Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : DHCP Client

DHCP Client

Feb 02,2010 by alperen

small font medium font large font
image

Corporate networks tend to use static IP addresses for all key network devices—such as firewalls, routers, switches, and servers—so those IP addresses can be configured as default gateways, used in ACLs, and so forth. But a telecommuter or small office could be using a cable or a DSL service that requires the client to receive their IP address and related information from a DHCP server on the provider’s network. In the case of a firewall, this would be the outside interface.

The PIX Firewall ip address dhcp command enables the DHCP client feature. Once the DHCP client feature is enabled, the PIX Firewall can accept configuration parameters from a DHCP server. The only configuration parameters the firewall requires are an IP address and a subnet mask for the DHCP client interface, the outside interface. To reset the interface and delete the DHCP lease from the PIX Firewall, configure a static IP address for the interface or use the clear ip command to clear all PIX Firewall IP addresses. The syntax is

pix(config)#ip address outside dhcp [setroute] [retry retry_cnt]pix(config)#clear ip

dhcp

Enables the DHCP client features, which then polls for informaton on the defined interface.

Setroute

Tells the PIX to create a default route using the default gateway parameter supplied by the DHCP server.

Retry

Enables PIX to retry a poll for DHCP information.

retry_cnt

The number of times PIX will poll for DHCP information. (4 to16). The default is 4.

If the optional setroute option is configured, the show route command output will show that the default route was set by a DHCP server.

The show ip address if_name dhcp Command

The show ip address if_name dhcp command displays the DHCP lease details. The following is a sample of what the output might look like:

Pix#show ip address outside dhcp
Temp IP Addr:172.16.1.61 for peer on interface:outside
Temp sub net mask:255.255.255.252
DHCP Lease server:172.16.4.5, state:3 Bound
DHCP Transaction id:0x4123
Lease:259200 secs, Renewal:129600 secs, Rebind:226800 secs
Temp default-gateway addr:172.16.1.62
Next timer fires after:91347 secs
Retry count:0, Client-ID:cisco-0000.0000.0000-outside
ip address outside dhcp retry 10

 Note 

The PIX Firewall DHCP client doesn’t support failover configurations.

Using NAT/PAT with DHCP Client

The IP address assigned to the outside interface by the DHCP server can be used as the PAT global address. This means all outbound NAT translations will use the assigned IP address of the outside interface, combined with a unique port number. By using the outside interface, it’s unnecessary for the ISP to create a static IP address to the global address pool.

Use the global command with the interface keyword to enable PAT to use the DHCP-acquired IP address of the outside interface. The syntax is

pix(config)#global (outside) nat-id interface

In the following example, the first line enables the DHCP client on the outside interface, uses the acquired gateway address as the default route, and allows ten polling attempts to collect the DHCP information. The second line allows all inside addresses to go out of the network using NAT pool #1. The last line enables PAT using the IP address at the outside interface.

pix(config)#ip address outside dhcp setroute retry 10
pix(config)#nat (inside) 1 0 0
pix(config)#global (outside) 1 interface

809 times read

Related news
» Configuring the DHCP Server
by alperen posted on Nov 22,2009
» Firewalls as a DHCP Client and Server
by alperen posted on Feb 02,2010
» How DHCP Works
by alperen posted on Jun 26,2009
» Configuring Multiple DHCP Servers per Subnet
by admin posted on Jul 21,2008
» Allocating Static IP Addresses with DHCP
by admin posted on Jul 21,2008
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.