DHCP Clients
When configured as a DHCP client, the PIX firewall can access the configuration
of its alfresco interface from a appointed DHCP server—for example, a
server amid at an ISP.This agreement includes the IP address, the subnet
mask, and optionally, the absence route.
NOTE
The DHCP applicant affection can alone be configured on the “outside” interface
of the PIX firewall.
This abode can be used, for example, as a PAT abode for all approachable communications.
This is configured in the afterward way (assuming that the DHCP
client is already configured):
nat (inside) 1 0 0
global (outside) 1 interface
This agreement will assignment with any IP abode assigned to the outside
interface by DHCP.
The agreement of the DHCP applicant is rather simple, and all you charge to
use is the afterward command:
ip abode alfresco dhcp [setroute] [retry
www.syngress.com
184 Chapter 4 • Advanced PIX Configurations
You do this instead of allegorical a anchored IP abode for an alfresco interface.
The alternative setroute keyword armament the PIX firewall to aces up not alone the IP
address and the subnet affectation but the absence avenue as well. Do not configure a
static absence avenue on the firewall if you use the setroute option.The retry option
tells the PIX firewall to try to acquaintance a DHCP server a defined cardinal of
times afore giving up. If this keyword is not specified, no retries are attempted.
If this keyword is defined but no retry calculation is given, the absence cardinal of
retries is four. For example, the afterward command configures a DHCP client
on the alfresco interface to access an IP address, subnet mask, and absence route
from the DHCP server, and alone one attack will be made:
PIX1(config)# ip abode alfresco dhcp setroute
The afterward command configures the DHCP applicant to access an IP address
and subnet affectation alone and tries at atomic bristles times afore giving up if no DHCP
servers are available:
PIX1(config)# ip abode alfresco dhcp retry 5
There are no appropriate commands for renewing and absolution DHCP lease;
simply affair the aforementioned command afresh and the charter will be renewed.
The abode acquired can be beheld using:
PIX1# appearance ip abode alfresco dhcp
This produces achievement agnate to the following:
Temp IP Addr:123.1.2.3 for associate on interface:outside
Temp sub net mask:255.255.255.0
DHCP Charter server:123.1.2.31, state:3 Bound
DHCP Transaction id:0x4567
Lease:259200 secs, Renewal:129600 secs, Rebind:226800 secs
Temp default-gateway addr:123.1.2.1
Next timer fires after:100432 secs
Retry count:0, Client-ID:cisco-0000.0000.0000-outside
This achievement agency that PIX has acquired an IP abode of 123.1.2.3 and a
subnet affectation of 255.255.255.0 from the DHCP server 123.1.2.31.This DHCP
lease is accepted for 259200 abnormal with face-lifting time of 129600 seconds.Time
left until the abutting face-lifting is 100432 seconds, and there were no retries in contacting
the server.
www.syngress.com
Advanced PIX Configurations • Chapter 4 185
In case there are any issues with the DHCP client, you can troubleshoot
using alter commands:
debug dhcpc packet
debug dhcpc detail
debug dhcpc error
These are self-explanatory. alter dhcpc packet displays all DHCP traffic
between the PIX applicant and a alien server, the detail advantage shows capacity of
negotiation, and the absurdity advantage displays all errors in this communication.