Using the PIX Firewall DHCP Client

아래와 같은 구성일때 Pix Outside 쪽 interface가 Dhcp로 동작 하기 때문에 pix interface 에 직접 ip를 설정 할 수가 없어요.
그래서 cisco.com site를 뒤적 거리다 찾아낸 PIX Firewall을 DHCP Client로 사용하기 예요.

Outside 쪽에 dhcp 를 연결 하고 pix 방화벽을 두고 Inside 쪽에서는 방화벽으로 보호된 internet을 사용한다 뭐 이런 개념이죠.

 

사용자 삽입 이미지


설정은 생각보다 너무 간단했어요. >ㅁ<

Configuring the DHCP Client
To enable the DHCP client feature on a given PIX Firewall interface and set the default route via the DHCP server, enter the following command:

아래와 같이 config mode에서 outside쪽에 dhcp 명령어를 넣어 주면 된답니다.

ip address outside dhcp [setroute] [retry retry_cnt]

setroute 옵션은 default route 가 없을때 default route를 생성해 준답니다.

아래 명령어들은 DHCP client debugging 을 위해 제공 된답니다.
•debug dhcpc packet
•debug dhcpc detail
•debug dhcpc error

Outside interface 쪽에 케이블을 연결 할때와 분리할때 debug dhcp packet 결과를 한 번 캡쳐해 봤어요.

Cable을 연결 했을 때
pixfirewall# debug dhcpc packet
DHCP: allocate request
DHCP: new entry. add to queue
DHCP: SDiscover attempt # 1 for entry:
DHCP: SDiscover: sending 278 byte length DHCP packet
DHCP: SDiscover 278 bytes
DHCP Broadcast to 255.255.255.255 from 0.0.0.0dhcpc_discover_pkt: proto = 0x1, lp = 0x2b66
dhcpc_discover_pkt: proto = 0x1, lp = 0x2b66
dhcpc_discover_pkt: proto = 0x11, lp = 0x44

DHCP client msg received, fip=10.10.10.4, fport=67
DHCP: Received a BOOTREP pkt
DHCP: offer received from 10.10.11.101
DHCP: SRequest attempt # 1 for entry:
DHCP: SRequest- Server ID option: 10.10.11.101
DHCP: SRequest- Requested IP addr option: 10.10.10.95
DHCP: SRequest placed lease len option: 43200
DHCP: SRequest: 296 bytes
DHCP Broadcast to 255.255.255.255 from 0.0.0.0dhcpc_discover_pkt: proto = 0x11, lp = 0x44
dhcpc_discover_pkt: proto = 0x11, lp = 0x44
dhcpc_discover_pkt: proto = 0x11, lp = 0x44

DHCP client msg received, fip=10.10.10.3, fport=67
DHCP: Received a BOOTREP pkt
DHCP: offer received from 10.10.11.101
DHCP: offer received in bad state: Requesting  punt
DHCP client msg received, fip=10.10.10.4, fport=67
DHCP: Received a BOOTREP pkt
DHCP Proxy Client Pooling: ***Allocated IP address: 10.10.10.95
DHCP client msg received, fip=10.10.10.3, fport=67
DHCP: Received a BOOTREP pkt
DHCP: rcv ack in Bound state: punt
DHCP: allocate request
Allocated IP address = 10.10.10.95,  netmask = 255.255.255.0, gateway = 10.10.10.1

DHCP client msg received, fip=10.10.10.3, fport=67
DHCP: Received a BOOTREP pkt Not for us..:  xid: 0xE6A9F1C3
DHCP client msg received, fip=10.10.10.4, fport=67
DHCP: Received a BOOTREP pkt Not for us..:  xid: 0xE6A9F1C3


 

Cable을 제거 했을때
DHCP: deleting entry 10194f4 10.10.10.95 from list
Temp IP addr: 10.10.10.95  for peer on Interface: outside
Temp  sub net mask: 255.255.255.0
   DHCP Lease server: 10.10.11.101, state: 3 Bound
   DHCP transaction id: 0x65453
   Lease: 43200 secs,  Renewal: 21600 secs,  Rebind: 37800 secs
   Temp default-gateway addr: 10.10.10.1
   Next timer fires after: 21550 seconds
   Retry count: 0   Client-ID: cisco-0000.0000.0000-outside

+
참고 page
Using PIX Firewall in SOHO Networks

+ Recent posts