Firewalls - dhcpd

dhcpd

The dhcpd command controls the dhcpd server feature. (Configuration mode.)
[no] dhcpd address ip1[-ip2] [if_name] [no] dhcpd auto_config [client_ifx_name] [no] dhcpd dns dns1 [dns2] [no] dhcpd wins wins1 [wins2] [no] dhcpd lease lease_length [no] dhcpd domain domain_name [no] dhcpd enable [if_name] [no] dhcpd ping_timeout timeout show dhcpd [binding|statistics] clear dhcpd [binding|statistics] [no] debug dhcpd event [no] debug dhcpd packet
Syntax

address ip1 [ip2] The IP pool address range.
The size of the pool is limited to 32 addresses for the PIX 506 platform and 256 addresses for other platforms. If the address pool range is larger than 253 addresses, the netmask of the firewall interface cannot be a Class C (for example 255.255.255.0) and hence needs to be something larger, for example, 255.255.254.0.

if_name Name of the firewall interface. The default is the inside interface. Currently, the firewall DHCP server daemon can only be enabled on the inside interface.

dns dns1 [dns2] The IP addresses of the DNS servers for the DHCP client. The second server address is optional.

auto_config Enable firewall to automatically configure DNS, WINS and domain name values from the DHCP client to the DHCP server. If the user also specifies dns, wins, and domain parameters, then the CLI parameters overwrite the auto_config parameters.

client_ifx_name This optional argument supports only the outside interface at this time. When more interfaces are supported, this argument will specify which interface supports the DHCP auto_config feature.

wins wins1 [wins2 The IP addresses of the Microsoft NetBios name servers (WINS server). The second server address is optional.

lease lease_length The length of the lease, in seconds, granted to DHCP client from the DHCP server. The lease indicates how long the client can use the assigned IP address. The default is 3600 seconds. The minimum lease length is 300 seconds, and the maximum lease length is 2,147,483,647 seconds.

domain domain_name The DNS domain name. For example, example.com.

binding The binding information for a given server IP address and its associated client hardware address and lease length.

statistics Statistical information, such as address pool, number of bindings, malformed messages, sent messages, and received messages.

ping_timeout Allows the configuration of the timeout value of a ping, in milliseconds, before assigning an IP address to a DHCP client.

dhcp

A DHCP server provides network configuration parameters to a DHCP client. Support for the DHCP server the firewall means the firewall can use the DHCP to configure connected PC clients. This DHCP feature is designed for the remote home or branch office that will establish a connection to a enterprise or corporate network.
The firewall DHCP server not support BOOTP requests and firewall configurations.
The dhcpd address command specifies the DHCP server pool. The address pool of a firewall DHCP server be within the same subnet of the firewall interface that is enabled. In other words, the client must be physically connected to the subnet of a firewall interface. The size of the pool is currently limited to 32 addresses for the PIX 506 platform, and 256 addresses for other platforms. The default for the firewall interface name is the inside interface, which is the only interface currently supported. The no dhcpd address command removes the DHCP server pool you configured.
The dhcpd dns command specifies the IP address(es) of the DNS server(s) for DHCP client. You have the option to specify two DNS servers. The no dhcpd dns command removes the DNS IP address(es) from the configuration.
The dhcpd wins command specifies the addresses of the WINS server for the DHCP client. The no dhcpd dns command removes the WINS server IP address(es) from the configuration.
The dhcpd lease command specifies the length of the lease in seconds granted to the DHCP client. This lease indicates how long the DHCP client use the assigned IP address the DHCP granted. The no dhcpd lease command removes the lease length that you specified from the configuration and replaces this value with the default value of 3600 seconds.
The dhcpd domain command specifies the DNS domain name for the DHCP client example, example.com. The no dhcpd domain command removes the DNS domain server from the configuration.
The dhcpd enable command enables the DHCP daemon to begin to listen for the DHCP client on the DHCP enabled interface. The no dhcpd enable command disables the DHCP server on the specified interface.
DHCP must be enabled to use this command. Use the dhcpd enable command to turn on DHCP
The show dhcpd command displays dhcpd commands, binding and statistics information associated with all of the dhcpd commands.
The clear dhcpd command clears all of the dhcpd commands, binding, and statistics information.
The debug dhcpd event command displays event information about the DHCP server debug dhcpd packet command displays packet information about the DHCP server the no form of the debug dhcpd commands to disable debugging. Examples
The following partial configuration example shows use of the dhcpd address, ,a href="#dns">dhcpd dns, and dhcpd enable commands. In this example, an address pool for the DHCP clients is defined, a DNS server address is specified for the DHCP client the inside interface of the firewall is enabled for the DHCP server function.

dhcpd address 10.0.1.100-10.0.1.108
dhcpd dns 209.165.200.226
dhcpd enable

The following partial configuration example shows how to define a DHCP pool of 256 addresses and use the auto_config command to configure the DNS WINS and DOMAIN parameters. Note the netmask of the inside interface is 255.255.254.0.

ip address inside 10.0.1.1 255.255.254.0
dhcpd address 10.0.1.2-10.0.1.257
dhcpd auto_config
dhcpd enable

The following partial configuration example shows how to use three new features that are associated with each other: DHCP server, DHCP client, and PAT using interface IP to configure a firewall in a small office, home office (SOHO) environment:

! use dhcp to configure the outside interface and default route
ip address outside dhcp setroute
! enable dhcp server daemon on the inside interface
ip address inside 10.0.1.2 255.255.255.0
dhcpd address 10.0.1.101-10.0.1.110
dhcpd dns 209.165.201.2 209.165.202.129
dhcpd wins 209.165.201.5
dhcpd lease 3000
dhcpd domain example.com
dhcpd enable
! use outside interface IP as PAT global address
nat (inside) 1 0 0
global (outside) 1 interface

The following is sample output for the show dhcpd command:

show dhcpd
dhcpd address 10.0.1.100-10.0.1.108 inside
dhcpd lease 3600
dhcpd ping_timeout 750 dhcpd dns 192.23.21.23
dhcpd enable inside

The following is sample output for the show dhcpd binding command:

show dhcpd binding
IP Address Hardware Address Lease Expiration Type
10.0.1.100 0100.a0c9.868e.43 84985 seconds automatic

The following is sample output for the show dhcpd statistics command:

show dhcpd statistics
Address Pools 1
Automatic Bindings 1
Expired Bindings 1
Malformed messages 0
Message Received
BOOtrEQUEST 0
DHCPDISCOVER 1
DHCblockquoteQUEST 2
DHCPDECLINE 0
DHCblockquoteLEASE 0
DHCPINFORM 0
Message Sent
BOOtrEPLY 0
DHCPOFFER 1
DHCPACK 1
DHCPNAK 1

address ip1 [ip2]	The IP pool address range. The size of the pool is limited to 32 addresses for the PIX 506 platform and 256 addresses for other platforms. If the address pool range is larger than 253 addresses, the netmask of the firewall interface cannot be a Class C (for example 255.255.255.0) and hence needs to be something larger, for example, 255.255.254.0.
if_name	Name of the firewall interface. The default is the inside interface. Currently, the firewall DHCP server daemon can only be enabled on the inside interface.
dns dns1 [dns2]	The IP addresses of the DNS servers for the DHCP client. The second server address is optional.
auto_config	Enable firewall to automatically configure DNS, WINS and domain name values from the DHCP client to the DHCP server. If the user also specifies dns, wins, and domain parameters, then the CLI parameters overwrite the auto_config parameters.
client_ifx_name	This optional argument supports only the outside interface at this time. When more interfaces are supported, this argument will specify which interface supports the DHCP auto_config feature.
wins wins1 [wins2	The IP addresses of the Microsoft NetBios name servers (WINS server). The second server address is optional.
lease lease_length	The length of the lease, in seconds, granted to DHCP client from the DHCP server. The lease indicates how long the client can use the assigned IP address. The default is 3600 seconds. The minimum lease length is 300 seconds, and the maximum lease length is 2,147,483,647 seconds.
domain domain_name	The DNS domain name. For example, example.com.
binding	The binding information for a given server IP address and its associated client hardware address and lease length.
statistics	Statistical information, such as address pool, number of bindings, malformed messages, sent messages, and received messages.
ping_timeout	Allows the configuration of the timeout value of a ping, in milliseconds, before assigning an IP address to a DHCP client.