Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

LAN Interface on PIX 501

When I try to change the LAN interface IP (needs to be 192.168.5.1 (next year it will be changing to a 10.1.1.1) and when I change it it says it can't change because of the dhcp pool subnet. I tried adding a 192.168.5 dhcp pool but it still won't let me change it. And when I try to change the initial DHCP pool it says it can't because of the lan interface subnet.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: LAN Interface on PIX 501

Sorry, I just tried it to make sure and you actually need to remove the dhcpd address range in order to change the IP address assigned to the interface serving as the DHCP server interface. Here is an example taken from my PIX:

515(config)#

515(config)# ip add inside 192.168.1.1 255.255.255.0

515(config)#

515(config)# sh dhcpd

dhcpd address 192.168.1.10-192.168.1.50 inside

dhcpd dns 192.168.1.100

dhcpd wins 192.168.1.100

dhcpd lease 3000

dhcpd ping_timeout 750

dhcpd enable inside

515(config)#

515(config)#

515(config)# ip add inside 10.1.1.1 255.255.255.0

Interface address is not on same subnet as DHCP pool

515(config)#

515(config)#

515(config)#

515(config)# no dhcpd address 192.168.1.10-192.168.1.50 inside

DHCPD disabled on inside interface because address pool is removed

515(config)#

515(config)#

515(config)#

515(config)# ip add inside 10.1.1.1 255.255.255.0

515(config)#

515(config)# dhcpd add 10.1.1.10-10.1.1.50 inside

515(config)#

515(config)#

515(config)# dhcpd enable inside

515(config)#

515(config)#

515(config)#

515(config)# sh dhcpd

dhcpd address 10.1.1.10-10.1.1.50 inside

dhcpd dns 192.168.1.100

dhcpd wins 192.168.1.100

dhcpd lease 3000

dhcpd ping_timeout 750

dhcpd enable inside

515(config)#

Scott

6 REPLIES

Re: LAN Interface on PIX 501

Try removing the DHCP configuration completely from the PIX first. Then change the address and add the DHCP configuration back in and see if that resolves the issue. Good luck.

Scott

New Member

Re: LAN Interface on PIX 501

I couldn't find a way to remove the dhcp configuration completely. If there is a command for it please let me know what it is.

I did get around this, but only temporarily. I changed the subnet of the inside interface to 255.255.0.0 and then changed the interface DHCP to 192.168.5.x-x then I changed the inside interface IP to a 192.168.5.x and changed the subnet back to 255.255.255.0 As far as I can tell this is a really retarded long way of going about it.

I still do need a solution since next year the network is going to 10.1.1.0/29

thanks.

Re: LAN Interface on PIX 501

'no dhcpd enable inside' should do the trick

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/df.htm#wp1025497

We are really trying to keep you from shooting yourself in the foot here by not allowing a DHCP range to be in a different subnet than the subnet applied to the interface where the DHCP server is enabled. Perhaps we are a little too restrictive for people who know what they are doing...as evidenced by the problems you have had. I will forward this request along to see if we can modify this bahavior a little bit to make it more "user friendly". Nice creative work-around by the way.

Scott

New Member

Re: LAN Interface on PIX 501

I am running PIX version 6.3(1) and using no dhcpd enable inside does disable the internal dhcp server, but it will not allow you to change dhcp address, or ip address. I tried that before. For the sake of doing it I tried it again and still came up with the "interface address is not on same subnet at dhcp pool"

the pix I am configuring is a 10 license 501. The plan has been to get another one for the main office, probably a 525, and use 501's for the remote offices. Is this a restriction because of the licensing on this pix? I'm kinda stuck here cause if I cant change the lan ip to a 10.1. network I have a lot of reworking to do in our schema.

Re: LAN Interface on PIX 501

Sorry, I just tried it to make sure and you actually need to remove the dhcpd address range in order to change the IP address assigned to the interface serving as the DHCP server interface. Here is an example taken from my PIX:

515(config)#

515(config)# ip add inside 192.168.1.1 255.255.255.0

515(config)#

515(config)# sh dhcpd

dhcpd address 192.168.1.10-192.168.1.50 inside

dhcpd dns 192.168.1.100

dhcpd wins 192.168.1.100

dhcpd lease 3000

dhcpd ping_timeout 750

dhcpd enable inside

515(config)#

515(config)#

515(config)# ip add inside 10.1.1.1 255.255.255.0

Interface address is not on same subnet as DHCP pool

515(config)#

515(config)#

515(config)#

515(config)# no dhcpd address 192.168.1.10-192.168.1.50 inside

DHCPD disabled on inside interface because address pool is removed

515(config)#

515(config)#

515(config)#

515(config)# ip add inside 10.1.1.1 255.255.255.0

515(config)#

515(config)# dhcpd add 10.1.1.10-10.1.1.50 inside

515(config)#

515(config)#

515(config)# dhcpd enable inside

515(config)#

515(config)#

515(config)#

515(config)# sh dhcpd

dhcpd address 10.1.1.10-10.1.1.50 inside

dhcpd dns 192.168.1.100

dhcpd wins 192.168.1.100

dhcpd lease 3000

dhcpd ping_timeout 750

dhcpd enable inside

515(config)#

Scott

New Member

Re: LAN Interface on PIX 501

Thanks Scott. I was missing that command to remove the address range. I tried removing the range in the PDM before, but that didn't work.

128
Views
0
Helpful
6
Replies
CreatePlease to create content