ASA防火墙上配置DHCP中继



ASA防火墙上配置DHCP中继要求:R1作为DHCP server,在ASA防火墙上配置dhcp中继,使得client端动态获取地址1、配置基本的IP地址,保证直连能通R1(config)#int f0/0R1(config-if)#ip add 12.1.1.1 255.255.255.0R1(config-if)#no shutASA(config)#int g0ASA(config-if)#nameif outsideg0口命名为outsideINFO:Security level for “outside” set to 0 by default.ASA(config-if)#security-level 100g0口的安全等级修改为100ASA(config-if)#ip add 12.1.1.2 255.255.255.0ASA(config-if)#no shutASA(config-if)#int g1ASA(config-if)#nameif inside g1口命名为insideINFO:Security level for “inside” set to 100 by default.ASA(config-if)#ip add 10.1.1.1 255.255.255.0ASA(config-if)#no shutR2(config)#intf0/0R2(config-if)#ip address dhcp R2动态获取地址2R1上配置DHCPserverR1(config)#ip dhcp pool meng R1上配置DHCP server,将地址池命名为mengR1(dhcp-config)#network10.1.1.0 /24 让R2在此地址段内获取地址R1(dhcp-config)#default-router 10.1.1.1 默认网关指为防火墙与client相连的地址R1(dhcp-config)#le免费云主机域名ase 1 租期为1R1(config)#ip dhcp excluded-address10.1.1.1 R2从除网关地址之外的地址段中获取3ASA防火墙上配置DhcprelayASA(config)#dhcprelay server12.1.1.1 outside 配置DHCPrelay serverserver地址为防火墙与DHCPserver相连的地址,接口为防火墙上与DHCP server相连的接口ASA(config)#dhcprelay enableinside 启用DHCPrelay,此接口与client相连的接口
此时,配置基本已完成,但由于R1没有到10.1.1.0/24网段的,R2还获取不到地址,所以要在R1上写一条静态R1(config)#ip route 10.1.1.0 255.255.255.0 12.1.1.24、在R2上查看地址R2# show ip int brifeInterface IP-Address OK? Method Status ProtocolFastEthernet0/0 10.1.1.2 YES DHCP 获取的地址为10.1.1.2 up up5、可以用clear ip dhcp binding * 清除绑定的IP地址和mac地址6、查看dhcpserver收到的信息R1#sho ip dhcp server statisticsMemoryusage 15448Addresspools 1Databaseagents 0Automaticbindings 1Manualbindings 0Expiredbindings 0Malformedmessages 0Securearp entries 0Renewmessages 0Workspacetimeouts 0Static routes 0Relaybindings 0Relaybindings active 0Relaybindings terminated 0Relaybindings selecting 0Message ReceivedBOOTREQUEST 0DHCPDISCOVER 6 收到的discovery 报文数DHCPREQUEST 2 收到的request报文数DHCPDECLINE 0DHCPRELEASE 0DHCPINFORM 0DHCPVENDOR 0BOOTREPLY 0DHCPOFFER 0DHCPACK 0DHCPNAK 0Message SentBOOTREPLY 0DHCPOFFER 6 返回的offer报文数DHCPACK 2 返回的ack报文DHCPNAK 0Message ForwardedBOOTREQUEST 0DHCPDISCOVER 0DHCPREQUEST 0DHCPDECLINE 0DHCPRELEASE 0DHCPINFORM 0DHCPVENDOR 0BOOTREPLY 0DHCPOFFER 0DHCPACK 0DHCPNAK 0DHCP-DPMStatisticsOffernotifications sent 0Offercallbacks received 0Classnamerequests sent 0Classnamecallbacks received 07、查看dhcpserverIP地址与mac地址绑定R1#sho ip dhcp bindingBindingsfrom all pools not associated with VRF:IPaddress Client-ID/ Lease expiration Type State Interface Hardware address/ User name10.1.1.1 0063.6973.636f.2d63. Nov 22 2015 10:16 PM AutomaticActive Unknown 6130.322e.3031.3530. 2e30.3030.302d.4661. 302f.30

相关推荐: ms05-017漏洞原理与复现

利用此payload需要netbios h免费云主机域名ostname、ip、port三项内容msf中查看hname相关推荐: zabbix报警方式1、邮件报警使用mutt工具,脚本:注:python脚本可参考:http://strongit.github.i…

免责声明:本站发布的图片视频文字,以转载和分享为主,文章观点不代表本站立场,本站不承担相关法律责任;如果涉及侵权请联系邮箱:360163164@qq.com举报,并提供相关证据,经查实将立刻删除涉嫌侵权内容。

(0)
打赏 微信扫一扫 微信扫一扫
上一篇 01/27 11:36
下一篇 01/27 11:36