ASA防火墻上配置DHCP中繼

ASA防火墻上配置DHCP中繼

要求：R1作為DHCP server，在ASA防火墻上配置dhcp中繼，使得client端動態(tài)獲取地址

1、配置基本的IP地址，保證直連能通

R1(config)#int f0/0

R1(config-if)#ip add 12.1.1.1 255.255.255.0

R1(config-if)#no shut

ASA(config)#int g0

ASA(config-if)#nameif outside 將g0口命名為outside

INFO:Security level for "outside" set to 0 by default.

ASA(config-if)#security-level 100 將g0口的安全等級修改為100

ASA(config-if)#ip add 12.1.1.2 255.255.255.0

ASA(config-if)#no shut

ASA(config-if)#int g1

ASA(config-if)#nameif inside  將g1口命名為inside

INFO:Security level for "inside" set to 100 by default.

ASA(config-if)#ip add 10.1.1.1 255.255.255.0

ASA(config-if)#no shut

R2(config)#intf0/0

R2(config-if)#ip address dhcp  R2動態(tài)獲取地址

2、R1上配置DHCPserver

R1(config)#ip dhcp pool meng  R1上配置DHCP server，將地址池命名為meng

R1(dhcp-config)#network10.1.1.0 /24 讓R2在此地址段內(nèi)獲取地址

R1(dhcp-config)#default-router 10.1.1.1  默認(rèn)網(wǎng)關(guān)指為防火墻與client相連的地址

R1(dhcp-config)#lease 1 租期為1天

R1(config)#ip dhcp excluded-address10.1.1.1 讓R2從除網(wǎng)關(guān)地址之外的地址段中獲取

3、ASA防火墻上配置Dhcprelay

ASA(config)#dhcprelay server12.1.1.1 outside 配置DHCPrelay server，server地址為防火墻與DHCPserver相連的地址，接口為防火墻上與DHCP server相連的接口

ASA(config)#dhcprelay enableinside 啟用DHCPrelay，此接口與client相連的接口

此時(shí)，配置基本已完成，但由于R1沒有到10.1.1.0/24網(wǎng)段的，R2還獲取不到地址，所以要在R1上寫一條靜態(tài)

R1(config)#ip route 10.1.1.0 255.255.255.0 12.1.1.2

4、在R2上查看地址

R2# show ip int brife

Interface              IP-Address      OK? Method Status                Protocol

FastEthernet0/0        10.1.1.2        YES DHCP  獲取的地址為10.1.1.2   up                    up     

5、可以用clear ip dhcp binding * 清除綁定的IP地址和mac地址

6、查看dhcpserver收到的信息

R1#sho ip dhcp server statistics

Memoryusage         15448

Addresspools        1

Databaseagents      0

Automaticbindings   1

Manualbindings      0

Expiredbindings     0

Malformedmessages   0

Securearp entries   0

Renewmessages       0

Workspacetimeouts   0

Static routes        0

Relaybindings       0

Relaybindings active        0

Relaybindings terminated    0

Relaybindings selecting     0

Message              Received

BOOTREQUEST          0

DHCPDISCOVER         6  收到的discovery 報(bào)文數(shù)

DHCPREQUEST          2  收到的request報(bào)文數(shù)

DHCPDECLINE          0

DHCPRELEASE          0

DHCPINFORM           0

DHCPVENDOR           0

BOOTREPLY            0

DHCPOFFER            0

DHCPACK              0

DHCPNAK              0

Message              Sent

BOOTREPLY            0

DHCPOFFER            6  返回的offer報(bào)文數(shù)

DHCPACK              2  返回的ack報(bào)文

DHCPNAK              0

Message              Forwarded

BOOTREQUEST          0

DHCPDISCOVER         0

DHCPREQUEST          0

DHCPDECLINE          0

DHCPRELEASE          0

DHCPINFORM           0

DHCPVENDOR           0

BOOTREPLY            0

DHCPOFFER            0

DHCPACK              0

DHCPNAK              0

DHCP-DPMStatistics

Offernotifications sent        0

Offercallbacks received        0

Classnamerequests sent         0

Classnamecallbacks received    0

7、查看dhcpserver上IP地址與mac地址綁定

R1#sho ip dhcp binding

Bindingsfrom all pools not associated with VRF:

IPaddress      Client-ID/              Lease expiration        Type       State      Interface

                Hardware address/

                User name

10.1.1.1        0063.6973.636f.2d63.    Nov 22 2015 10:16 PM    Automatic Active     Unknown

                6130.322e.3031.3530.

                2e30.3030.302d.4661.

                302f.30