Configure an Interface as a DHCP Server
The prerequisites for this task are:
- Configure a Layer 3 Ethernet or Layer 3 VLAN interface.
- Assign the interface to a virtual router and a zone.
- Determine a valid pool of IP addresses from your network plan that you can designate to be assigned by your DHCP server to clients.
- Collect the DHCP options, values, and Vendor Class Identifiers you plan to configure.
Capacities are as follows:
- For firewall models other than PA-5200 Series and PA-7000 Series firewalls, see the Product Selection tool.
- On PA-5220 firewalls, you can configure a maximum of 500 DHCP servers and a maximum of 2,048 DHCP relay agents minus the number of DHCP servers configured. For example, if you configure 500 DHCP servers, you can configure 1,548 DHCP relay agents.
- On PA-5250, PA-5260, and PA-7000 Series firewalls, you can configure a maximum of 500 DHCP servers, and a maximum of 4,096 DHCP relay agents minus the number of DHCP servers configured. For example, if you configure 500 DHCP servers, you can configure 3,596 DHCP relay agents.
Perform the following task to configure an interface on the firewall to act as a DHCP server.
- Select an interface to be a DHCP Server.
- SelectandNetworkDHCPDHCP ServerAddanInterfacename or select one.
- ForMode, selectenabledorautomode. Auto mode enables the server and disables it if another DHCP server is detected on the network. Thedisabledsetting disables the server.
- (Optional) SelectPing IP when allocating new IPif you want the server to ping the IP address before it assigns that address to its client.If the ping receives a response, that means a different device already has that address, so it is not available. The server assigns the next address from the pool instead. This behavior is similar to Optimistic Duplicate Address Detection (DAD)forIPv6,RFC 4429.After you set options and return to the DHCP server tab, theProbe IPcolumn for the interface indicates ifPing IP when allocating new IPwas selected.
- Configure the predefined DHCP Options that the server sends to its clients.
- In the Options section, select aLeasetype:
- Unlimitedcauses the server to dynamically choose IP addresses from theIP Poolsand assign them permanently to clients.
- Timeoutdetermines how long the lease will last. Enter the number ofDaysandHours, and optionally the number ofMinutes.
Specifying an inheritance source allows the firewall to quickly add DHCP options from the upstream server received by the DHCP client. It also keeps the client options updated if the source changes an option. For example, if the source replaces its NTP server (which had been identified as thePrimary NTPserver), the client will automatically inherit the new address as itsPrimary NTPserver.When inheriting DHCP option(s) that contain multiple IP addresses, the firewall uses only the first IP address contained in the option to conserve cache memory. If you require multiple IP addresses for a single option, configure the DHCP options directly on that firewall rather than configure inheritance.
- Inheritance Source—LeaveNoneor select a source DHCP client interface or PPPoE client interface to propagate various server settings into the DHCP server. If you specify anInheritance Source, select one or more options below that you wantinheritedfrom this source.
For the following fields, click the down arrow and selectNone, orinherited, or enter a remote server’s IP address that your DHCP server will send to clients for accessing that service. If you selectinherited, the DHCP server inherits the values from the source DHCP client specified as theInheritance Source.
- Check inheritance source status—If you selected anInheritance Source, clicking this link opens theDynamic IP Interface Statuswindow, which displays the options that were inherited from the DHCP client.
- Gateway—IP address of the network gateway (an interface on the firewall) that is used to reach any device not on the same LAN as this DHCP server.
- Subnet Mask—Network mask used with the addresses in theIP Pools.
- Primary DNS,Secondary DNS—IP address of the preferred and alternate Domain Name System (DNS) servers.
- Primary WINS,Secondary WINS—IP address of the preferred and alternate Windows Internet Naming Service (WINS) servers.
- Primary NIS,Secondary NIS—IP address of the preferred and alternate Network Information Service (NIS) servers.
- Primary NTP,Secondary NTP—IP address of the available Network Time Protocol servers.
- POP3 Server—IP address of Post Office Protocol (POP3) server.
- SMTP Server—IP address of a Simple Mail Transfer Protocol (SMTP) server.
- DNS Suffix—Suffix for the client to use locally when an unqualified hostname is entered that it cannot resolve.
- (Optional) Configure a vendor-specific or custom DHCP option that the DHCP server sends to its clients.
- In the Custom DHCP Options section,Adda descriptiveNameto identify the DHCP option.
- Enter theOption Codeyou want to configure the server to offer (range is 1-254). (See RFC 2132 for option codes.)
- If theOption Codeis43, theVendor Class Identifierfield appears. Enter a VCI, which is a string or hexadecimal value (with 0x prefix) used as a match against a value that comes from the client Request containing option 60. The server looks up the incoming VCI in its table, finds it, and returns Option 43 and the corresponding option value.
- Inherit from DHCP server inheritance source—Select it only if you specified anInheritance Sourcefor the DHCP Server predefined options and you want the vendor-specific and custom options also to beinheritedfrom this source.
- Check inheritance source status—If you selected anInheritance Source, clicking this link opensDynamic IP Interface Status, which displays the options that were inherited from the DHCP client.
- If you did not selectInherit from DHCP server inheritance source, select anOption Type:IP Address,ASCII, orHexadecimal. Hexadecimal values must start with the 0x prefix.
- Enter theOption Valueyou want the DHCP server to offer for thatOption Code. You can enter multiple values on separate lines.
- (Optional) Add another vendor-specific or custom DHCP option.
- Repeat the prior step to enter another custom DHCP Option.
- You can enter multiple option values for anOption Codewith the sameOption Name, but all values for anOption Codemust be the same type (IP Address,ASCII, orHexadecimal). If one type is inherited or entered and a different type is entered for the sameOption Codeand the sameOption Name, the second type will overwrite the first type.When entering multiple values for an option, enter the values in the order of preference, or else move the Custom DHCP Options to achieve the preferred order in the list. Select an option and clickMove UporMove Down.
- You can enter anOption Codemore than once by using a differentOption Name. In this case, theOption Typefor the Option Code can differ among the multiple option names.
- Identify the stateful pool of IP addresses from which the DHCP server chooses an address and assigns it to a DHCP client.If you are not the network administrator for your network, ask the network administrator for a valid pool of IP addresses from the network plan that can be designated to be assigned by your DHCP server.
- In theIP Poolsfield,Addthe range of IP addresses from which this server assigns an address to a client. Enter an IP subnet and subnet mask (for example, 192.168.1.0/24) or a range of IP addresses (for example, 192.168.1.10-192.168.1.20).
- An IP Pool or aReserved Addressis mandatory for dynamic IP address assignment.
- An IP Pool is optional for static IP address assignment as long as the static IP addresses that you assign fall into the subnet that the firewall interface services.
- (Optional) Repeat this step to specify another IP address pool.
- (Optional) Specify an IP address from the IP pools that will not be assigned dynamically. If you also specify aMAC Address, theReserved Addressis assigned to that device when the device requests an IP address through DHCP.
- In theReserved Addressfield, clickAdd.
- Enter an IP address from theIP Pools(formatx.x.x.x) that you do not want to be assigned dynamically by the DHCP server.
- (Optional) Specify theMAC Address(formatxx:xx:xx:xx:xx:xx) of the device to which you want to permanently assign the IP address you just specified.
- (Optional) Repeat the prior two steps to reserve another address.
- Commit your changes.ClickOKandCommit.
Recommended For You
Recommended videos not found.