07-18-2024 12:22 PM
Hi,
I need to create sub ports on the inside interface for VLANs 10,20,30,40 and 100 and each subport needs to be pointed to my DHCP server is this possible please.
I could get away with creatin just access ports for each VLAN but would still need to point them to me DHCP server.
Is this possible, if so any guides for this?
TIA
07-18-2024 12:26 PM
I check FTD there is no restriction of use subinterface as dhcp relay
so you can use it
MHM
07-18-2024 12:53 PM
07-18-2024 02:01 PM
07-18-2024 04:21 PM
thats good guide but the software is totaly differnt to mine
07-18-2024 06:41 PM
07-19-2024 06:20 AM
Its not ASA
It is FPM, i have done the sub interfaces all i need is a simple instruction to point them to the DHCP server
07-19-2024 06:22 AM
are you use FDM for FPR ?
MHM
07-19-2024 06:27 AM
i log straight into the management port of the device and it has Firepower Manager
07-19-2024 06:28 AM
Sorry it is FDM, this is the screen shot
07-19-2024 06:35 AM
I dont think it support by FDM
but let me see the cisco new update maybe it can support dhcp relay
MHM
07-19-2024 06:53 AM
@Martin you cannot natively configure DHCP relay using FDM, you can use the Firepower Threat Defense API to configure DHCP relay. Using DHCP relay on an interface, you can direct DHCP requests to a DHCP server that is accessible through the other interface. You can configure DHCP relay on physical interfaces, subinterfaces, EtherChannels, and VLAN interfaces. You cannot configure DHCP relay if you configure a DHCP server on any interface.
To open the API Explorer, where you can view the resources, log into FDM, then click the more options button () and choose API Explorer.
https://community.cisco.com/t5/network-security/cisco-ftd-7-0-manage-by-fdm-dhcp-relay/td-p/4469376
If you are unfamilar with using API it might be easier configuring the local switch with ip helper-address.
07-19-2024 07:03 AM
Thanks, im not sure about using APIs, i can look into it.
I dont have the SVIs on the switch as i was using an ASA5506 previously that i could setup sub interfaces and DHCP relay on each no problem and worked a treat.
If i setup the SVIs on the local switch can i then still use the sub interfaces on the 1010 to control each vlan independantly
07-19-2024 07:08 AM
if you have SW then the config will be
1- config SVI in SW for each VLAN
2- config ip dhcp helper under SVI
3- config DHCP server to use FPR subinterface IP as GW for Host not use SVI of SW
that solve your issue since FDM not support dhcp reply
NOTE:- I can you need to allow dhcp traffic in FPR between VLAN by add ACL
MHM
07-19-2024 07:10 AM
Sorry what is SW?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide