DHCP relay across Multiple context in FWSM

sathappan · ‎01-06-2013

Hi,

we have a FWSM in multicontext mode. we need to enable DHCP relay for clients in one context to the DHCP server in another context. the DHCP server or the DHCP clients are not in the shared VLAN. I went through the CCO documents, but couldnt find the right way to do this. Can any one of you guide me on this?

with thanks

sathappan

Jouni Forss · ‎01-06-2013

Hi,

I'm not sure if its just not possible to do that through 2 Security Context.

Have you tried to configure it and checked what happens between the 2 Security Context when a client is trying to get an IP address?

There should be no problem for this to work in a single context but to be honest I have never tried it in the setup you suggest. I'm not totally sure is there some difference in how it works compared to the "ip helper-address".

I've had to configure this only once in a FWSM. Other times the actual DHCP service has been on the FWSM. Or the user behind the context has had a router using "ip helper-address" to unicast the DHCP request to the servers.

Maybe you could try setting up "ip helper-address" on the actual core device?

Also wonder would it be possible to bring the server Vlan also to the Client Security Context so the first context can relay the DHCP request directly to the server Vlan? The documentation does talk about not being able to do this in shared Vlan situations but I understood the description so that the actual relay service cant be enabled on the shared Vlan but didnt mention about setting the server destination interface as a shared Vlan? Or maybe I'm mistaken.

- Jouni