Configure an Interface as a DHCP Server

The prerequisites for this task are:
  • Configure a Layer 3 Ethernet or Layer 3 VLAN interface.
  • Assign the interface to a virtual router and a zone.
  • Determine a valid pool of IP addresses from your network plan that you can designate to be assigned by your DHCP server to clients.
  • Collect the DHCP options, values, and Vendor Class Identifiers you plan to configure.
Capacities are as follows:
  • You can configure a combined total of 500 DHCP servers (IPv4) and DHCP relay agents (IPv4 and IPv6) on all firewall models except for PA-5200 Series and PA-7000 Series firewalls
  • On PA-5220 firewalls, you can configure a maximum of 500 DHCP servers and a maximum of 2,048 DHCP relay agents minus the number of DHCP servers configured. For example, if you configure 500 DHCP servers, you can configure 1,548 DHCP relay agents.
  • On PA-5250, PA-5260, and PA-7000 Series firewalls, you can configure a maximum of 500 DHCP servers, and a maximum of 4,096 DHCP relay agents minus the number of DHCP servers configured. For example, if you configure 500 DHCP servers, you can configure 3,596 DHCP relay agents.
Perform the following task to configure an interface on the firewall to act as a DHCP server.
  1. Select an interface to be a DHCP Server.
    1. Select
      Network
      DHCP
      DHCP Server
      and
      Add
      an
      Interface
      name or select one.
    2. For
      Mode
      , select
      enabled
      or
      auto
      mode. Auto mode enables the server and disables it if another DHCP server is detected on the network. The
      disabled
      setting disables the server.
    3. (
      Optional
      ) Select
      Ping IP when allocating new IP
      if you want the server to ping the IP address before it assigns that address to its client.
      If the ping receives a response, that means a different device already has that address, so it is not available. The server assigns the next address from the pool instead. This behavior is similar to Optimistic Duplicate Address Detection (DAD)forIPv6,RFC 4429.
      After you set options and return to the DHCP server tab, the
      Probe IP
      column for the interface indicates if
      Ping IP when allocating new IP
      was selected.
  2. Configure the predefined DHCP Options that the server sends to its clients.
    • In the Options section, select a
      Lease
      type:
    • Unlimited
      causes the server to dynamically choose IP addresses from the
      IP Pools
      and assign them permanently to clients.
    • Timeout
      determines how long the lease will last. Enter the number of
      Days
      and
      Hours
      , and optionally the number of
      Minutes
      .
    • Inheritance Source
      —Leave
      None
      or select a source DHCP client interface or PPPoE client interface to propagate various server settings into the DHCP server. If you specify an
      Inheritance Source
      , select one or more options below that you want
      inherited
      from this source.
    Specifying an inheritance source allows the firewall to quickly add DHCP options from the upstream server received by the DHCP client. It also keeps the client options updated if the source changes an option. For example, if the source replaces its NTP server (which had been identified as the
    Primary NTP
    server), the client will automatically inherit the new address as its
    Primary NTP
    server.
    When inheriting DHCP option(s) that contain multiple IP addresses, the firewall uses only the first IP address contained in the option to conserve cache memory. If you require multiple IP addresses for a single option, configure the DHCP options directly on that firewall rather than configure inheritance.
    • Check inheritance source status
      —If you selected an
      Inheritance Source
      , clicking this link opens the
      Dynamic IP Interface Status
      window, which displays the options that were inherited from the DHCP client.
    • Gateway
      —IP address of the network gateway (an interface on the firewall) that is used to reach any device not on the same LAN as this DHCP server.
    • Subnet Mask
      —Network mask used with the addresses in the
      IP Pools
      .
    For the following fields, click the down arrow and select
    None
    , or
    inherited
    , or enter a remote server’s IP address that your DHCP server will send to clients for accessing that service. If you select
    inherited
    , the DHCP server inherits the values from the source DHCP client specified as the
    Inheritance Source
    .
    • Primary DNS
      ,
      Secondary DNS
      —IP address of the preferred and alternate Domain Name System (DNS) servers.
    • Primary WINS
      ,
      Secondary WINS
      —IP address of the preferred and alternate Windows Internet Naming Service (WINS) servers.
    • Primary NIS
      ,
      Secondary NIS
      —IP address of the preferred and alternate Network Information Service (NIS) servers.
    • Primary NTP
      ,
      Secondary NTP
      —IP address of the available Network Time Protocol servers.
    • POP3 Server
      —IP address of Post Office Protocol (POP3) server.
    • SMTP Server
      —IP address of a Simple Mail Transfer Protocol (SMTP) server.
    • DNS Suffix
      —Suffix for the client to use locally when an unqualified hostname is entered that it cannot resolve.
  3. (
    Optional
    ) Configure a vendor-specific or custom DHCP option that the DHCP server sends to its clients.
    1. In the Custom DHCP Options section,
      Add
      a descriptive
      Name
      to identify the DHCP option.
    2. Enter the
      Option Code
      you want to configure the server to offer (range is 1-254). (See RFC 2132 for option codes.)
    3. If the
      Option Code
      is
      43
      , the
      Vendor Class Identifier
      field appears. Enter a VCI, which is a string or hexadecimal value (with 0x prefix) used as a match against a value that comes from the client Request containing option 60. The server looks up the incoming VCI in its table, finds it, and returns Option 43 and the corresponding option value.
    4. Inherit from DHCP server inheritance source
      —Select it only if you specified an
      Inheritance Source
      for the DHCP Server predefined options and you want the vendor-specific and custom options also to be
      inherited
      from this source.
    5. Check inheritance source status
      —If you selected an
      Inheritance Source
      , clicking this link opens
      Dynamic IP Interface Status
      , which displays the options that were inherited from the DHCP client.
    6. If you did not select
      Inherit from DHCP server inheritance source
      , select an
      Option Type
      :
      IP Address
      ,
      ASCII
      , or
      Hexadecimal
      . Hexadecimal values must start with the 0x prefix.
    7. Enter the
      Option Value
      you want the DHCP server to offer for that
      Option Code
      . You can enter multiple values on separate lines.
    8. Click
      OK
      .
  4. (
    Optional
    ) Add another vendor-specific or custom DHCP option.
    1. Repeat the prior step to enter another custom DHCP Option.
      • You can enter multiple option values for an
        Option Code
        with the same
        Option Name
        , but all values for an
        Option Code
        must be the same type (
        IP Address
        ,
        ASCII
        , or
        Hexadecimal
        ). If one type is inherited or entered and a different type is entered for the same
        Option Code
        and the same
        Option Name
        , the second type will overwrite the first type.
        When entering multiple values for an option, enter the values in the order of preference, or else move the Custom DHCP Options to achieve the preferred order in the list. Select an option and click
        Move Up
        or
        Move Down
        .
      • You can enter an
        Option Code
        more than once by using a different
        Option Name
        . In this case, the
        Option Type
        for the Option Code can differ among the multiple option names.
    2. Click
      OK
      .
  5. Identify the stateful pool of IP addresses from which the DHCP server chooses an address and assigns it to a DHCP client.
    If you are not the network administrator for your network, ask the network administrator for a valid pool of IP addresses from the network plan that can be designated to be assigned by your DHCP server.
    1. In the
      IP Pools
      field,
      Add
      the range of IP addresses from which this server assigns an address to a client. Enter an IP subnet and subnet mask (for example, 192.168.1.0/24) or a range of IP addresses (for example, 192.168.1.10-192.168.1.20).
      • An IP Pool or a
        Reserved Address
        is mandatory for dynamic IP address assignment.
      • An IP Pool is optional for static IP address assignment as long as the static IP addresses that you assign fall into the subnet that the firewall interface services.
    2. (
      Optional
      ) Repeat this step to specify another IP address pool.
  6. (
    Optional
    ) Specify an IP address from the IP pools that will not be assigned dynamically. If you also specify a
    MAC Address
    , the
    Reserved Address
    is assigned to that device when the device requests an IP address through DHCP.
    See the DHCP Addressing section for an explanation of allocation of a
    Reserved Address
    .
    1. In the
      Reserved Address
      field, click
      Add
      .
    2. Enter an IP address from the
      IP Pools
      (format
      x.x.x.x
      ) that you do not want to be assigned dynamically by the DHCP server.
    3. (
      Optional
      ) Specify the
      MAC Address
      (format
      xx:xx:xx:xx:xx:xx
      ) of the device to which you want to permanently assign the IP address you just specified.
    4. (
      Optional
      ) Repeat the prior two steps to reserve another address.
  7. Commit your changes.
    Click
    OK
    and
    Commit
    .

Related Documentation