Shulou(Shulou.com)06/01 Report--

Configure DHCP Relay on ASA Firewall

Requirement: R1, as the DHCP server, configures dhcp relay on the ASA firewall to enable the client to obtain the address dynamically.

1. Configure the basic IP address to ensure that the direct connection can be connected.

R1 (config) # int f0bin0

R1 (config-if) # ip add 12.1.1.1 255.255.255.0

R1 (config-if) # no shut

ASA (config) # int G0

ASA (config-if) # nameif outside named the G0 port outside

INFO:Security level for "outside" set to 0 by default.

ASA (config-if) # security-level 100 modifies the security level of port G0 to 100

ASA (config-if) # ip add 12.1.1.2 255.255.255.0

ASA (config-if) # no shut

ASA (config-if) # int G1

ASA (config-if) # nameif inside named the G1 port inside

INFO:Security level for "inside" set to 100by default.

ASA (config-if) # ip add 10.1.1.1 255.255.255.0

ASA (config-if) # no shut

R2 (config) # intf0/0

R2 (config-if) # ip address dhcp R2 gets the address dynamically

2. Configure DHCPserver on R1

R1 (config) # ip dhcp pool meng R1 configures DHCP server and names the address pool meng

R1 (dhcp-config) # network10.1.1.0 / 24 lets R2 obtain an address within this address field

R1 (dhcp-config) # default-router 10.1.1.1 default gateway refers to the address where the firewall is connected to the client

R1 (dhcp-config) # lease 1 lease is 1 day

R1 (config) # ip dhcp excluded-address10.1.1.1 lets R2 learn from an address field other than the gateway address

3. Configure Dhcprelay on ASA firewall

ASA (config) # dhcprelay server12.1.1.1 outside configures the DHCPrelay server,server address to be the address that the firewall is connected to DHCPserver, and the interface is the interface on the firewall that is connected to DHCPserver

ASA (config) # dhcprelay enableinside enables DHCPrelay, the interface to which client is connected

At this point, the configuration is basically complete, but because R1 does not reach the 10.1.1.0 to 24 network segment, R2 cannot get the address, so write a static line on R1.

R1 (config) # ip route 10.1.1.0 255.255.255.0 12.1.1.2

4. Check the address on R2

R2# show ip int brife

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 10.1.1.2 YES DHCP obtained the address 10.1.1.2 up up

5. You can clear the bound IP address and mac address with clear ip dhcp binding *

6. View the information received by dhcpserver

R1#sho ip dhcp server statistics

Memoryusage 15448

Addresspools 1

Databaseagents 0

Automaticbindings 1

Manualbindings 0

Expiredbindings 0

Malformedmessages 0

Securearp entries 0

Renewmessages 0

Workspacetimeouts 0

Static routes 0

Relaybindings 0

Relaybindings active 0

Relaybindings terminated 0

Relaybindings selecting 0

Message Received

BOOTREQUEST 0

Number of discovery messages received by DHCPDISCOVER 6

Number of request messages received by DHCPREQUEST 2

DHCPDECLINE 0

DHCPRELEASE 0

DHCPINFORM 0

DHCPVENDOR 0

BOOTREPLY 0

DHCPOFFER 0

DHCPACK 0

DHCPNAK 0

Message Sent

BOOTREPLY 0

Number of offer messages returned by DHCPOFFER 6

Ack message returned by DHCPACK 2

DHCPNAK 0

Message Forwarded

BOOTREQUEST 0

DHCPDISCOVER 0

DHCPREQUEST 0

DHCPDECLINE 0

DHCPRELEASE 0

DHCPINFORM 0

DHCPVENDOR 0

BOOTREPLY 0

DHCPOFFER 0

DHCPACK 0

DHCPNAK 0

DHCP-DPMStatistics

Offernotifications sent 0

Offercallbacks received 0

Classnamerequests sent 0

Classnamecallbacks received 0

7. Check the binding of IP address and mac address on dhcpserver

R1#sho ip dhcp binding

Bindingsfrom all pools not associated with VRF:

IPaddress Client-ID/ Lease expiration Type State Interface

Hardware address/

User name

10.1.1.1 0063.6973.636f.2d63. Nov 22 2015 10:16 PM Automatic Active Unknown

6130.322e.3031.3530.

2e30.3030.302d.4661.

302f.30

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.