get dhcp server
ns5xp-> get dhcp server trust: DHCP server is enabled
In the output above, I can see that the Netscreen firewall is serving as a
DHCP server on the "trust" zone. You can see what zones exist for the firewall
by using the command
ns5xp-> get interface A - Active, I - Inactive, U - Up, D - Down, R - Ready Interfaces in vsys Root: Name IP Address Zone MAC VLAN State VSD trust 192.168.0.1/24 Trust 0010.db0c.7dd4 - U - untrust 192.168.1.2/26 Untrust 0010.db0c.7dd3 - U - vlan1 0.0.0.0/0 VLAN 0010.db0c.7dde 1 D -
You can also check on the DHCP server status for a particular interface, such as the "trust" interface by using a command such as the following one:
ns5xp-> get interface trust dhcp server Mode: ENABLED State: ON DHCP send zero next server ip value.
There are options you can put at the end of that command to obtain additional information:
ns5xp-> get interface trust dhcp server ? > redirect output | match output <return> ip show all dhcp IP state option show all dhcp options
ip option can be used to see what IP addresses are available
from the DHCP server and which have been assigned.
ns5xp-> get interface trust dhcp server ip ? > redirect output | match output <return> allocate show dhcp allocated IP idle show dhcp idle IP
If the command
get interface trust dhcp server ip is issued,
the entire IP address range would be listed including available addresses and
those assigned with those assigned having a status of "COMMIT".
get interface trust dhcp server ip allocate would show
me only those IP addresses that have been assigned by the DHCP server on the
ns5xp-> get interface trust dhcp server ip allocate IP State MAC Lease Time 192.168.0.42 COMMIT *008cfa71e9e4 4232 minutes
In the case above, I can see that a system with
media access control (MAC)
008cfa71e9e4 was assigned the IP address
192.168.0.42 and the remaining time on the lease for the IP address is
about 70.5 minutes. If I issued the command a few minutes later, I would
see the lease time decremented showing the time remaining on the lease
on the subsequent issue of the command.
I can use a MAC address lookup tool to obtain vendor information for the network interface card in the device with the MAC address of 00:8c:fa:71:e9:e4, since the first three octets or 24 bits of the MAC address identify the vendor of a network interface.
I can see the lease time used by the DHCP server, the DNS server addresses,
gateway address, etc. that it will assign using the
get interface trust
dhcp server option.
ns5xp-> get interface trust dhcp server option DHCP Server Options: Lease: 3 days 0 hours 0 minutes IP Range: 192.168.0.33 - 192.168.0.126 Netmask: 255.255.255.0 Gateway: 192.168.0.1 Domain Name: DNS: 192.168.0.27 220.127.116.11 0.0.0.0 WINS: 0.0.0.0 0.0.0.0 SMTP: 0.0.0.0 POP3: 0.0.0.0 NEWS: 0.0.0.0 NetInfo: 0.0.0.0 0.0.0.0 ns5xp->
I can use a
set interface trust dhcp server command to disble
the DHCP server on the NetScreen firewall or change options.
ns5xp-> set interface trust dhcp server ? auto enable DHCP server in 'auto probing' mode disable disable DHCP server enable enable DHCP server ip IP(s) option dhcp options service enable DHCP server
I can change the value for an option using by using the
trust dhcp server option command.
ns5xp-> set interface trust dhcp server option ? dns1 dns dns2 dns dns3 dns domainname domain name gateway client gateway lease lease netmask netmask news news nis1 net info server nis2 net info server nistag net info tag pop3 pop3 smtp smtp wins1 wins wins2 wins
If I wanted to change the IP address for the first DNS server assigned by DHCP, I could use the command
ns5xp-> set interface trust dhcp server option dns1 192.168.0.15 ns5xp->
If I wanted the systems that had received the DHCP configuration information
from the NetScreen firewall to use the new DNS server setting rather than the
old one, I need to issue a command at each system to renew its DHCP information.
On a Microsoft Windows system, I could issue the command
ipconfig /renew to have the system query the DHCP server
immediately for new configuration information.
Created: Sunday January 11, 2015