Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX as DHCP Server over VLAN's

Hi Everyone,

Just had a question regarding PIX DHCP server capabilities. I didn't realize that the PIX even had it first of all.

Can someone tell me if PIX (525) can serve addresses to a specific VLAN? I have a small "corporate" VLAN set up in our 4006 that will need DHCP as well a about 10 others that won't need DHCP. Maybe the layer 3 portion of the 4006 can do this...?? I will look, but for now... I know that best practice is to just put a DHCP server on the VLAN somewhere but for the interim and for future knowledge it would be helpful to know if either of these devices can perform this fuction.

Thanks,

Josh

8 REPLIES
Cisco Employee

Re: PIX as DHCP Server over VLAN's

No, both devices cannot do this.

What you want is acheivable using VMPS (VLAN Management Policy Server). Cisco offers URT (User Registration Tool) product for this.

http://www.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/csurt/index.htm

HTH

R/Yusuf

New Member

Re: PIX as DHCP Server over VLAN's

So I guess I should just wait a few weeks for our server to get relocated... Thanks.

Josh

New Member

Re: PIX as DHCP Server over VLAN's

Josh,

If I understand well you are trying to use your PIX 525 as a DHCP server. I believe you can do this. You can enable the DHCP deamon on the inside interface of your PIX and It can serve clients with IP. At least that is what the documentation on CCO says. You just have to make sure that the vlan is physically connected to the inside interface. Here is the link that might help you.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/df.htm#xtocid2

gilles

New Member

Re: PIX as DHCP Server over VLAN's

Thanks Gillies,

You are correct in your assumtion. I wans't really sure wether or not I needed to PHYSICALLY connect the VLAN since you can configure quite a bit with the individual NW's that the PIX talks to. I thought maybe you could tell the PIX to assign DHCP addresses to all the hosts on a specific NW that the PIX knows about. Well thanks anyway, it was worth a shot. :)

Josh

New Member

Re: PIX as DHCP Server over VLAN's

josh,

The Pix would be able to assign ip's to hosts that are on the same vlan as the firewall's inside interface. If all the devices that need to be serviced through DHCP are in the same vlan, you can use the PIX DHCP functionality. All those hosts would share the same ip subnet with the inside intf of the PIX. If you have other vlans that need dhcp too, you cannot use the PIX for those.

gilles

New Member

Re: PIX as DHCP Server over VLAN's

Thanks again Gilles,

That maks a lot of sense now. I have 4 additional interfaces on the PIX for the capabiltiy of mutliple DMZ's if needed as well as for a bit of port redundancy (just in case... heh heh). So, if I use any of those for DHCP to VLAN hosts, it sounds like it will work the way you stated. Make sense??

Josh

New Member

Re: PIX as DHCP Server over VLAN's

At this point, only the inside interface supports the DHCP server functionality. You cannot enable this service on any other interface.

gilles

New Member

Re: PIX as DHCP Server over VLAN's

Cool, thanks. That'll-do-it.....

226
Views
0
Helpful
8
Replies