Re: DHCP relay and ZFW

katerina.dardoufa · ‎04-06-2022

Hi all,

I have a 4321 router that functions as a ZFW. I have configured zones

Gi0/0/1 --> inside

Gi0/0/0.1 --> TEST. The TEST zone has dhcp relay commands configured, but I cannot get any end device behind the TEST zone get an IP address via our DHCP server, which is located somewhere behind the inside zone.

I have found this link:

https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/116117-configure-dhcp-zbf-00.html

but even after trying both suggestions nothing changed.

Any ideas?

Thank you in advance.

katerina.dardoufa · ‎04-06-2022

Hello all,

I am not sure as to what exactly went wrong on my first attempts, but it seems that after issuing the following commands, my end dvices were able to obtain an IP.

The truth is that I did some housekeeping on the ACLs and ZFW policies of the router, so maybe this helped.

None the less, if anyone has any insights they'd like to share, please go ahead.

class-map type inspect match-all dhcp
match protocol udp

policy-map type inspect test-to-self
class type inspect dhcp
pass
class class-default
drop log
policy-map type inspect self-to-test
class type inspect dhcp
pass
class class-default
drop log

zone-pair security test-to-self source TEST_ZONE destination self
service-policy type inspect test-to-self
zone-pair security self-to-test source self destination TEST_ZONE
service-policy type inspect self-to-test