Solved: Firepower 2120 DHCP Relay Configuration

jrh · ‎02-22-2023

I am deploying a new Firepower 2120 running FTD 7.0.5-72.How can I add DCHP relay to my vlan sub interfaces? I've tried adding through FlexConfig but it's not working. I am using FDM for configuration.

jocke9292 · ‎02-26-2023

I've got dhcp relay up and running om 7.0.x with API configuration. And as you noticed when you upgraded to 7.2.x it available in the gui on that version. You don't need to have l2 interfaces, regular routed interfaces works fine for me

View solution in original post

jrh · ‎03-03-2023

Looks like I got it working. No additional L2 config needed on the interface.

View solution in original post

jrh · ‎03-06-2023

The option showed up after upgrading to FTD v7.2.3-77. I haven't tested the functionality yet.

View solution in original post

M02@rt37 · ‎02-22-2023

Hello @jrh

Go to your FDM web Interface.

Click on "Interfaces" (the left-hand menu), and select the subinterface that you want to configure the DHCP relay on.
In the subinterface configuration page, scroll down to the "DHCP Relay" section.
Enable the DHCP Relay by toggling the switch to the "On" position.
In the "DHCP Relay Server" field, enter the IP address of the DHCP server that you want to use.
If your DHCP server is on a different VLAN or subnet than the subinterface, you can add a helper address in the "Helper Address" field.
Save the configuration changes.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

jrh · ‎02-22-2023

I do not have a DHCP relay option on my sub-interface.

M02@rt37 · ‎02-22-2023

@jrh

The interface has been configured as a routed interface instead of a switched interface. DHCP relay is a function of Layer 2 switching and is not available on Layer 3 routed interfaces.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

jrh · ‎02-22-2023

My physical interface only has Routed or Passive as the options. Is layer 2 not an option on my model of FP?

MHM Cisco World · ‎02-22-2023

are you running DHCP sever in FPR
are you running FPR HA ??

jrh · ‎02-22-2023

I am not running a DHCP server on the FP. I just want to configure the DHCP helpers on the VLAN interfaces.

MHM Cisco World · ‎02-22-2023

Firepower Management Center Configuration Guide, Version 6.3 - DHCP and DDNS Services for Threat Defense [Cisco Secure Firewall Management Center] - Cisco

DHCP Relay

You can configure a maximum of 10 DHCPv4 relay servers, global and interface-specific servers combined, with a maximum of 4 servers per interface.
You can configure a maximum of 10 DHCPv6 relay servers. Interface-specific servers for IPv6 are not supported.
You cannot configure both a DHCP server and DHCP relay on the same device, even if you want to enable them on different interfaces; you can only configure one type of service.
DHCP relay services are not available in transparent firewall mode. You can, however, allow DHCP traffic through using an access rule. To allow DHCP requests and replies through the FTD device, you need to configure two access rules, one that allows DCHP requests from the inside interface to the outside (UDP destination port 67), and one that allows the replies from the server in the other direction (UDP destination port 68).
For IPv4, clients must be directly-connected to the FTD device and cannot send requests through another relay agent or a router. For IPv6, the FTD device supports packets from another relay server.
The DHCP clients must be on different interfaces from the DHCP servers to which the FTD device relays requests.
You cannot enable DHCP Relay on an interface in a traffic zone.
DHCP relay is not supported on Virtual Tunnel Interfaces (VTIs).

jrh · ‎02-22-2023

I think these instructions are specific to FMC and I don't have that. I'm using FDM.

MHM Cisco World · ‎02-22-2023

as I know FPR manage by FDM or FMC both same DHCP relay restriction.

M02@rt37 · ‎02-22-2023

@jrh

The "Switched" option may not be available on your physical interface if it has already been configured as a routed or passive interface.

Do you please try with new interface to see if you have this option?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

jrh · ‎02-24-2023

I upgraded to 7.2.0-82 and can now see the DHCP Relay config, just don't see a way to set the parent interface to switchport. Is this a Flexconfig or API only option?

jocke9292 · ‎02-26-2023

I've got dhcp relay up and running om 7.0.x with API configuration. And as you noticed when you upgraded to 7.2.x it available in the gui on that version. You don't need to have l2 interfaces, regular routed interfaces works fine for me

jrh · ‎03-03-2023

Looks like I got it working. No additional L2 config needed on the interface.

MHM Cisco World · ‎03-03-2023

It work directly or you modify some setting ??