60-87
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 60 Router Device Administration
DHCP on Cisco IOS Routers
DHCP on Cisco IOS Routers
In Security Manager, certain security features, such as Easy VPN and 802.1x, require Dynamic Host
Configuration Protocol (DHCP) client/server configuration. DHCP is widely used in LAN environments
to dynamically assign host IP addresses from a centralized server, which significantly reduces the
overhead of administering IP addresses.
DHCP servers assign and manage IP addresses from specified address pools within a router to DHCP
clients. If the DHCP server cannot satisfy a DHCP request from its own database, it can forward the
request to one or more secondary DHCP servers defined by the network administrator.
Security Manager enables you to configure a Cisco IOS device as a DHCP server for clients (hosts) that
are connected to the device’s inside interface. When you configure a DHCP server, you use IP pools (a
range of IP addresses reserved for a DHCP server). The IP pools you select determine the range of IP
Bootstrap Configuration The source of the bootstrap configuration to provide to the petitioner
for first-time configuration:
Non-Security Manager URL—Used when the bootstrap
configuration is located externally to Security Manager. Enter its
location in the URL field.
If required, enter a username and password to access the server
containing the bootstrap configuration.
Security Manager URL—Used when Security Manager is
providing the bootstrap configuration. Enter information in the
following fields:
FlexConfig—The FlexConfig that contains the basic CLI
structure required to create the bootstrap configuration. Enter
the name of a FlexConfig object, or click Select to display a
selector.
After selecting the FlexConfig, you must enter a username and
password to access the Security Manager server that contains
the FlexConfig.
Device name formula—The formula required by Security
Manager to determine the device name of the petitioner from
the username that the introducer supplied.
Typically a fixed relationship exists between the username and
the device name, which enables a formula like this to be
established. The default formula is $n, which uses the
introducer name to determine the device name. The device
name is required to determine the configuration file that the
petitioner should receive.
If required, enter a username and password to access the server
containing the bootstrap configuration. The password can contain
alphanumeric characters, but cannot consist of a single digit.
Table60-37 Secure Device Provisioning Page (Continued)
Element Description