NSX - Configure a DHCP service in an Edge Security Gateway using Powershell

  2 minute read

This is a quick snippet explaining how to use Powershell to configure the DHCP service in an Edge Security Gateway (ESG).

Objective

Setting up a simple DHCP server with a single IP pool - 192.168.0.100/24 - 192.168.0.200/24 - in an ESG using Powershell.

ESG Example

We will use an existing ESG instead of creating a new one, similar to what we did in NSX - Configure a Load Balancer in an Edge Security Gateway using Powershell/PowerNSX

The DHCP service will be listening in the ESG internal interface (Transit - VXLAN X).

Setup

Let’s set it up, step by step.

Challenge

Our prefered Powershell module PowerNSX (v 3.0.1125), unfortunatelly do not have any cmdlets to help us with the DHCP service configuration, so we will need to fallback to the XML and Invoke-NSXWebRequest method.

PS /Users/radao> get-help Invoke-NsxWebRequest

NAME
    Invoke-NsxWebRequest
    
SYNOPSIS
    Constructs and performs a valid NSX REST call and returns a response object
    including response headers.
    
    
SYNTAX
    Invoke-NsxWebRequest [-method <String>] [-URI <String>] 
      [-body <String>] [-connection <PSObject>] [-extraheader <Hashtable>]
       [-Timeout <Int32>] [<CommonParameters>]
    
    Invoke-NsxWebRequest -cred <PSCredential> -server <String> -port <Int32>
      -protocol <String> -UriPrefix <String> -ValidateCertificate <Boolean>
      -method <String> -URI <String> [-body <String>] [<CommonParameters>]

Preparing the XML payload needed for the call

We will need to get the following info to a XML payload/format that we can push to Invoke-NSXWebRequest cmdlet:

  • Enable service
  • Range = 192.168.0.100-192.168.0.200
  • Gateaway = 192.168.0.1
  • Subnet = 255.255.255.0
  • Lease Time = 86400
$xmlPayload = "
  <dhcp>
    <enabled>true</enabled>
    <ipPools>
      <ipPool>
        <ipRange>192.168.0.100-192.168.0.200</ipRange>
        <defaultGateway>192.168.0.1</defaultGateway>
        <subnetMask>255.255.255.0</subnetMask>
        <leaseTime>86400</leaseTime>
        <autoConfigureDNS>false</autoConfigureDNS>
      </ipPool>
    </ipPools>
    <logging><enable>true</enable>
    <logLevel>info</logLevel></logging>
  </dhcp>"

Make the Invoke-NSXWebRequest call done with the XML payload that we just created

Get the ESG ID that we need to get the current object information.

    $edgeID = (Get-NsxEdge -Name "vPOD-Edge").Id

Setting up the call URL:

    $uri = "/api/4.0/edges/$($edgeID)/dhcp/config"

Execute and call _Invoke-NSXWebRequest:

    $null = invoke-nsxwebrequest -method "put" `
      -uri $uri -body $xmlPayload -connection $nsxConnection

The $nsxConnection is the object produced by the Connect-NSXServer when connecting to the NSX manager of the solution.

Summary

A quick summary of what we setup

  1. Enable DHCP service in the _ESG
  2. Prepare the XML payload
  3. Make the PUT call Invoke-NSXWebRequest