Configuring PIX to allow DHCPRelay Agent

Unanswered Question
Nov 15th, 2007

I'm attempting to pass IP's from my pix501 (which is the dhcp server) to clients on the wireless lan controller. The controller acts a dhcp relay agent and I get this in my pix debug:

DHCPD: DHCPDISCOVER received from client 0100.18de.19ab.b9 through relay 192.168


, packet discarded

What can I do to force the pix to allow this through and reply with an IP for the client?



I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
irisrios Wed, 11/21/2007 - 12:03

On the controller you would normally associate an interface to a WLAN. While creating an interface that corresponds to the WLAN you have an option to specify DHCP server . Configure PIX as a DHCP server and see if this works.

shensimpson Thu, 02/06/2014 - 07:18


I am having the same issue, just wondering if anyone has found a solution.  I am trying to configure an Alcatel Wireless controller to use a PIX firewall.  Wireless clients are not able to obtain an ip address via DHCP.  The PIX reports:

DHCPD: DHCPDISCOVER received from client 0100.1302.5e8f.50 through relay

, packet discarded

Notice that the client Mac address is too long  "01" is being added to the beginning.  I have verifified that the Alcatel controller works when connected to a "Linksys" broadband router.

I would greatly appreciate any help you can offer.


Jouni Forss Thu, 02/06/2014 - 14:28


To my understanding no Cisco firewall model will support acting as a DHCP server for hosts which DHCP messages are relayed by another device in between the client and the firewall. They would only be able to act as a DHCP server to a directly connected network or relay DHCP messages from a directly connected hosts to a server behind another interface of the same firewall.

- Jouni

shensimpson Fri, 02/07/2014 - 07:12

Yeah that's the conclusion I came to as well.  From the Cisco PIX command reference:

"The PIX Firewall DHCP server daemon does not support clients that are not directly connected to a

firewall interface"

Thanks for your help!


This Discussion