Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM, 6.2F
Configuring DHCP and DNS
Downloads: This chapterpdf (PDF - 139.0KB) The complete bookPDF (PDF - 13.51MB) | Feedback

Configuring DHCP and DNS Services

Table Of Contents

Configuring DHCP and DNS Services

DHCP Relay

Edit DHCP Relay Agent Settings

DHCP Relay - Add/Edit DHCP Server

Add/Edit DHCP Relay Server

DHCP Server

Edit DHCP Server

Advanced DHCP Options

DNS Client


Configuring DHCP and DNS Services


A DHCP server provides network configuration parameters, such as IP addresses, to DHCP clients. The FWSM can provide DHCP server or DHCP relay services to DHCP clients attached to FWSM interfaces. The DHCP server provides network configuration parameters directly to DHCP clients. DHCP relay passes DHCP requests received on one interface to an external DHCP server located behind a different interface.

The Domain Name System (DNS) is the system in the Internet that maps names of objects (usually host names) into IP numbers or other resource record values. The namespace of the Internet is divided into domains, and the responsibility for managing names within each domain is delegated, typically to systems within each domain. DNS client services allows you to specify DNS servers to which the FWSM sends DNS requests, request timeout period, and other parameters.

For information about configuring these services, see the following topics:

DHCP Relay

DHCP Server

DNS Client

DHCP Relay

The DHCP Relay pane lets you configure DHCP relay services on the FWSM. DHCP relay passes DHCP requests received on one interface to an external DHCP server located behind a different interface. To configure DHCP relay, you need to specify at least one DHCP relay server and then enable a DHCP relay agent on the interface receiving DHCP requests. You can configure additional DHCP relay servers on a per-interface basis. When you configure an interface-specific DHCP relay server, DHCP requests received on that interface are sent to the specified server. If no interface-specific server is configured, then the global server is used.

Restrictions

You cannot enable a DHCP relay agent on an interface that has a DHCP relay server configured for it.

The DHCP relay agent works only with external DHCP servers; it will not forward DHCP requests to a FWSM interface configured as a DHCP server.

Prerequisites

Before you can enable a DHCP relay agent on an interface, you must have at least one DHCP relay global server or DHCP relay interface server in the configuration.

Fields

DHCP Relay Agent—Contains the fields for configuring the DHCP relay agent.

Interface—Displays the interface name. Double-clicking an interface opens the Edit DHCP Relay Agent Settings dialog box, where you can enable the DHCP relay agent and configure the relay agent parameters.

DHCP Relay—Indicates whether the DHCP relay agent is enabled on the interface. This column displays "Yes" if the DHCP relay agent is enabled or "No" if the DHCP relay agent is not enabled on the interface.

Set Route—Indicates whether the DHCP relay agent is configured to modify the default router address in the information returned from the DHCP server. This column display "Yes" if the DHCP relay agent is configured to change the default router address to the interface address or "No" if the DHCP relay agent does not modify the default router address.

Edit—Opens the Edit DHCP Relay Agent Settings dialog box, where you can enable the DHCP relay agent and configure the relay agent parameters.

DHCP Relay Global Servers—Contains the fields for configuring the DHCP relay global servers. When DHCP requests are received on an interface with the DHCP relay agent enabled, those requests are forwarded to the global server unless an interface-specific server has been defined.

Server—Displays the IP address of a configured, external DHCP server. Double-clicking a server address opens the DHCP Relay - Edit DHCP Server dialog box, where you can edit the DHCP relay server settings.

Interface—Display the interface the specified DHCP server is attached to.

Add—Opens the DHCP Relay - Add DHCP Server dialog box, where you can specify a new DHCP relay server. You can define up to 4 DHCP relay servers on the FWSM. This button is unavailable if you already have 4 DHCP relay servers defined.

Edit—Opens the DHCP Relay - Edit DHCP Server dialog box, where you can edit the DHCP relay server settings.

Delete—Removes the selected DHCP relay server. The server is removed from the FWSM configuration when you apply or save your changes.

Timeout—Specifies the amount of time, in seconds, allowed for DHCP address negotiation. Valid values range from 1 to 3600 seconds. The default value is 60 seconds.

DHCP Relay Interface Servers—Contains the fields for configuring lists of DHCP servers for each interface. DHCP requests received on interfaces that have the relay agent enabled and one or more servers defined for that interface are forwarded to the interface-specific servers rather than the global servers.

Interface—Displays the name of the interface for which the interface-specific DHCP relay servers are defined.

Servers—Lists the IP addresses of the DHCP servers used for DHCP requests received by that interface.

Add—Adds a new set of DHCP relay servers.

Edit—Edits a list of DHCP relay servers.

Delete—Removes the selected DHCP relay server list.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


Edit DHCP Relay Agent Settings

You can enable the DHCP relay agent and configure the relay agent parameters for the selected interface in the Edit DHCP Relay Agent Settings dialog box.

Restrictions

You cannot enable a DHCP relay agent on an interface that has a DHCP relay server configured for it.

You cannot enable a DHCP relay agent on a FWSM that has DHCP server configured on an interface.

Prerequisites

Before you can enable a DHCP relay agent on an selected interface, you must have at least one DHCP relay server in the configuration.

Fields

Enable DHCP Relay Agent—When selected, enables the DHCP relay agent on the selected interface. You must have a DHCP relay server defined before enabling the DHCP relay agent.

Set Route—Specifies whether the DHCP relay agent is configured to modify the default router address in the information returned from the DHCP server. When this check box is selected, the DHCP relay agent substitutes the address of the selected interface for the default router address in the information returned from the DHCP server.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


DHCP Relay - Add/Edit DHCP Server

Define new DHCP relay servers in the DHCP Relay - Add DHCP Server dialog box or edit exiting server information in the DHCP Relay - Edit DHCP Server dialog box. You can define up to 4 DHCP relay servers.

Restrictions

You cannot define a DHCP relay server on an interface with a DHCP server enabled on it.

Fields

DHCP Server—Specifies the IP address of the external DHCP server to which DHCP requests are forwarded.

Interface—Specifies the interface through which DHCP requests are forwarded to the external DHCP server.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


Add/Edit DHCP Relay Server

Define, on a per-interface basis, the DHCP servers that the DHCP relay agent should use when DHCP requests are received on a specific interface.

Fields

Interface—Select the interface for which you are defining the DHCP servers for the relay agent to use.

Server to Add—Specifies the IP address of the external DHCP server to which DHCP requests are forwarded.

Add—Adds the server to the list of DHCP servers.

Delete—Removes the selected server from the list.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


DHCP Server

The DHCP Server pane lets you configure the FWSM interfaces as DHCP servers. You can configure one DHCP server per interface on the FWSM.


Note You cannot configure a DHCP server on an interface that has DHCP relay configured on it. For more information about DHCP relay, see DHCP Relay.


Fields

Interface—Displays the interface ID. Double-clicking an interface ID opens the Edit DHCP Server dialog box, where you can enable DHCP on and assign a DHCP address pool to the selected interface.

DHCP Enabled—Indicates whether DHCP is enabled on the interface. This column displays "Yes" if DHCP is enabled or "No" if DHCP is not enabled on the interface.

Address Pool—Displays the range of IP addresses assigned to the DHCP address pool.

Edit—Opens the Edit DHCP Server dialog box for the selected interface. You can enable DHCP and specify the DHCP address pool in the Edit DHCP Server dialog box.

Ping Timeout—To avoid address conflicts, the FWSM sends two ICMP ping packets to an address before assigning that address to a DHCP client. The Ping Timeout box specifies the amount of time, in milliseconds, that the FWSM waits to time out a DHCP ping attempt. Valid values range from 10 to 10000 milliseconds. The default value is 50 milliseconds.

Lease Length—Specifies the amount of time, in seconds, that the client can use its allocated IP address before the lease expires. Valid values range from 300 to 1048575 seconds. The default value is 3600 seconds (1 hour).

Other DHCP Options—Contains optional DHCP parameters.

Enable Autoconfiguration on interface—Select this check box to enable DHCP auto configuration.

DHCP auto configuration causes the DHCP server to provide DHCP clients with DNS server, domain name, and WINS server information obtained from a DHCP client running on the specified interface. If any of the information obtained through auto configuration is also specified manually in the Other DHCP Options area, the manually specified information takes precedence over the discovered information.

Enable Autoconfiguration on interface—Specifies the interface running the DHCP client that supplies the DNS, WINS, and domain name parameters.

DNS Server 1—(Optional) Specifies the IP address of the primary DNS server for a DHCP client.

DNS Server 2—(Optional) Specifies the IP address of the alternate DNS server for a DHCP client.

Domain Name—(Optional) Specifies the DNS domain name for DHCP clients. Enter a valid DNS domain name, for example example.com.

Primary WINS Server—(Optional) Specifies the IP address of the primary WINS server for a DHCP client.

Secondary WINS Server—(Optional) Specifies the IP address of the alternate WINS server for a DHCP client.

Advanced—Opens the Advanced DHCP Options dialog box, where you can specify DHCP options and their parameters.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


Edit DHCP Server

You can enable DHCP and specify the DHCP address pool for the selected interface in the Edit DHCP Server dialog box.

Fields

Enable DHCP Server—Select this check box to enable the DHCP server on the selected interface. Clear this check box to disable DHCP on the selected interface. Disabling the DHCP server on the selected interface does not clear the specified DHCP address pool.

DHCP Address Pool—Specifies the IP address pool used by the DHCP server. Enter the range of IP addresses from lowest to highest. The range of IP addresses must be on the same subnet as the selected interface and cannot contain the IP address of the interface itself.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


Advanced DHCP Options

The Advanced DHCP Options dialog box lets you configure DHCP option parameters. You use DHCP options to provide additional information to DHCP clients. For example, DHCP option 150 and DHCP option 66 provide TFTP server information to Cisco IP Phones and Cisco IOS routers.

You can use that advanced DHCP options to provide DNS, WINS, and domain name parameters to DHCP clients. You can also use the DHCP auto configuration setting to obtain these values or manually specify them on the DHCP Server pane. When you use more than one method to specify this information, the information is passed to DHCP clients with the following preference:

1. Manually configured settings.

2. Advanced DHCP Options settings.

3. DHCP auto configuration.

For example, you can manually define the domain name that you want the DHCP clients to receive, and then enable DHCP auto configuration. Although DHCP auto configuration will discover the domain along with the DNS and WINS servers, the manually-defined domain name is passed to DHCP clients with the discovered DNS and WINS server names. The domain name discovered by the DHCP auto configuration process is discarded in favor of the manually-defined domain name.

Fields

Option to be Added—Contains the fields used to configure a DHCP option.

Select the option code—Lists the available option codes. All DHCP options (options 1 through 255) are supported except 1, 12, 50-54, 58-59, 61, and 67. Select the option that you want to configure.

Some options are standard. For standard options, the option name is shown in parentheses after the option number and the option parameters are limited to those supported by the option. For all other options, only the option number is shown and you must select the appropriate parameters to supply with the option.

For standard DHCP options, only the supported option value type is available. For example, if you select DHCP Option 2 (Time Offset), you can only supply a hexadecimal value for the option. For all other DHCP options, all of the option value types are available and you must select the appropriate options value type.

Option Data options—These options specify the type of information the option returns to the DHCP client. For standard DHCP options, only the supported option value type is available. For all other DHCP options, all of the option value types are available.

IP Address—Selecting this value specifies that an IP address is returned to the DHCP client. You can specify up to two IP addresses.


Note The name of the associated IP Address fields can change based on the DHCP option you select. For example, if you select DHCP Option 3 (Router), the fields change name to Router 1 and Router 2.


IP Address 1—An IP address in dotted-decimal notation.

IP Address 2—(Optional) An IP address in dotted-decimal notation.

ASCII—Selecting this option specifies that an ASCII value is returned to the DHCP client.


Note The name of the associated Data field can change based on the DHCP option you select. For example, if you select DHCP Option 14 (Merit Dump File), the associated Data field changes name to File Name.


Data—An ASCII character string. The string cannot include white space.

Hex—Selecting this option specifies that a hexadecimal value is returned to the DHCP client.


Note The name of the associated Data field can change based on the DHCP option you select. For example, if you select DHCP Option 2 (Time Offset), the associated Data field becomes the Offset field.


Data—A hexadecimal string with an even number of digits and no spaces. You do not need to use a 0x prefix.

Add—Adds the configured option to the DHCP option table.

Delete—Removes the selected option from the DHCP option table.

DHCP option—Lists the DHCP options that have been configured.

Option Code—Shows the DHCP option code. For standard DHCP options, the option name appears in parentheses next to the option code.

Option Data—Shows the parameters that have been configured for the selected option.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System


DNS Client

The DNS Client pane lets you specify one or more DNS servers for the FWSM so it can resolve server names to IP addresses in your certificate configuration (See Add/Edit Trustpoint Configuration > Enrollment Settings Tab and Add/Edit Trustpoint Configuration > CRL Retrieval Policy Tab). Other features that define server names (such as AAA) do not support DNS resolution. You must enter the IP address or manually resolve the name to an IP address by adding the server name in the Network Object Groups pane.

Fields

DNS Servers—Manages the DNS server list. You can specify up to six addresses. The FWSM tries each DNS server in order until it receives a response. You must enable DNS on at least one interface in the DNS Lookup group box before you can add a DNS server.

Server to be Added—Specifies the DNS server IP address.

Add—Adds a DNS server to the bottom of the list.

Delete—Deletes the selected DNS server from the list.

Servers—Shows the DNS server list.

Move Up—Moves the selected DNS server up the list.

Move down—Moves the selected DNS server down the list.

DNS Server Parameters—Sets the timeout.

Timeout—Specifies the amount of time to wait before trying the next DNS server in the list, between 1 and 30 seconds. The default is 2 seconds. Each time the FWSM retries the list of servers, this timeout doubles.

Retries—Specifies the number of times to try each server on the list of DNS servers. The default is 2 times.

DNS Lookup—Enables or disables DNS lookup on an interface.

Interface—Lists all interface names.

DNS Enabled—Shows whether an interface supports DNS lookup, Yes or No.

Enable—Enables DNS lookup for the selected interface.

Disable—Disables DNS lookup for the selected interface.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System