DHCP and DDNSThe following topics explain DHCP and DDNS services and how to configure them on Threat Defense devices. Show
About DHCP and DDNS ServicesThe following topics describe the DHCP server, DHCP relay agent, and DDNS update. About the DHCPv4 ServerDHCP provides network configuration parameters, such as IP addresses, to DHCP clients. The FTD device can provide a DHCP server to DHCP clients attached to FTD device interfaces. The DHCP server provides network configuration parameters directly to DHCP clients. An IPv4 DHCP client uses a broadcast rather than a multicast address to reach the server. The DHCP client listens for messages on UDP port 68; the DHCP server listens for messages on UDP port 67. The DHCP server for IPv6 is not supported; you can, however, enable DHCP relay for IPv6 traffic. DHCP OptionsDHCP provides a framework for passing configuration information to hosts on a TCP/IP network. The configuration parameters are carried in tagged items that are stored in the Options field of the DHCP message and the data are also called options. Vendor information is also stored in Options, and all of the vendor information extensions can be used as DHCP options. For example, Cisco IP Phones download their configuration from a TFTP server. When a Cisco IP Phone starts, if it does not have both the IP address and TFTP server IP address preconfigured, it sends a request with option 150 or 66 to the DHCP server to obtain this information.
A single request might include both options 150 and 66. In this case, the ASA DHCP server provides values for both options in the response if they are already configured on the ASA. You can use advanced DHCP options to provide DNS, WINS, and domain name parameters to DHCP clients; DHCP option 15 is used for the DNS domain suffix.You can also use the DHCP automatic configuration setting to obtain these values or define them manually. When you use more than one method to define this information, it is passed to DHCP clients in the following sequence:
For example, you can manually define the domain name that you want the DHCP clients to receive and then enable DHCP automatic configuration. Although DHCP automatic configuration discovers the domain together with the DNS and WINS servers, the manually defined domain name is passed to DHCP clients with the discovered DNS and WINS server names, because the domain name discovered by the DHCP automatic configuration process is superseded by the manually defined domain name. About the DHCP Relay AgentYou can configure a DHCP relay agent to forward DHCP requests received on an interface to one or more DHCP servers. DHCP clients use UDP broadcasts to send their initial DHCPDISCOVER messages because they do not have information about the network to which they are attached. If the client is on a network segment that does not include a server, UDP broadcasts normally are not forwarded by the FTD device because it does not forward broadcast traffic. The DHCP relay agent lets you configure the interface of the FTD device that is receiving the broadcasts to forward DHCP requests to a DHCP server on another interface. Requirements and Prerequisites for DHCP and DDNSModel SupportFTD User Roles
Guidelines for DHCP and DDNS ServicesThis section includes guidelines and limitations that you should check before configuring DHCP and DDNS services. Firewall Mode
IPv6Does not support IPv6 for DHCP server; IPv6 for DHCP relay is supported. DHCPv4 Server
DHCP Relay
Configure the DHCP ServerSee the following steps to configure a DHCP server. Procedure
Configure the DHCP Relay AgentYou can configure a DHCP relay agent to forward DHCP requests received on an interface to one or more DHCP servers. DHCP clients use UDP broadcasts to send their initial DHCPDISCOVER messages because they do not have information about the network to which they are attached. If the client is on a network segment that does not include a server, UDP broadcasts normally are not forwarded by the Firepower Threat Defense device because it does not forward broadcast traffic. You can remedy this situation by configuring the interface of the Firepower Threat Defense device that is receiving the broadcasts to forward DHCP requests to a DHCP server on another interface.
Procedure
Configure Dynamic DNSWhen an interface uses DHCP IP addressing, the assigned IP address can change when the DHCP lease is renewed. When the interface needs to be reachable using a fully qualified domain name (FQDN), the IP address change can cause the DNS server resource records (RRs) to become stale. Dynamic DNS (DDNS) provides a mechanism to update DNS RRs whenever the IP address or hostname changes. You can also use DDNS for static or PPPoE IP addressing. DDNS updates the following RRs on the DNS server: the A RR includes the name-to-IP address mapping, while the PTR RR maps addresses to names. The FTD supports the following DDNS update methods:
The DDNS page also supports setting DHCP server settings relating to DDNS.
Before you begin
Procedure
What Windows Server role allows a Windows server to act as a relay agent?A DHCP Relay Agent allows DHCP clients in a different network subnet to lease IP addresses from a DHCP server in a another network.
Which of the following commands can be used to enable the DHCP relay function on a router interface?dhcp select relay
By default, the DHCP relay function is disabled on an interface. When enabling the DHCP relay function on a sub-interface, run the arp broadcast enable command on the sub-interface to enable ARP broadcast.
Which command relays DHCP requests to a DHCP server?To rectify this, we can configure R1 to act as a DHCP relay agent and forward the request to the configured DHCP server. This is done by issuing the ip helper-address DHCP_SERVER_IP_ADDRESS command on its Gi0/0 interface. This command instructs the router to do the following: watch for DHCP messages on the interface.
Which command is used on a Cisco IOS router to enable the DHCP relay Agent feature on an interface?DETAILED STEPS. |