Configuring DHCP
You can configure a DHCP server on each interface of the FWSM. Each interface can have its own pool
of addresses to draw from. However the other DHCP settings, such as DNS servers, domain name,
options, ping timeout, and WINS servers, are configured globally and used by the DHCP server on all
interfaces.
You cannot configure a DHCP client or DHCP Relay services on an interface on which the server is
enabled. Additionally, DHCP clients must be directly connected to the interface on which the server is
enabled.
To enable the DHCP server on a given FWSM interface, perform the following steps:
Step 1
Create a DHCP address pool. Enter the following command to define the address pool:
hostname(config)# dhcpd address ip_address-ip_address interface_name
The FWSM assigns a client one of the addresses from this pool to use for a given length of time. These
addresses are the local, untranslated addresses for the directly connected network.
The address pool must be on the same subnet as the FWSM interface.
Step 2
(Optional) To specify the IP address(es) of the DNS server(s) the client will use, enter the following
command:
hostname(config)# dhcpd dns dns1 [dns2]
You can specify up to two DNS servers.
Step 3
(Optional) To specify the IP address(es) of the WINS server(s) the client will use, enter the following
command:
hostname(config)# dhcpd wins wins1 [wins2]
You can specify up to two WINS servers.
Step 4
(Optional) To change the lease length to be granted to the client, enter the following command:
hostname(config)# dhcpd lease lease_length
This lease equals the amount of time (in seconds) the client can use its allocated IP address before the
lease expires. Enter a value between 0 to 1,048,575. The default value is 3600 seconds.
Step 5
(Optional) To configure the domain name the client uses, enter the following command:
hostname(config)# dhcpd domain domain_name
Step 6
(Optional) To configure the DHCP ping timeout value, enter the following command:
hostname(config)# dhcpd ping_timeout milliseconds
To avoid address conflicts, the FWSM sends two ICMP ping packets to an address before assigning that
address to a DHCP client. This command specifies the timeout value for those packets.
Step 7
(Transparent Firewall Mode) Define a default gateway. To define the default gateway that is sent to
DHCP clients, enter the following command:
hostname(config)# dhcpd option 3 ip gateway_ip
If you do not use the DHCP option 3 to define the default gateway, DHCP clients use the IP address of
the management interface. The management interface does not route traffic.
To enable the DHCP daemon within the FWSM to listen for DHCP client requests on the enabled
Step 8
interface, enter the following command:
hostname(config)# dhcpd enable interface_name
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
8-36
Chapter 8
Configuring IP Routing and DHCP Services
OL-20748-01