The Dynamic Host Configuration Protocol

Previous page
Table of content
Next page

Dynamic Host Configuration Protocol (DHCP) allows computers to obtain IP addresses and network configurations automatically from a DHCP server. The PIX firewall can be both a DHCP client on the outside interface and at the same time provide DHCP server functionality on the inside interface.

graphics/alert_icon.gif

The PIX firewall can be a DHCP client and a DHCP server at the same time.


DHCP Clients

The PIX firewall can be a DHCP client on the outside interface, enabling you to receive IP address and configuration information dynamically from another source such as an Internet service provider (ISP). The following is the command syntax: 

 pixfirewall(config)# ip address <if_name> dhcp [setroute]

The dhcp option is used with the ip address command to enable the interface to dynamically receive an IP address from a DHCP server source. The following example defines the outside to be a DHCP client rather than to use a fixed address: 

 pixfirewall(config)# ip address outside dhcp setroute retry 4

The setroute option enables you to receive the default route from the DHCP server, whereas the retry option enables the PIX to retry contacting the DHCP server a number of times before giving up. To renew your lease, you type the IP address command again.

After you have received an address, you can use the show IP address outside dhcp command to display the configuration information received.

DHCP Servers

The PIX can also perform the functions of a small DHCP server. The number of clients it can support is limited, and performing this function is really intended only for small SOHO environments. To configure the PIX to be a DHCP server, the commands in Table 8.5 are available.

Table 8.5. DHCP Server Commands

Command

Function

dhcpd address <ip1>[-<ip2>] inside

This sets the pool of addresses the server will hand out to clients.

dhcpd ping_timeout <timeout>

This command is the response delay the PIX uses as it tests for any other clients that might be using the address it currently wants to give a client.

dhcpd auto_config [<clnt_ifc_name>]

This command forwards all the options learned from the outside interface to the inside users.

dhcpd domain <domain_name>

This specifies the domain option.

dhcpd dns <dnsip1> [<dnsip2>]

This allows you to enter two DNS server IP addresses.

dhcpd wins <winsip1> [<winsip2>]

This allows you to enter two WINS server IP addresses.

dhcpd lease <lease_length>

This is the duration of the lease that clients will keep addresses before returning to the server for a new one.

dchpd option

This allows you to specify any additional options that might be needed.

Listings 8.2 and 8.3 show examples that configure the PIX to hand out IP addresses in the range of 192.168.1.2 “192.168.1.33 with options manually configured or with options automatically configured. Automatic configuration allows the options learned from the outside DHCP server to be used as the default options for the inside clients.

Listing 8.2 demonstrates how to configure the PIX as a DHCP server with manually configured options to give to DHCP clients.

Listing 8.2 Configuring a DHCP Server with Manual Options 
 pixfirewall(config)# dhcpd address 192.168.1.2-192.168.1.33 inside pixfirewall(config)# dhcpd lease 3000 pixfirewall(config)# dhcpd dns 192.168.1.100 192.168.1.101 pixfirewall(config)# dhcpd wins 192.168.1.99 pixfirewall(config)# dhcpd domain examcram.com pixfirewall(config)# dhcpd enable
graphics/alert_icon.gif

The dhcpd dns command allows you to set only two DNS server IP addresses.


Listing 8.3 demonstrates how to configure the PIX as a DHCP server with automatically configured options that are originally received from the ISP and are passed on to the PIX DHCP clients.

Listing 8.3 Configuring a DHCP Server with Automatic Options 
 pixfirewall(config)# dhcpd address 192.168.1.2-192.168.1.33 inside pixfirewall(config)# dhcpd lease 3000 pixfirewall(config)# dhcpd auto_config pixfirewall(config)# dhcpd enable

To display DHCP settings and bindings, the commands in Table 8.6 can be used.

Table 8.6. show dhcp Commands

Command

Function

show dhcpd

Displays current DHCP server settings

show dhcpd binding

Displays the MAC address-to-IP address bindings the PIX has assigned

show dhcpd statistics

Shows the active IP address leases, expired bindings, and several other extensive DHCP server details

graphics/tip_icon.gif

The PIX firewall automatically issues the inside interfaces IP address as the default gateway option to the DHCP clients.



Previous page
Table of content
Next page
CSPFA Exam Cram 2 (Exam 642-521)
CCSP CSPFA Exam Cram 2 (Exam Cram 642-521)
ISBN: 0789730235
EAN: 2147483647
Year: 2003
Pages: 218
Authors: Daniel P. Newman
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
SQL Tips & Techniques (Miscellaneous)
Java for RPG Programmers, 2nd Edition
Ruby Cookbook (Cookbooks (OReilly))
802.11 Wireless Networks: The Definitive Guide, Second Edition
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy