Solved: Re: ftd dhcp relay with fdm

mmacdonald70 · ‎04-12-2017

I am running an ASA5506x in FTD mode. Managing it with FDM. I can't seem to find an option to create a DHCP relay. I have found documentation on how to do it with FMC so I assume that it is possible with FTD. Any idea if there is a way?

syeda3 · ‎04-13-2017

You can create DHCP relay services in Firepower Threat Defense (FTD) through FMC.

http://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200475-Configure-DHCP-Server-Relay-on-FTD-Using.html

View solution in original post

syeda3 · ‎04-13-2017

You can create DHCP relay services in Firepower Threat Defense (FTD) through FMC.

http://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200475-Configure-DHCP-Server-Relay-on-FTD-Using.html

mmacdonald70 · ‎04-13-2017

Thanks. I assume by that answer that we can't add them through FDM or CLI? I don't have FMC at the moment and I wasn't planning on getting it.

mlacroix@ccm-ct.org · ‎07-03-2018

Hello, did you ever find a way to add dhcp relay/helper to FTD? I need the same thing. Thanks

bmurphree@myemma.com · ‎11-19-2020

I always assume the requester isn't using FMC, because there are a number of complex challenges with FMC use. I've abandoned FMC in favor of CDO, myself because of the connectivity requirements with FMC.

RFC 1925

BillXia · ‎10-14-2021

I am sure the requirement is to configure it through FDM not FMC. in order to configure dhcp relay, i need to buy a physical server, install FMC, buy FMC license (if any), purchase hardware protection for physical server, pay someone who knows how to manage VMs and reconfigure the whole firewall, because you cannot seamless convert fdm to fmc, just in order to get DHCP reply function? Maybe another good choice is to purchase a firewall from another vendor.

Marvin Rhoads · ‎10-14-2021

There's no need to run FMC for this feature.

The dhcprelay feature for FDM-managed FTD devices was available via Flexconfig through version 6.7.

7.0 deprecated that in favor of API-based configuration.

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/relnotes/firepower-release-notes-700/features.html#Cisco_Generic_Topic.dita_d931d244-1fa3-4144-b861-bc9a810332ce

It will be incorporated into the FDM GUI natively in version 7.1, due out next month.

Filip Po · ‎08-07-2019

I used FlexConfig with Flex Object:

dhcprelay server <dhcp_server_IP> <server_interface_name>
dhcprelay setroute <relay_interface_name>
dhcprelay enable <relay_interface_name>

FDM will not let you have any dhcp server (DHCPD) running on vFTD image.

Erase all DHCP server (DHCPD) configuration befor apply dhcprelay to FlexConfig.

Filip

schason@cisco.com · ‎12-12-2019

bmurphree@myemma.com · ‎02-18-2020

Question for clarity's sake: When you say "Erase all DHCP server (DHCPD) configuration before apply dhcprelay to FlexConfig", is this for all DHCP pools, or just the one you plan to replace by DHCP-Relay?

RFC 1925

zascherl86 · ‎09-27-2020

To help clarify here is the process that you need to follow:

*note <server_interface_name> and <relay_interface_name> reference the Logical Name - ex. inside

*note you need to put the relay interface information for all interfaces you would like relayed

*note you can only use either relay or internal DHCP server. You cannot use them at the same time.

1. Create the FlexConfig Objects listed above

dhcprelay server <dhcp_server_IP> <server_interface_name>
dhcprelay setroute <relay_interface_name>
dhcprelay enable <relay_interface_name>

2. add the new DHCP-Realy FlexConfig Object to the FlexConfig Policy

- the FlexConfig Policy makes the object active

3. disable all dhcp server scopes

4. deploy

5. test

mikiNet · ‎11-19-2020

dhcprelay setroute <relay_interface_name> - this is unnecessary

Mark Richmond · ‎10-18-2021

Hi, I know it's slightly old, but as it's one of the first hits that's flagged in Google, thought I'd mention that flexconfig is not available in v7, going API crazy and it's a bit more of a mission to implement dhcprelay and a few other commands, snmp, in the FDM for what used to be a very simple few lines

Reverted the test kit to 6.6 instead and completed in seconds.