Core issue
A Dynamic Host Control Protocol (DHCP) relay agent allows the Firewall Services Module (FWSM) to forward DHCP requests from clients to a router that is connected to a different interface.
These restrictions apply to the use of the DHCP relay agent:
The relay agent cannot be enabled if the DHCP server feature is also enabled.
The DHCP relay services are not available in transparent firewall mode. But, it is possible to allow DHCP traffic through with an access list. In order to to do this, configure two access lists, one that allows DCHP requests from the inside interface to the outside, and one that allows the replies from the server in the other direction.
Clients must be directly connected to the FWSM and cannot send requests through another relay agent or a router.
For multiple context mode, DHCP relay cannot be enabled on an interface that is used by more than one context.
Resolution
Assume that the FWSM has three interfaces:
- Outside
- Network 1
- Network 2
In order to enable DHCP relay on a per-interface basis, complete these steps:
- In order to set the IP address of a DHCP server on a different interface than the DHCP client, enter these commands:
hostname(config)#dhcprelay server ip_address Outside
hostname(config)#dhcprelay server ip_address Network1
hostname(config)#dhcprelay server ip_address Network2
Note: Use this command up to four times in order to identify up to four servers.
In order to enable DHCP relay on the interface connected to the clients, enter these commands:
hostname(config)#dhcprelay enable Outside
hostname(config)#dhcprelay enable Network1
hostname(config)#dhcprelay enable Network2
Refer to the Configuring DHCP Relay Services section of Configuring IP Routing and DHCP Services for more information.
