Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Cisco asa dhcp services
1. Cisco ASA DHCP Services
Real World Application & Core Knowledge
Configuring DHCP Services on a Cisco ASA is not common however you may run into
this scenario when working with the remote office Cisco ASA 5505 series firewalls.
This type of configuration is commonly used at branch offices where no servers are
located at.
The Cisco ASA DHCP Daemon operates as a simple DHCP Server providing dynamic IP
Addresses, DNS and default gateway information and a domain name if configured.
You can get into advanced configurations by providing DHCP options.
The DHCP Daemon is configured on a per interface basis and you specify an address
range, not a subnet like you would on Cisco IOS. All of the DHCP services commands
start with dhcpd followed by the specific configuration.
To configure a DHCP Scope range, you would use the dhcpd address
x.x.x.x-y.y.y.yifName whereas x.x.x.x is the starting IP Address and y.y.y.y is the
ending IP Address and the interface name is specified last.
DNS
Servers
are
configured
in
the
same
fashion
using
the dhcpddnsx.x.x.xy.y.y.yifName command whereas x.x.x.x is the primary DNS and
y.y.y.y is the secondary DNS.
The gateway is automatically set to the interface address. Because of this, the ASA
DHCPD has a limited scope of functionality.
After completing the basic DHCP Daemon configuration, you must manually enable
the DHCP Daemon on the interface using the dhcpd enable ifName
Familiarize yourself with the following command(s);
Command
Description
dhcpd
address
x.x.x.x-y.y.y.yifName
This command is executed in global configuration mode to
create a DHCP Daemon scope whereas x.x.x.x is the starting IP
Address and y.y.y.y is the ending IP Address and the interface
name to which the scope belongs to.
dhcpddnsx.x.x.xy.y.y.yifName
This command is executed in global configuration mode to
create set scope DNS servers whereas x.x.x.x is the primary
DNS server and y.y.y.y is the secondary DNS Server and the
interface name to which the scope belongs to.
2. dhcpd enable ifName
This command is executed in global configuration mode
enables the DHCP Daemon on the specified interface.
The following logical topology shown below is used in labs found throughout
Section 9;
Lab Prerequisites
If you are using your own Cisco ASA then plug this device in and establish a
console session with the Firewall.
If you do not have a Cisco ASA, you can reserve lab time on the Stub Lab to
have access to a pair of Cisco ASA 5505 Firewalls.
If you have completed the previous labs in Section 9 you may continue where
you left off, if not than you can use the initial configuration for this lab
provided below.
!############################################
!#
Free CCNA Workbook.com
#
!#
CCNA Security Workbook Lab 9-5
#
!############################################
!
enable
config term
!
hostname FW1
!
interface Ethernet0/0
description OUTSIDE PHY INTERFACE
no shut
!
interface Ethernet0/1
description INSIDE PHY INTERFACE
switchport access vlan 2
no shut
3. !
interface Ethernet0/2
description DMZ PHY INTERFACE
switchport access vlan 3
no shut
!
interface Vlan1
nameif OUTSIDE
security-level 0
ip address 198.51.100.37 255.255.255.252
no shut
!
interface Vlan2
nameif INSIDE
security-level 100
ip address 10.1.0.1 255.255.255.0
no shut
!
interface Vlan3
nameif DMZ
security-level 50
ip address 10.10.1.1 255.255.255.0
no shut
!
banner login ####################################
banner login # UNAUTHORIZED ACCESS PROHIBITED #
banner login ####################################
!
bannermotd #####################################################
bannermotd # CONTACT JOHN PRIOR TO MAKING ANY CONFIG CHANGES #
bannermotd #####################################################
!
usernamejdoe password 2ck/B41DqLmwNyy8 encrypted privilege 15
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
!
aaa authentication serial console LOCAL
!
route OUTSIDE 0.0.0.0 0.0.0.0 198.51.100.38
!
End
Lab Objectives
On FW1 configure a DHCP Scope of 10.1.0.10 – 10.1.0.50 on the INSIDE
4. Interface.
On FW1 configure the DHCP Scope attached to the INSIDE interface to use the
DNS Servers of 10.10.10.10 and 10.20.10.10
Verify that DHCP Services is operational by configuring R1′ s FastEthernet0/0
interface as a DHCP client and that it is receiving a default gateway.
Lab Instruction
Objective1.–On FW1 configure a DHCP Scope of 10.1.0.10 – 10.1.0.50 on the INSIDE
Interface.
####################################
# UNAUTHORIZED ACCESS PROHIBITED #
####################################
Username: cisco
Password: *****
#####################################################
# CONTACT JOHN PRIOR TO MAKING ANY CONFIG CHANGES #
#####################################################
Type help or '?' for a list of available commands.
FW1>en
Password: *****
FW1# config term
FW1(config)# dhcpd address 10.1.0.10-10.1.0.50 INSIDE
Objective2.–On FW1 configure the DHCP Scope attached to the INSIDE interface to
use the DNS Servers of 10.10.10.10 and 10.20.10.10 and enable the DHCP Daemon
on the INSIDE interface.
FW1(config)# dhcpddns 10.10.10.10 10.20.10.10 interface INSIDE
FW1(config)# dhcpd enable INSIDE
FW1(config)# end
FW1#
Objective3.–Verify that DHCP Services is operational by configuring R1′ s
FastEthernet0/0 interface as a DHCP client and that it is receiving a default gateway.
R1>enable
R1#config term
Enter configuration commands, one per line.
End with CNTL/Z.
5. R1(config)#nt FastEthernet0/0
R1(config-if)#ip add dhcp
R1(config-if)#end
R1#
%DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned DHCP
address 10.1.0.10, mask 255.255.255.0, hostname R1
R1#
R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 10.1.0.1 to network 0.0.0.0
S*
0.0.0.0/0 [1/0] via 10.1.0.1
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C
10.1.0.0/24 is directly connected, FastEthernet0/0
6. L
10.1.0.10/32 is directly connected, FastEthernet0/0
C
10.1.1.0/24 is directly connected, Loopback0
L
10.1.1.1/32 is directly connected, Loopback0
R1#
More Cisco Exam Tips and Tutorials:
How to Configure DHCP Snooping?
How to Use OSPF Point-to-Multi-Point on Ethernet?
DHCP Relay on the Nexus7000/NXOS Vs. IP Helper on the 6500/IoS
How to Troubleshoot and Verifying OSPF Configuration?
EIGRP on a Cisco ASA Firewall Configuration
More Articles you can read at:
http://blog.router-switch.com/category/cisco-certification/