I'm glad not to be the only person complaining about this. DHCP flexibility on a NGFW FTD device is all but completely useless compared to the older ASA. I don't mean to be so unkind toward Cisco, but the FTD requires a significant amount of priming and digging. I've lost weeks of time trying to work around these limitations, and finding myself in sheer regret, and costing Cisco at least a dozen unresolved TAC cases.
For DHCP limitations:
What Cisco has done is wreck the small/branch office offerings with a baffling exclusion of these options, not to mention many other very important functions that are badly needed to be carried over from ASA.
That said, you can hack it, but you have to apply specific options via the Lina_cli tool, and they're not perpetual. You must manually re-apply them each time you push changes to the device:
In expert mode:
LinaConfigTool "dhcpd dns [dns_server_2] [dns_server_2] interface [interface]"
Example: LinaConfigTool "dhcpd dns 10.1.1.10 10.1.1.11 interface inside"
Again, while this solves the problem of providing different DNS servers per pool, you must re-apply them each time you deploy any changes to the device through FDM and probably FMC.
The reason is, the deployment code overwrites everything that doesn't match the committed changes, unfortunately. You can't be selective like you can with other tools.
"You can't fix what you can't see"
Thanks for the information,
But how about running multiple commands at a time , like enabling an specific interface
How we can run this using LinaConfigTool .
I believe you can do it this way:
LinaConfigTool "interface Ethernet1/7" "ip address 10.2.6.1 255.255.255.0" "no shut"
where the subsequent commands are simply separated by a space. That said, not every instance of this works. For example, "nameif", and "security-level", which seem to have been deprecated, and it could be that this example will also fail. There's no way to predict it, and obviously there's no readily handy documentation or "useful" Command Reference.
I learned this example from an FDM failure, where it could not "un-do" something it deployed successfully.
I wanted to comment an update. 7.0.0 code for the FTD, and we still have a blacklisted/blocked dhcpd dns command. Why? This makes for quite a challenge for smaller sites where the FTD needs to supply DHCP, but we don't wish to use the same DNS per VLAN/interface.
dhcpd dns 220.127.116.11 18.104.22.168 interface byod
dhcpd dns 192.168.1.15 192.168.1.16 interface inside
I know, this is old post, but perhaps somebody found a solution for this issue? I mean LinaConfigTool "dhcpd dns 22.214.171.124 126.96.36.199 interface [interface]" works well and would do for me, but it doesn't stay after restart and I didn't found the way to save it to srtup-config.