11-7
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter11 Configuring DHCP
Configuring DHCP Relay Services
Configuring DHCP Relay Services
A DHCP relay agent allows the ASA to forward DHCP requests from clients to a router connected to a
different interface.
The following restrictions apply to the use of the DHCP relay agent:
The relay agent cannot be enabled if the DHCP server feature is also enabled.
DHCP clients must be directly connected to the ASA and cannot send requests through another relay
agent or a router.
For multiple context mode, you cannot enable DHCP relay on an interface that is used by more than
one context.
DHCP Relay services are not available in transparent firewall mode. An ASA in transparent firewall
mode only allows ARP traffic through; all other traffic requires an access list. To allow DHCP
requests and replies through the ASA in transparent mode, you need to configure two access lists,
one that allows DCHP requests from the inside interface to the outside, and one that allows the
replies from the server in the other direction.
When DHCP relay is enabled and more than one DHCP relay server is defined, the ASA forwards
client requests to each defined DHCP relay server. Replies from the servers are also forwarded to
the client until the client DHCP relay binding is removed. The binding is removed when the ASA
receives any of the following DHCP messages: ACK, NACK, or decline.
Note You cannot enable DHCP Relay on an interface running DHCP Proxy. You must Remove VPN DHCP
configuration first or you will see an error message. This error happens if both DHCP relay and DHCP
proxy are enabled. Ensure that either DHCP relay or DHCP proxy are enabled, but not both.
To enable DHCP relay, perform the following steps:
Command Purpose
dhcpd option 3 ip router_ip1
Example:
hostname(config)# dhcpd option 3 ip
10.10.1.1
Sets the default route.
Command Purpose
Step1 dhcprelay server ip_address if_name
Example:
hostname(config)# dhcprelay server
201.168.200.4 outside
Set the IP address of a DHCP server on a different interface from
the DHCP client.
You can use this command up to ten times to identify up to ten
servers.
Step2 dhcprelay enable interface
Example:
hostname(config)# dhcprelay enable inside
Enables DHCP relay on the interface connected to the clients.