Shulou(Shulou.com)06/01 Report--

The Cisco ASA support dhcp-relay function. The below lab is demonstrated on GNS3, ASA version is ASAv961

2.Topology:

3.Configuration on ASA:

!

interface GigabitEthernet0/0

nameif dmz

security-level 95

ip address 198.51.100.1 255.255.255.0

!

interface GigabitEthernet0/1

nameif inside

security-level 90

ip address 192.0.2.1 255.255.255.0

dhcprelay server 198.51.100.2

!

dhcprelay server 198.51.100.2 dmz

dhcprelay enable inside

dhcprelay setroute inside

dhcprelay timeout 60

!

Configuration on DHCP Server:

!

interface Ethernet0/0

ip address 198.51.100.2 255.255.255.0

!

ip route 192.0.2.0 255.255.255.0 198.51.100.1

!

ip dhcp excluded-address 192.0.2.1 192.0.2.2

ip dhcp excluded-address 192.0.2.10 192.0.2.254

!

ip dhcp pool POOL1

import all

network 192.0.2.0 255.255.255.0

dns-server 192.0.2.10 192.0.2.11

domain-name cisco.com

default-router 198.51.100.2

!

4.Debugging

on DHCP server: # debug ip dhcp server packet

show ip dhcp binding # clear ip dhcp binding * # show ip dhcp server statics

on ASA relay-agent: # debug dhcprelay event

debug dhcprelay packetOutput

ASA

DHCPD/RA: Relay msg received, fip=ANY, fport=0 on inside interface

DHCP: Received a BOOTREQUEST from interface 4 (size = 364)

DHCPD/RA: Binding successfully added to hash table

DHCPRA: relay binding created for client 0050.7966.6801.

DHCPRA: setting giaddr to 192.0.2.1.

dhcpd_forward_request: request from 0050.7966.6801 forwarded to 198.51.100.2.

DHCPD/RA: Relay msg received, fip=ANY, fport=0 on dmz interface

DHCP: Received a BOOTREPLY from relay interface 3 (size = 301, xid = 0xd48a2408) at 01:41:39 UTC Sun Jul 15 2018

DHCPRA: relay binding found for client 0050.7966.6801.

DHCPD/RA: creating ARP entry (192.0.2.3, 0050.7966.6801).

DHCPRA: Adding rule to allow client to respond using offered address 192.0.2.3

DHCPRA: forwarding reply to client 0050.7966.6801.

DHCPD/RA: Relay msg received, fip=ANY, fport=0 on inside interface

DHCP: Received a BOOTREQUEST from interface 4 (size = 364)

DHCPRA: relay binding found for client 0050.7966.6801.

DHCPRA: Server requested by client 198.51.100.2

DHCPRA: setting giaddr to 192.0.2.1.

DHCPRA: Server request counter 1

dhcpd_forward_request: request from 0050.7966.6801 forwarded to 198.51.100.2.

DHCPD/RA: Relay msg received, fip=ANY, fport=0 on dmz interface

DHCP: Received a BOOTREPLY from relay interface 3 (size = 301, xid = 0xd48a2408) at 01:41:40 UTC Sun Jul 15 2018

DHCPRA: relay binding found for client 0050.7966.6801.

DHCPRA: exchange complete - relay binding deleted for client 0050.7966.6801.

DHCPD/RA: Binding successfully deactivated

DHCPRA: returned relay binding 192.0.2.1/0050.7966.6801 to address pool.

dhcpd_destroy_binding() removing NP rule for client 192.0.2.1

DHCPD/RA: free ddns info and binding

DHCPD/RA: creating ARP entry (192.0.2.3, 0050.7966.6801).

DHCPRA: forwarding reply to client 0050.7966.6801.

DHCP SERVER debugging output:

DHCPserver#

Jul 15 01:41:45.067: DHCPD: client's ××× is .

Jul 15 01:41:45.067: DHCPD: No option 125

Jul 15 01:41:45.067: DHCPD: DHCPDISCOVER received from client 0100.5079.6668.01 through relay 192.0.2.1.

Jul 15 01:41:45.067: DHCPD: Sending DHCPOFFER to client 0100.5079.6668.01 (192.0.2.3).

Jul 15 01:41:45.067: DHCPD: no option 125

Jul 15 01:41:45.067: DHCPD: unicasting BOOTREPLY for client 0050.7966.6801 to relay 192.0.2.1.

Jul 15 01:41:46.061: DHCPD: client's ××× is .

Jul 15 01:41:46.061: DHCPD: No option 125

Jul 15 01:41:46.061: DHCPD: DHCPREQUEST received from client 0100.5079.6668.01.

Jul 15 01:41:46.061: DHCPD: Appending default domain from pool

Jul 15 01:41:46.061: DHCPD: Using hostname 'PC-21.cisco.com. ' for dynamic update (from hostname option)

Jul 15 01:41:46.061: DHCPD: Sending DHCPACK to client 0100.5079.6668.01 (192.0.2.3).DHCPD: Setting only requested parameters

Jul 15 01:41:46.061: DHCPD: no option 125

Jul 15 01:41:46.061: DHCPD: unicasting BOOTREPLY for client 0050.7966.6801 to relay 192.0.2.1.

DHCPserver#

Reference and Further reading:

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/116265-configure-product-00.html

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.