DHCP Services

Having already studied the static and PPPoE methods of addressing, now look at the services provided by the classic DHCP Protocol. Figure 3-11 portrays a sample topology for the study of DHCP Server and Client functionalities. Example 3-33 shows an IOS router configured as DHCP server while ASA acts as a client (on its outside interface). The address assigned to ASA in this case is

Example 3-34 also relates to the topology of Figure 3-11 and teaches how to enable the DHCP server function on ASA. The dhcpd auto_config option enables ASA to forward the parameters it receives on a given interface (as client) to another interface where it works as a server. The show running-config dhcpd command displays the configuration related to the DHCP daemon on ASA. (Notice that the auto_config attributes are shown on the running-config.) This example includes the summary information for DHCP services enabled on ASA and the lease information visible on an IOS client.

Figure 3-11

Figure 3-11 Reference Topology for DHCP Server and DHCP Client

Example 3-33. IOS as DHCP Server and ASA as DHCP Client

! Router "OUT" acts as DHCP Server for subnet
interface FastEthernet4.200
 encapsulation dot1Q 200
 ip address
ip dhcp excluded-address
ip dhcp excluded-address
ip dhcp pool OUT1
   domain-name outside.net
! ASA configured as a DHCP client on interface outside
ASA5505(config)# interface vlan 200
ASA5505(config-if)# ip address dhcp setroute
%ASA-6-302015: Built outbound UDP connection 46 for outside: ( to identity: (
%ASA-6-604101: DHCP client interface outside: Allocated ip =, mask =, gw =
%ASA-6-302016: Teardown UDP connection 46 for outside: to identity: duration 0:02:03 bytes 1096
! The DHCP-learned default route becomes visible on ASA's routing table
ASA5505# show route outside | begin Gateway

Gateway of last resort is to network
C is directly connected, outside
d* [1/0] via, outside
ASA5505# show interface ip brief | include DHCP|Method
Interface                  IP-Address      OK? Method Status                Protocol
Vlan200             YES DHCP   up                    up
! Viewing information about the DCHP Server function
OUT# show dhcp server
   DHCP server: ANY (
    Leases:   2
    Offers:   1      Requests: 1     Acks : 1     Naks: 0
    Declines: 0      Releases: 3     Query: 0     Bad: 0
    DNS0:,   DNS1:
    Subnet:   DNS Domain: outside.net

Example 3-34. ASA as DHCP Server and IOS as DHCP Client

! Displaying dhcpd configuration on ASA
ASA5505# show running-config dhcpd

dhcpd auto_config outside

   **auto-config from interface 'outside'

   **auto_config dns

   **auto_config domain outside.net
dhcpd address dmz
dhcpd enable dmz
! Summary information about DHCP Services enabled on ASA
ASA5505# show dhcpd state
Context  Configured as DHCP Server
Interface mgmt, Not Configured for DHCP
Interface dmz, Configured for DHCP SERVER

   Interface outside, Configured for DHCP CLIENT
! Displaying information about the DHCP lease on the IOS client
DMZ# show dhcp lease

   Temp IP addr:  for peer on Interface: FastEthernet4.201
Temp  sub net mask:
   DHCP Lease server:, state: 5 Bound
   DHCP transaction id: 1E88
   Lease: 3600 secs,  Renewal: 1800 secs,  Rebind: 3150 secs
Temp default-gateway addr:
   Next timer fires after: 00:17:52
   Retry count: 0   Client-ID: cisco-0014.f2e3.7df6-Fa4.201
   Client-ID hex dump: 636973636F2D303031342E663265332E
   Hostname: DMZ
! The default route learned through DHCP is visible on the IOS routing table
DMZ# show ip route | begin Gateway

Gateway of last resort is to network is subnetted, 1 subnets
C is directly connected, FastEthernet4.201
S* [254/0] via

Figure 3-12 represents a sample topology used for the investigation of the DHCP Relay feature. When acting as a DHCP Relay, a Layer 3 device (a router or a network firewall, for instance) converts broadcast packets from clients into unicast packets destined to a DHCP server located on a different subnet. The Relay receives replies from the servers and forwards them back to the originating client.

Figure 3-12

Figure 3-12 Reference Topology for Analysis of DHCP Relay Operation

Example 3-35 refers to the internetwork of Figure 3-12, where ASA relays DHCP packets from clients that reside on interface dmz (subnet to the server, reachable through the outside interface. It is interesting that there is a pool configured on the server (OUT router) that offers addresses belonging to the subnet. (In the example, the DMZ router receives the address

Example 3-35. ASA Acting as a DHCP Relay Between Two IOS Devices

! ASA acts as a DHCP Relay that points to server
ASA5505# show running-config dhcprelay
dhcprelay server outside
dhcprelay enable dmz
dhcprelay setroute dmz
dhcprelay timeout 60
! Enabling the DHCP Client on IOS
DMZ(config)# interface f4.201
DMZ(config-subif)#ip address dhcp
DHCP: DHCP client process started: 10
RAC: Starting DHCP discover on FastEthernet4.201
DHCP: Try 1 to acquire address for FastEthernet4.201
[ output suppressed]
                B'cast on FastEthernet4.201 interface from
DHCP: Received a BOOTREP pkt
DHCP: offer received from   

[ output suppressed]
Allocated IP address =
%DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet4.201 assigned DHCP address, mask, hostname DMZ
DHCP Client Pooling: ***Allocated IP address:
! Viewing the IP Addresses obtained through DHCP
DMZ# show ip interface brief | include DHCP|Method
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet4.201   YES DHCP   up                    up
! DHCP Relay messages on ASA
DHCPD: Relay msg received, fip=ANY, fport=0 on dmz interface
DHCPD: setting giaddr to
dhcpd_forward_request: request from 0063.6973.636f.2d30.3031.342e.6632.6533.2e37.6466.362d.4661.342e.3230.31 forwarded to
DHCPD/RA: Punt—> to CP
DHCPD: Relay msg received, fip=ANY, fport=0 on outside interface
DHCPRA: forwarding reply to client 0063.6973.636f.2d30.3031.342e.6632.6533.2e37.6466.362d.4661.342e.3230.31.
DHCPD: Relay msg received, fip=ANY, fport=0 on dmz interface
DHCPD: setting giaddr to
! Summary information about DHCP Relay function on ASA
ASA5505# show dhcprelay state
Context  Configured as DHCP Relay
Interface mgmt, Not Configured for DHCP
Interface dmz, Configured for DHCP RELAY SERVER

Interface outside, Configured for DHCP RELAY