Cisco asa dhcp services
Download as DOCX, PDF0 likes590 views
The document discusses configuring DHCP services on a Cisco ASA firewall. The ASA DHCP daemon operates as a simple DHCP server, providing dynamic IP addresses, DNS servers, default gateway, and domain information. It is configured per interface by specifying an address range. DNS servers and the gateway address are also configured separately. After configuring the basic DHCP scope and options, the DHCP daemon must be enabled on the interface. The document includes an example configuration where DHCP services are set up on an ASA to provide addresses to an inside network segment.
![R1(config)#nt FastEthernet0/0
R1(config-if)#ip add dhcp
R1(config-if)#end
R1#
%DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned DHCP
address 10.1.0.10, mask 255.255.255.0, hostname R1
R1#
R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 10.1.0.1 to network 0.0.0.0
S*
0.0.0.0/0 [1/0] via 10.1.0.1
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C
10.1.0.0/24 is directly connected, FastEthernet0/0](https://image.slidesharecdn.com/ciscoasadhcpservices-131017223700-phpapp02/85/Cisco-asa-dhcp-services-5-320.jpg)
Cisco asa dhcp services
- 1. Cisco ASA DHCP Services Real World Application & Core Knowledge Configuring DHCP Services on a Cisco ASA is not common however you may run into this scenario when working with the remote office Cisco ASA 5505 series firewalls. This type of configuration is commonly used at branch offices where no servers are located at. The Cisco ASA DHCP Daemon operates as a simple DHCP Server providing dynamic IP Addresses, DNS and default gateway information and a domain name if configured. You can get into advanced configurations by providing DHCP options. The DHCP Daemon is configured on a per interface basis and you specify an address range, not a subnet like you would on Cisco IOS. All of the DHCP services commands start with dhcpd followed by the specific configuration. To configure a DHCP Scope range, you would use the dhcpd address x.x.x.x-y.y.y.yifName whereas x.x.x.x is the starting IP Address and y.y.y.y is the ending IP Address and the interface name is specified last. DNS Servers are configured in the same fashion using the dhcpddnsx.x.x.xy.y.y.yifName command whereas x.x.x.x is the primary DNS and y.y.y.y is the secondary DNS. The gateway is automatically set to the interface address. Because of this, the ASA DHCPD has a limited scope of functionality. After completing the basic DHCP Daemon configuration, you must manually enable the DHCP Daemon on the interface using the dhcpd enable ifName Familiarize yourself with the following command(s); Command Description dhcpd address x.x.x.x-y.y.y.yifName This command is executed in global configuration mode to create a DHCP Daemon scope whereas x.x.x.x is the starting IP Address and y.y.y.y is the ending IP Address and the interface name to which the scope belongs to. dhcpddnsx.x.x.xy.y.y.yifName This command is executed in global configuration mode to create set scope DNS servers whereas x.x.x.x is the primary DNS server and y.y.y.y is the secondary DNS Server and the interface name to which the scope belongs to.
- 2. dhcpd enable ifName This command is executed in global configuration mode enables the DHCP Daemon on the specified interface. The following logical topology shown below is used in labs found throughout Section 9; Lab Prerequisites If you are using your own Cisco ASA then plug this device in and establish a console session with the Firewall. If you do not have a Cisco ASA, you can reserve lab time on the Stub Lab to have access to a pair of Cisco ASA 5505 Firewalls. If you have completed the previous labs in Section 9 you may continue where you left off, if not than you can use the initial configuration for this lab provided below. !############################################ !# Free CCNA Workbook.com # !# CCNA Security Workbook Lab 9-5 # !############################################ ! enable config term ! hostname FW1 ! interface Ethernet0/0 description OUTSIDE PHY INTERFACE no shut ! interface Ethernet0/1 description INSIDE PHY INTERFACE switchport access vlan 2 no shut
- 3. ! interface Ethernet0/2 description DMZ PHY INTERFACE switchport access vlan 3 no shut ! interface Vlan1 nameif OUTSIDE security-level 0 ip address 198.51.100.37 255.255.255.252 no shut ! interface Vlan2 nameif INSIDE security-level 100 ip address 10.1.0.1 255.255.255.0 no shut ! interface Vlan3 nameif DMZ security-level 50 ip address 10.10.1.1 255.255.255.0 no shut ! banner login #################################### banner login # UNAUTHORIZED ACCESS PROHIBITED # banner login #################################### ! bannermotd ##################################################### bannermotd # CONTACT JOHN PRIOR TO MAKING ANY CONFIG CHANGES # bannermotd ##################################################### ! usernamejdoe password 2ck/B41DqLmwNyy8 encrypted privilege 15 username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15 ! aaa authentication serial console LOCAL ! route OUTSIDE 0.0.0.0 0.0.0.0 198.51.100.38 ! End Lab Objectives On FW1 configure a DHCP Scope of 10.1.0.10 – 10.1.0.50 on the INSIDE
- 4. Interface. On FW1 configure the DHCP Scope attached to the INSIDE interface to use the DNS Servers of 10.10.10.10 and 10.20.10.10 Verify that DHCP Services is operational by configuring R1′ s FastEthernet0/0 interface as a DHCP client and that it is receiving a default gateway. Lab Instruction Objective1.–On FW1 configure a DHCP Scope of 10.1.0.10 – 10.1.0.50 on the INSIDE Interface. #################################### # UNAUTHORIZED ACCESS PROHIBITED # #################################### Username: cisco Password: ***** ##################################################### # CONTACT JOHN PRIOR TO MAKING ANY CONFIG CHANGES # ##################################################### Type help or '?' for a list of available commands. FW1>en Password: ***** FW1# config term FW1(config)# dhcpd address 10.1.0.10-10.1.0.50 INSIDE Objective2.–On FW1 configure the DHCP Scope attached to the INSIDE interface to use the DNS Servers of 10.10.10.10 and 10.20.10.10 and enable the DHCP Daemon on the INSIDE interface. FW1(config)# dhcpddns 10.10.10.10 10.20.10.10 interface INSIDE FW1(config)# dhcpd enable INSIDE FW1(config)# end FW1# Objective3.–Verify that DHCP Services is operational by configuring R1′ s FastEthernet0/0 interface as a DHCP client and that it is receiving a default gateway. R1>enable R1#config term Enter configuration commands, one per line. End with CNTL/Z.
- 5. R1(config)#nt FastEthernet0/0 R1(config-if)#ip add dhcp R1(config-if)#end R1# %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned DHCP address 10.1.0.10, mask 255.255.255.0, hostname R1 R1# R1#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override Gateway of last resort is 10.1.0.1 to network 0.0.0.0 S* 0.0.0.0/0 [1/0] via 10.1.0.1 10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks C 10.1.0.0/24 is directly connected, FastEthernet0/0
- 6. L 10.1.0.10/32 is directly connected, FastEthernet0/0 C 10.1.1.0/24 is directly connected, Loopback0 L 10.1.1.1/32 is directly connected, Loopback0 R1# More Cisco Exam Tips and Tutorials: How to Configure DHCP Snooping? How to Use OSPF Point-to-Multi-Point on Ethernet? DHCP Relay on the Nexus7000/NXOS Vs. IP Helper on the 6500/IoS How to Troubleshoot and Verifying OSPF Configuration? EIGRP on a Cisco ASA Firewall Configuration More Articles you can read at: http://blog.router-switch.com/category/cisco-certification/