08-21-2002 09:44 AM - edited 02-20-2020 10:12 PM
Hi Everyone,
Just had a question regarding PIX DHCP server capabilities. I didn't realize that the PIX even had it first of all.
Can someone tell me if PIX (525) can serve addresses to a specific VLAN? I have a small "corporate" VLAN set up in our 4006 that will need DHCP as well a about 10 others that won't need DHCP. Maybe the layer 3 portion of the 4006 can do this...?? I will look, but for now... I know that best practice is to just put a DHCP server on the VLAN somewhere but for the interim and for future knowledge it would be helpful to know if either of these devices can perform this fuction.
Thanks,
Josh
08-22-2002 04:25 AM
No, both devices cannot do this.
What you want is acheivable using VMPS (VLAN Management Policy Server). Cisco offers URT (User Registration Tool) product for this.
http://www.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/csurt/index.htm
HTH
R/Yusuf
08-22-2002 02:22 PM
So I guess I should just wait a few weeks for our server to get relocated... Thanks.
Josh
08-22-2002 07:38 PM
Josh,
If I understand well you are trying to use your PIX 525 as a DHCP server. I believe you can do this. You can enable the DHCP deamon on the inside interface of your PIX and It can serve clients with IP. At least that is what the documentation on CCO says. You just have to make sure that the vlan is physically connected to the inside interface. Here is the link that might help you.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/df.htm#xtocid2
gilles
08-23-2002 12:08 PM
Thanks Gillies,
You are correct in your assumtion. I wans't really sure wether or not I needed to PHYSICALLY connect the VLAN since you can configure quite a bit with the individual NW's that the PIX talks to. I thought maybe you could tell the PIX to assign DHCP addresses to all the hosts on a specific NW that the PIX knows about. Well thanks anyway, it was worth a shot. :)
Josh
08-24-2002 07:59 AM
josh,
The Pix would be able to assign ip's to hosts that are on the same vlan as the firewall's inside interface. If all the devices that need to be serviced through DHCP are in the same vlan, you can use the PIX DHCP functionality. All those hosts would share the same ip subnet with the inside intf of the PIX. If you have other vlans that need dhcp too, you cannot use the PIX for those.
gilles
08-26-2002 01:31 PM
Thanks again Gilles,
That maks a lot of sense now. I have 4 additional interfaces on the PIX for the capabiltiy of mutliple DMZ's if needed as well as for a bit of port redundancy (just in case... heh heh). So, if I use any of those for DHCP to VLAN hosts, it sounds like it will work the way you stated. Make sense??
Josh
08-26-2002 02:24 PM
At this point, only the inside interface supports the DHCP server functionality. You cannot enable this service on any other interface.
gilles
08-27-2002 07:20 AM
Cool, thanks. That'll-do-it.....
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: