A Dynamic Host Control Protocol (DHCP) relay agent allows the Firewall Services Module (FWSM) to forward DHCP requests from clients to a router that is connected to a different interface.
These restrictions apply to the use of the DHCP relay agent:
The relay agent cannot be enabled if the DHCP server feature is also enabled.
The DHCP relay services are not available in transparent firewall mode. But, it is possible to allow DHCP traffic through with an access list. In order to to do this, configure two access lists, one that allows DCHP requests from the inside interface to the outside, and one that allows the replies from the server in the other direction.
Clients must be directly connected to the FWSM and cannot send requests through another relay agent or a router.
For multiple context mode, DHCP relay cannot be enabled on an interface that is used by more than one context.
Assume that the FWSM has three interfaces:
In order to enable DHCP relay on a per-interface basis, complete these steps:
In order to set the IP address of a DHCP server on a different interface than the DHCP client, enter these commands: