Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : DHCP Server Configuration

DHCP Server Configuration

Feb 02,2010 by alperen

small font medium font large font
image

In many small offices and home offices (SOHO) installations, no server exists to provide DHCP services, and, yet, the feature could make adding new users and machines to the LAN much easier. Think about the user who uses their laptop at work in a DHCP environment, and then wants to take the laptop home. Continually configuring and un-configuring static IP addresses would be a pain.

Fortunately, devices like perimeter routers or firewall devices can easily provide DHCP server support in this type of scenario. Cisco’s Firewall with DHCP server strategy seems targeted at the PIX 506 and 506e platforms, but the feature is supported throughout the product line. Acting as a DHCP server, the PIX unit provides network configuration information (parameters) to DHCP clients in response to the clients‘ DHCP polling. These configuration parameters provide the DHCP clients with the networking parameters, such as default gateway, needed to access the network. Once on the network, services such as the DNS and WINS servers can be accessed to facilitate using web browsers or e-mail.

Connecting to a PIX Firewall supporting DHCP server features are PC clients and other network devices configured as DHCP clients. These connections can be nonsecure, not encrypted, for accessing the Internet or corporate resources. A growing market is creating secure, encrypted connections, using IPSec technology, to access corporate resources.

The following table lists the number of concurrent DHCP client connections supported by the PIX Firewall models by versions of the PIX Firewall OS. As with all product details, be sure to check the latest online documentation for maximum clients and the impact on memory requirements.

PIX OS Version

PIX Firewall Platform

Maximum DHCP Clients

v5.2 and earlier

All platforms

10

v5.3 to v6.0

PIX 506/506EAll other platforms

 32256

v6.1 and higher

PIX 501 (10-user license)PIX 501 (50-user license)PIX 506/506EAll other platforms

 32128256256

To be considered an active connection for the purpose of comparing to the maximum DHCP clients, a host must have done any one of the following:

  • Passed traffic through the PIX device in the last 30 seconds

  • Established NAT/PAT through the PIX device

  • Established a TCP connection or a UDP session through the PIX device

  • Established user authentication through the PIX device

While new versions of the PIX OS might change this, two features aren’t supported by the current PIX Firewall DHCP server feature:

  • The PIX Firewall DHCP server doesn’t support BOOTP requests.

  • The PIX Firewall DHCP server doesn’t support failover configurations.


    		 Note 

    It isn’t possible to get 256 clients from a class C network or from a class A or B network subnetted with a 24-bit mask. While the 24-bit mask creates 256 addresses, the first is the network, the last is the broadcast, and one must be configured on the PIX Firewall interface. This leaves 253 DHCP clients.


257 times read

Related news
» Firewalls as a DHCP Client and Server
by alperen posted on Feb 02,2010
» How DHCP Works
by alperen posted on Jun 26,2009
» DHCP Client
by alperen posted on Feb 02,2010
» Configuring the DHCP Server
by alperen posted on Nov 22,2009
» Configuring Multiple DHCP Servers per Subnet
by admin posted on Jul 21,2008
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

alperen

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.