Archives for posts with tag: dhcp

This post will show you how to configure a DHCP scope on your Cisco device.

DHCP uses the transport layer protocol UDP. DHCP server uses port 67 and the client uses port 68. DHCP would fall into layer 7 application layer protocols.

Create your pools just like below and add any options in you require i’ve shown 2 different option types one is IP and one is ASCII. You can add as many options as you need.

ip dhcp pool vlan10
network 10.10.10.0 255.255.255.0
update dns both override
domain-name mydomain.com
dns-server 10.1.1.111 10.2.2.222
netbios-name-server 10.1.1.111 10.2.2.222
default-router 10.10.10.1
option 137 ascii http://myserver.com/update
option 150 ip 192.168.101.1
lease 3
!
ip dhcp pool vlan16
network 10.10.16.0 255.255.255.0
update dns both override
domain-name mydomain.com
dns-server 10.1.1.111 10.2.2.222
netbios-name-server 10.1.1.111 10.2.2.222
default-router 10.10.16.1
option 150 ip 192.168.101.1
option 137 ascii http://myserver.com/update
lease 3
!

To add static DHCP reservations you need to add the MAC address as below. Note they start with ’01’ and in dotted hexadecimal. The ’01’ means that its Ethernet media type.

ip dhcp pool static-user1
host 10.10.10.54 255.255.255.0
client-identifier 01bb.cccc.dddd.ff
!
ip dhcp pool staticuser2
host 10.10.16.53 255.255.255.0
client-identifier 01xx.yyyy.zzzz.aa

The above configuration would be added to your switch that contains your SVI’s.

Confirm your configuration by using these commands below.

show ip dhcp binding – This will show all assigned IP’s and MAC address.
show ip dhcp pool [pool name] – This will show information on number of IP’s leased.
show ip dhcp conflict – This will show any conflicts in your pools.
clear ip dhcp binding | conflict [x.x.x.x] | * – This will clear the pool of the address you specify or all in the case of *.

DHCP

RH

Setting up your ASA for guest wireless is easy, you only need the base licence to do this. First of all you need to know that a VLAN is associated to layer 2 of the OSI model, and when your clients connect to the Guest Wireless VLAN they will be able to route out the VLAN via the ASA firewall. So here’s your topology.

Capture1

I can hear you ask why there are 2 connections to the firewall well one is your inside corporate interface and the second is your guest wireless interface.

So you’ve already setup your AP either its an autonomous AP or you have this connected to your LAN controller, the reason you need to trunk your AP to the switch is so you can have multiple SSID’s each with its own VLAN assigned. One thing I would mention is make sure your switch has DTP turned off for unused ports, don’t think I need to explain that one do I?

ASA1(config)#interface vlan 3
ASA1(config-if)#nameif Guest
ASA1(config-if)#security-level 50
ASA1(config-if)#ip address 192.168.1.254 255.255.255.0
ASA1(config-if)#no forward interface vlan 1
ASA1(config-if)#exit
ASA1(config)#interface ethernet 0/2
ASA1(config-if)#switchport access vlan 3
ASA1(config-if)#exit

NAT Translation

ASA1(config)#global (outside) 1 interface
ASA1(config)#nat (Guest) 1 0.0.0.0 0.0.0.0

I usually assign DHCP address’ from the ASA when setting up guest wireless this way, but you can do it from the LAN controller or the AP itself. Here’s the config for the ASA

ASA1(config)#dhcpd address 192.168.1.x 192.168.1.x Guest_DHCP
ASA1(config)#dhcpd dns 8.8.8.8
ASA1(config)#dhcpd enable Guest_DHCP

That my friends is all there is to it, your ASA will already have the ACL in there that states “any to any less secure network” which means your guest wireless clients will be able to access the internet and the config line “no forward interface vlan 1″ prevents access to your inside corporate network.

“If you cant see it, it’s not there”

RH