DHCP Server in ASA Firewall

The DHCP Relay Agent sends Dynamic Host Configuration Protocol (DHCP) messages between DHCP clients and servers on different IP networks. DHCP provides network configuration parameters, such as IP addresses, to DHCP clients. The ASA can provide a DHCP server or DHCP relay service to DHCP clients attached to ASA interfaces. The DHCP server provides network configuration parameters directly to DHCP clients. The DHCP relay service sends DHCP requests received on one interface to an external DHCP server located on a different interface.

To enable the DHCP server on an ASA interface, perform the following steps:

dhcpd address 192.168.0.10-192.168.0.20 inside
dhcpd enable inside
dhcpd dns 8.8.8.8 8.8.4.4 interface inside
dhcpd domain example.com

The gateway option I'll be the interface dhcp enabled.

DHCP process on PC

PC> ip dhcp -d

Opcode: 1 (DISCOVER)
Client IP Address: 0.0.0.0
Your IP Address: 0.0.0.0
Server IP Address: 0.0.0.0
Gateway IP Address: 0.0.0.0
Client MAC Address: 00:50:79:66:68:00
Option 53: Message Type = Discover
Option 12: Host Name = PC
Option 61: Client Identifier = Hardware Type=Ethernet MAC Address = 00:50:79:66:68:00

Opcode: 2 (REPLY)
Client IP Address: 0.0.0.0
Your IP Address: 192.168.0.10
Server IP Address: 0.0.0.0
Gateway IP Address: 0.0.0.0
Client MAC Address: 00:50:79:66:68:00
Option 53: Message Type = Offer
Option 54: DHCP Server = 192.168.0.1
Option 51: Lease Time = 3600
Option 58: Renewal Time = 1800
Option 59: Rebinding Time = 3150
Option 1: Subnet Mask = 255.255.255.0
Option 3: Router = 192.168.0.1
Option 6: DNS Server = 8.8.8.8 8.8.4.4

Opcode: 1 (REQUEST)
Client IP Address: 192.168.0.10
Your IP Address: 0.0.0.0
Server IP Address: 0.0.0.0
Gateway IP Address: 0.0.0.0
Client MAC Address: 00:50:79:66:68:00
Option 53: Message Type = Request
Option 54: DHCP Server = 192.168.0.1
Option 50: Requested IP Address = 192.168.0.10
Option 61: Client Identifier = Hardware Type=Ethernet MAC Address = 00:50:79:66:68:00
Option 12: Host Name = PC

Opcode: 2 (REPLY)
Client IP Address: 192.168.0.10
Your IP Address: 192.168.0.10
Server IP Address: 0.0.0.0
Gateway IP Address: 0.0.0.0
Client MAC Address: 00:50:79:66:68:00
Option 53: Message Type = Ack
Option 54: DHCP Server = 192.168.0.1
Option 51: Lease Time = 3600
Option 58: Renewal Time = 1800
Option 59: Rebinding Time = 3150
Option 12: Host Name = PC.
Option 1: Subnet Mask = 255.255.255.0
Option 3: Router = 192.168.0.1
Option 6: DNS Server = 8.8.8.8 8.8.4.4

IP 192.168.0.10/24 GW 192.168.0.1

PC> show ip

NAME        : PC[1]
IP/MASK     : 192.168.0.10/24
GATEWAY     : 192.168.0.1
DNS         : 8.8.8.8, 8.8.4.4
DHCP SERVER : 192.168.0.1
DHCP LEASE  : 3596, 3600/1800/3150
MAC         : 00:50:79:66:68:00
MTU:        : 1500

PC> ping 100.0.0.1

84 bytes from 100.0.0.1 icmp_seq=1 ttl=255 time=0.150 ms
84 bytes from 100.0.0.1 icmp_seq=2 ttl=255 time=0.199 ms
...

asaFw# show dhcpd binding all

IP address       Client Identifier        Lease expiration        Type

   192.168.0.10    0100.5079.6668.00            3178 seconds    Automatic

asaFw# show dhcpd state

Context  Configured as DHCP Server
Interface outside, Not Configured for DHCP
Interface inside, Configured for DHCP SERVER

asaFw# show dhcpd statistics

DHCP UDP Unreachable Errors: 0
DHCP Other UDP Errors: 0

Address pools        1
Automatic bindings   1
Expired bindings     0
Malformed messages   0

Message              Received
BOOTREQUEST          0
DHCPDISCOVER         1
DHCPREQUEST          1
DHCPDECLINE          0
DHCPRELEASE          0
DHCPINFORM           0

Message              Sent
BOOTREPLY            0
DHCPOFFER            1
DHCPACK              1
DHCPNAK              0

asaFw# show run dhcpd

dhcpd address 192.168.0.10-192.168.0.20 inside
dhcpd dns 8.8.8.8 8.8.4.4 interface inside
dhcpd enable inside
dhcp domain example.com

See Also:

.!!!!

.!.!. 

biOos