. physicalinterface, subinterface, vlaninterface, etc.

Now you have the variables

$SRV_INT

$SRV_INT _TYPE

$CLNT_INT

$CLNT_INT_TYPE


Now you have to create an Network Object which is the DHCP Server IP address. If you already have one skip the creation. The name of the object ist the variable $SRV_RELAY


Now you can use the api explorrer with the put /devicesettings/default/dhcprelayservices/{objId}. Paste the $ID into the sepperated line and the rest in the body field.

Here is an example body

{
"version": "bbwwjrqxqscke",
"ipv4RelayTimeout": 60,
"ipv6RelayTimeout": 60,
"servers": [
{
"server": {
"type": "networkobject",
"name": "IP.HBW-PS-DC05.v4"
},
"interface": {
"type": "physicalinterface",
"name": "inside"
},
"type": "dhcprelayserver"
}
],
"agents": [
{
"enableIpv4Relay": true,
"setRoute": true,
"interface": {
"type": "subinterface",
"name": "wlan-clients"
},
"type": "dhcprelayagent"
}
],
"type": "dhcprelayservice"
}

amralrazzaz
Level 5
Level 5
In response to dart1609

ā€Ž12-02-2024 02:25 AM

i have ASA FTD 5516-X & I have inside interfaces for each subnet vlan
G1/2 it-management
G1/3 it-lan
G1/4 it-printers
g1/5 it-officewifi
G1/6 it-guestwifi
and G1/1 outside

and i have 5 networkobjects for each vlan as below :

NET-it-management                VALUE: 10.1.2.0/24
NET- it-lan                              VALUE: 10.1.3.0/24
NET- it-printers                       VALUE: 10.1.4.0/24
NET- it-officewifi                     VALUE: 10.1.5.0/24
NET- it-guestwifi                     VALUE: 10.1.6.0/24

and i have 2 snmp server located somewhere and i need to configure both the primary and secondary as ip helper address or dhcp relay using the new feature Firepower Threat Defense REST API instead of flexconnect which i was using it before i upgrade IOS of ASA ftd !!

Primary DHCP server:  172.20.1.x

Secondary DHCP sever: 172.20.2.x

 

Now i found under API DHCPRelayService & i found 3 line as below

get /devicesettings/default/dhcprelayservices
get /devicesettings/default/dhcprelayservices/{objId}
put /devicesettings/default/dhcprelayservices/{objId}

so which one to use and i need real example accroding to my above inputs because im confused in which lines what i have to put !!

For example ill choose the below and im not sure if its right or wrong ! but if yes please need to add my inputs on below codes

get /devicesettings/default/dhcprelayservices/{objId}

{
"version": "string",
"name": "string",
"ipv4RelayTimeout": 0,
"ipv6RelayTimeout": 0,
"servers": [
{
"server": {
"id": "string",
"type": "string",
"version": "string",
"name": "string"
},
"interface": {
"id": "string",
"type": "string",
"version": "string",
"name": "string"
},
"type": "dhcprelayserver"
}
],
"agents": [
{
"enableIpv4Relay": true,
"enableIpv6Relay": true,
"setRoute": true,
"interface": {
"id": "string",
"type": "string",
"version": "string",
"name": "string"
},
"type": "dhcprelayagent"
}
],
"id": "string",
"type": "dhcprelayservice",
"links": {
"self": "string"
}
}

amr alrazzaz
0 Helpful

jocke9292
Level 1
Level 1

ā€Ž08-18-2022 08:45 AM

I don't get my relay to work. Do I need to add any firewall rules if I don't allow trafic between the network or does the firewall create exceptions for itself?

If I don't want the relay, how do I remove it?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card