ASA防火墙上配置DHCP中继

wKiom1ZRUkjTPiG3AAAoD98qMBk771.png


ASA防火墙上配置DHCP中继

要求:R1作为DHCP server,在ASA防火墙上配置dhcp中继,使得client端动态获取地址

1、配置基本的IP地址,保证直连能通

R1(config)#int f0/0

R1(config-if)#ip add 12.1.1.1 255.255.255.0

R1(config-if)#no shut

 

ASA(config)#int g0

ASA(config-if)#nameif outside g0口命名为outside

INFO:Security level for "outside" set to 0 by default.

ASA(config-if)#security-level 100 g0口的安全等级修改为100

ASA(config-if)#ip add 12.1.1.2 255.255.255.0

ASA(config-if)#no shut

ASA(config-if)#int g1

ASA(config-if)#nameif inside  g1口命名为inside

INFO:Security level for "inside" set to 100 by default.

ASA(config-if)#ip add 10.1.1.1 255.255.255.0

ASA(config-if)#no shut

 

R2(config)#intf0/0

R2(config-if)#ip address dhcp  R2动态获取地址

 

2R1上配置DHCPserver

R1(config)#ip dhcp pool meng  R1上配置DHCP server,将地址池命名为meng

R1(dhcp-config)#network10.1.1.0 /24 让R2在此地址段内获取地址

R1(dhcp-config)#default-router 10.1.1.1  默认网关指为防火墙与client相连的地址

R1(dhcp-config)#lease 1 租期为1

R1(config)#ip dhcp excluded-address10.1.1.1 R2从除网关地址之外的地址段中获取

3ASA防火墙上配置Dhcprelay

ASA(config)#dhcprelay server12.1.1.1 outside 配置DHCPrelay serverserver地址为防火墙与DHCPserver相连的地址,接口为防火墙上与DHCP server相连的接口

ASA(config)#dhcprelay enableinside 启用DHCPrelay,此接口与client相连的接口


此时,配置基本已完成,但由于R1没有到10.1.1.0/24网段的,R2还获取不到地址,所以要在R1上写一条静态

R1(config)#ip route 10.1.1.0 255.255.255.0 12.1.1.2

4、在R2上查看地址

R2# show ip int brife

Interface              IP-Address      OK? Method Status                Protocol

FastEthernet0/0        10.1.1.2        YES DHCP  获取的地址为10.1.1.2   up                    up     

5、可以用clear ip dhcp binding * 清除绑定的IP地址和mac地址

6、查看dhcpserver收到的信息

R1#sho ip dhcp server statistics

Memoryusage         15448

Addresspools        1

Databaseagents      0

Automaticbindings   1

Manualbindings      0

Expiredbindings     0

Malformedmessages   0

Securearp entries   0

Renewmessages       0

Workspacetimeouts   0

Static routes        0

Relaybindings       0

Relaybindings active        0

Relaybindings terminated    0

Relaybindings selecting     0

 

Message              Received

BOOTREQUEST          0

DHCPDISCOVER         6  收到的discovery 报文数

DHCPREQUEST          2  收到的request报文数

DHCPDECLINE          0

DHCPRELEASE          0

DHCPINFORM           0

DHCPVENDOR           0

BOOTREPLY            0

DHCPOFFER            0

DHCPACK              0

DHCPNAK              0

 

Message              Sent

BOOTREPLY            0

DHCPOFFER            6  返回的offer报文数

DHCPACK              2  返回的ack报文

DHCPNAK              0

 

Message              Forwarded

BOOTREQUEST          0

DHCPDISCOVER         0

DHCPREQUEST          0

DHCPDECLINE          0

DHCPRELEASE          0

DHCPINFORM           0

DHCPVENDOR           0

BOOTREPLY            0

DHCPOFFER            0

DHCPACK              0

DHCPNAK              0

 

DHCP-DPMStatistics

Offernotifications sent        0

Offercallbacks received        0

Classnamerequests sent         0

Classnamecallbacks received    0

7、查看dhcpserverIP地址与mac地址绑定

R1#sho ip dhcp binding

Bindingsfrom all pools not associated with VRF:

IPaddress      Client-ID/              Lease expiration        Type       State      Interface

                Hardware address/

                User name

10.1.1.1        0063.6973.636f.2d63.    Nov 22 2015 10:16 PM    Automatic Active     Unknown

                6130.322e.3031.3530.

                2e30.3030.302d.4661.

                302f.30


你可能感兴趣的:(防火墙)