Re: FPR-1010 sub inerfaces and DHCP relay

Martin · ‎07-18-2024

Hi,

I need to create sub ports on the inside interface for VLANs 10,20,30,40 and 100 and each subport needs to be pointed to my DHCP server is this possible please.

I could get away with creatin just access ports for each VLAN but would still need to point them to me DHCP server.

Is this possible, if so any guides for this?

TIA

MHM Cisco World · ‎07-18-2024

I check FTD there is no restriction of use subinterface as dhcp relay
so you can use it

MHM

Martin · ‎07-18-2024

How do I set it up though please

MHM Cisco World · ‎07-18-2024

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200475-Configure-DHCP-Server-Relay-on-FTD-Using.html

check this link

MHM

Martin · ‎07-18-2024

thats good guide but the software is totaly differnt to mine

ccieexpert · ‎07-18-2024

If its ASA code use this:

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/116265-configure-product-00.html

Martin · ‎07-19-2024

Its not ASA

It is FPM, i have done the sub interfaces all i need is a simple instruction to point them to the DHCP server

MHM Cisco World · ‎07-19-2024

are you use FDM for FPR ?

MHM

Martin · ‎07-19-2024

i log straight into the management port of the device and it has Firepower Manager

Martin · ‎07-19-2024

Sorry it is FDM, this is the screen shot

MHM Cisco World · ‎07-19-2024

BugZero | Cisco BugID CSCvt25678 - ENH: Firepower Device Manager FDM to include DHCP ... (findbugzero.com)

I dont think it support by FDM
but let me see the cisco new update maybe it can support dhcp relay

MHM

Rob Ingram · ‎07-19-2024

@Martin you cannot natively configure DHCP relay using FDM, you can use the Firepower Threat Defense API to configure DHCP relay. Using DHCP relay on an interface, you can direct DHCP requests to a DHCP server that is accessible through the other interface. You can configure DHCP relay on physical interfaces, subinterfaces, EtherChannels, and VLAN interfaces. You cannot configure DHCP relay if you configure a DHCP server on any interface.

To open the API Explorer, where you can view the resources, log into FDM, then click the more options button () and choose API Explorer.

https://community.cisco.com/t5/network-security/cisco-ftd-7-0-manage-by-fdm-dhcp-relay/td-p/4469376

If you are unfamilar with using API it might be easier configuring the local switch with ip helper-address.

Martin · ‎07-19-2024

Thanks, im not sure about using APIs, i can look into it.

I dont have the SVIs on the switch as i was using an ASA5506 previously that i could setup sub interfaces and DHCP relay on each no problem and worked a treat.

If i setup the SVIs on the local switch can i then still use the sub interfaces on the 1010 to control each vlan independantly

MHM Cisco World · ‎07-19-2024

if you have SW then the config will be
1- config SVI in SW for each VLAN
2- config ip dhcp helper under SVI
3- config DHCP server to use FPR subinterface IP as GW for Host not use SVI of SW

that solve your issue since FDM not support dhcp reply
NOTE:- I can you need to allow dhcp traffic in FPR between VLAN by add ACL

MHM

Martin · ‎07-19-2024

Sorry what is SW?