ASA DHCP Relay Feature

Unanswered Question
Sep 29th, 2008
User Badges:

Hi,


I'm trying to remove the DHCP services from the ASA, thus I also need to enable the DHCP relay server feature. Do I have to disable the DHCPD config also for the management interface?

Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Marwan ALshawi Mon, 09/29/2008 - 03:28
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

the following example will help u under stand the requiremnt


DHCP Relay Example

A DHCP relay is configured to accept DHCP requests from clients on the inside interface and

relay them to the DHCP server at 192.168.1.1 on the DMZ interface. The firewall waits 120

seconds for a reply from the DHCP server. The firewall's inside interface address is given to the

clients as a default gateway. You can use the following commands to accomplish this:

Firewall(config)# dhcprelay server 192.168.1.1 dmz

Firewall(config)# dhcprelay timeout 120

Firewall(config)# dhcprelay setroute inside

Firewall(config)# dhcprelay enable inside


if helpful Rate

jonix.niebla Mon, 09/29/2008 - 03:46
User Badges:

Thank you. One more thing though, is it possible to have dhcprelay and dhcpd configuration active on your ASA?

Thanks again.

Marwan ALshawi Mon, 09/29/2008 - 03:48
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

u can but they shoud operate in diffrent interfaces


if helpful rate


good luck

suschoud Mon, 09/29/2008 - 05:27
User Badges:
  • Gold, 750 points or more

Hi,


Unfortunately this is not possible.I am not sure why you were told yes by marva :



########



ASA5510-Single(config)# sh ip

System IP Addresses:

Interface Name IP address Subnet mask Method

Ethernet0/1 inside 192.168.16.9 255.255.255.128 CONFIG

Management0/0.2 newsubnet 10.10.0.7 255.255.255.224 CONFIG

Current IP Addresses:

Interface Name IP address Subnet mask Method

Ethernet0/1 inside 192.168.16.9 255.255.255.128 CONFIG

Management0/0.2 newsubnet 10.10.0.7 255.255.255.224 CONFIG

ASA5510-Single(config)# dhcprelay server 192.168.1.1 newsubnet

ASA5510-Single(config)# dhcprelay timeout 120

ASA5510-Single(config)# dhcprelay setroute inside

ASA5510-Single(config)# dhcprelay enable inside

ASA5510-Single(config)# dhc

ASA5510-Single(config)# dhcpd ena

ASA5510-Single(config)# dhcpd enable inside

DHCP: Interface 'inside' is currently configured as RELAY SERVER and cannot be c hanged to a SERVER by a SERVER feature

ASA5510-Single(config)# dhcpd enable newsubnet

DHCP: Interface 'newsubnet' is currently configured as RELAY and cannot be chang ed to a SERVER by a SERVER feature




###############




Regards,

Sushil

Marwan ALshawi Mon, 09/29/2008 - 05:32
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

i said they should operate in diffrent interfaces

if hte relay is on the inside u may use the firewall as dhcp server for the dmz network

ofcourse u cant use the same interface as both

relay trnslate the broadcast to unicast for the dhcp server and dhcp server anser for client request



suschoud Mon, 09/29/2008 - 06:02
User Badges:
  • Gold, 750 points or more

in the above example,I tried setting dhcpd on both the interfaces,dmz ( newsubnet in my example ) and inside.None of that works.I know there is a documentation error or cco.But it never worked for me.....tested this a lot during my ccie prep. :)



Regards,

Sushil

Marwan ALshawi Mon, 09/29/2008 - 06:01
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

Suhil


thefollowing config example i have just done it

interface inside firewall as dhcp server

dmz is dhcprelay to a server on dmz1


dhcpd address 192.168.1.1-192.168.1.10 inside

!

dhcprelay server 10.1.1.1 dmz1

dhcprelay enable dmz

dhcprelay timeout 60

!


but U were right !!


pixfirewall(config)# dhcpd enable inside

Can't start DHCP daemon - DHCP Relay Agent is running.


logicaly sounds ok but practicly not


thanks for pointing me out

suschoud Mon, 09/29/2008 - 06:04
User Badges:
  • Gold, 750 points or more

Sir,


Please enable the dhcp server on inside.By just defining a scope does not enable dhcp server on inside.



Try adding :



dhcpd enable inside



You would know what I am saying...



Regards,

Sushil

Marwan ALshawi Mon, 09/29/2008 - 06:07
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

it sounds we overlaping in the posts i changed the post read the one above again

and i rated u as well :)


thansk

suschoud Mon, 09/29/2008 - 06:06
User Badges:
  • Gold, 750 points or more

Great,


Glad to share.Have a nice one.


Regards,

Sushil

Actions

This Discussion