https://community.cisco.com/t5/network-security/asa-dhcp-server-problems/m-p/2140575#M360278 <HTML><HEAD></HEAD><BODY><P></P><DIV><SPAN>Wrong forum, post in "Security - Firewalling". You can move your posting with the Actions panel on the right.</SPAN></DIV><P></P></BODY></HTML> Fri, 20 Sep 2013 19:47:41 GMT paolo bevilacqua 2013-09-20T19:47:41Z https://community.cisco.com/t5/network-security/asa-dhcp-server-problems/m-p/2140573#M360276 <P>Hi everybody,</P><P></P><P>thanks for an excellent forum!</P><P></P><P>I have a wierd problem with 3 ASA 5505s... They are set up on a small lan to serve as dhcp server, very flat straight forward setup - single vlan with a couple of phones printers pcs and such.</P><P></P><P>Now. When the lease time runs out for lets say one of the ip phones (specifically a 7912) everything stops. Or if the sw port it is connected to is reset it is unable to recover. With cdp i can see that it maintains its old ip add, and i can see the dhcp conversation with the asa (debug dhcpd packet 255 and dhcp debug event 255).</P><P></P><P>The only way to get it back up is to clear the specific lease on the asa and reset the sw port again. Then it gets a new ip and i can access it again.</P><P></P><P>Why? </P><P></P><P>Below is a debug output from the ASA. To me it looks like it just keeps requesting the address but for some unexplained reason it never starts using it. I'm wondering if that delayed ACK seen in the debug output is the cause!?</P><P></P><P>I've set the lease time to what 14 days or so for the scope and made sure every client renewed so i have some time to dig into this.</P><P></P><P>But any help is much appreciated!</P><P></P><P>Thanks in advance.</P><P></P><P>** SNIP ** </P><P></P><P>DHCPD: Server msg received, fip=ANY, fport=0 on inside interface</P><P>DHCPD: DHCPREQUEST received from client 0100.137f.ed76.b2.</P><P>DHCPD: Extracting client address from the message</P><P>DHCPD: State = DHCPS_REBOOTING</P><P>DHCPD: Client 0100.137f.ed76.b2 specified it's address 10.101.50.172</P><P>DHCPD: Client is on the correct network</P><P>DHCPD: Client accepted our offer</P><P>DHCPD: Client and server agree on address 10.101.50.172</P><P>DHCPD: Renewing client 0100.137f.ed76.b2 lease</P><P>DHCPD: Client lease can be renewed</P><P>DHCPD: adding option 15</P><P>DHCPD: adding option 150</P><P>DHCPD: adding option 161</P><P>DHCPD: adding option 162</P><P>DHCPD: deleting option 15</P><P>DHCPD: deleting option 150</P><P>DHCPD: deleting option 161</P><P>DHCPD: deleting option 162</P><P>DHCPD: ACK is being delayed and will be sent later</P><P>DHCPD: Server msg received, fip=ANY, fport=0 on inside interface</P><P>DHCPD: DHCPDISCOVER received from client 0100.137f.ed76.b2 on interface inside.</P><P>DHCPD: Sending DHCPOFFER to client 0100.137f.ed76.b2 (10.101.50.172).</P><P>DHCPD: adding option 15</P><P>DHCPD: adding option 150</P><P>DHCPD: adding option 161</P><P>DHCPD: adding option 162</P><P>DHCPD: client requests option 150.</P><P>DHCPD: copy option 150 (length = 4) to outgoing message.</P><P> <SPAN style="font-size: 10pt;"> </SPAN></P><P>DHCPD: Total # of raw options copied to outgoing DHCP message is 1.</P><P>DHCPD: broadcasting BOOTREPLY to client 0013.7fed.76b2.</P><P>DHCPD: deleting option 15</P><P>DHCPD: deleting option 150</P><P>DHCPD: deleting option 161</P><P>DHCPD: deleting option 162</P><P>DHCPD: Server msg received, fip=ANY, fport=0 on inside interface</P><P>DHCPD: DHCPREQUEST received from client 0100.137f.ed76.b2.</P><P>DHCPD: Extracting client address from the message</P><P>DHCPD: State = DHCPS_REBOOTING</P><P>DHCPD: State = DHCPS_REQUESTING</P><P>DHCPD: Client 0100.137f.ed76.b2 specified it's address 10.101.50.172</P><P>DHCPD: Client is on the correct network</P><P>DHCPD: Client accepted our offer</P><P>DHCPD: Client and server agree on address 10.101.50.172</P><P>DHCPD: Renewing client 0100.137f.ed76.b2 lease</P><P>DHCPD: Client lease can be renewed</P><P>DHCPD: adding option 15</P><P>DHCPD: adding option 150</P><P>DHCPD: adding option 161</P><P>DHCPD: adding option 162</P><P>DHCPD: deleting option 15</P><P>DHCPD: deleting option 150</P><P>DHCPD: deleting option 161</P><P>DHCPD: deleting option 162</P><P>DHCPD: ACK is being delayed and will be sent later</P><P></P><P>** SNIP **</P> Tue, 12 Mar 2019 01:13:41 GMT https://community.cisco.com/t5/network-security/asa-dhcp-server-problems/m-p/2140573#M360276 Geminorum_cco 2019-03-12T01:13:41Z https://community.cisco.com/t5/network-security/asa-dhcp-server-problems/m-p/2140574#M360277 <HTML><HEAD></HEAD><BODY><P> We are seeing the the same thing on an ASA5505. The initial discover gets a response, but the request during a client renew, gets a ACK being delayed and will be sent later message.</P></BODY></HTML> Fri, 20 Sep 2013 19:41:39 GMT https://community.cisco.com/t5/network-security/asa-dhcp-server-problems/m-p/2140574#M360277 s-mvasquez 2013-09-20T19:41:39Z https://community.cisco.com/t5/network-security/asa-dhcp-server-problems/m-p/2140575#M360278 <HTML><HEAD></HEAD><BODY><P></P><DIV><SPAN>Wrong forum, post in "Security - Firewalling". You can move your posting with the Actions panel on the right.</SPAN></DIV><P></P></BODY></HTML> Fri, 20 Sep 2013 19:47:41 GMT https://community.cisco.com/t5/network-security/asa-dhcp-server-problems/m-p/2140575#M360278 paolo bevilacqua 2013-09-20T19:47:41Z