cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1757
Views
5
Helpful
6
Replies

5506-X BVI Interface DHCP Keeps Leasing Addresses

ehayric1320
Level 1
Level 1

I have configured port Gi1/2-Gi1/8 as follows with the nameif incrementing such as inside2, inside3 etc. A small DHCP pool has been created as well.

interface GigabitEthernet1/2
bridge-group 1
nameif inside1
security-level 100

When I connect my laptop to any of these ports it get's an IP but immediately drops it and then gets another. A debug of dhcpd shows me that after the ack is sent to my laptop it then rejects the IP. The ASA then tries the next IP in the pool. Wireshark shows my laptop joining a multicast group and leaving. It also shows a DHCP decline from my laptop. A colleague has tried his laptop and experiences the same issue.

Any ideas what is causing this?

1 Accepted Solution

Accepted Solutions

So the Duplicate ip address detection is on the client machine, does not matter what your DHCP server is. ASA does proxy arp by default, but only when there is a corresponding NAT statement. Proxy arp is usually not a required feature on your inside interface, so you can disable this for testing. 

View solution in original post

6 Replies 6

ehayric1320
Level 1
Level 1

Attached is a small piece of the dhcpd debug. You can see on line 19 that a 'DHCPDECLINE' is received.

This laptop works fine with DHCP when connected to our production network.

It could be the MS duplicate ip address detection kicking in. Does your ASA have any NAT rules that makes it proxy for that assigned ip address? If this is the case, the client might be testing arp for its newly received ip address. IF the ASA proxy arp's, the client releases it assuming that it is already used in the network. 

in order to help you it would be better if you share your ASA configuration.

please do not forget to rate.

DHCP is being hosted on a 3850, this is not Microsoft DHCP. It appears the reoslution may have been the 'sysopt noproxyarp' command on every single interface. Previously I had only enabled it on the outside interface. I found this link and it seems this is my issue.

https://gtacknowledge.extremenetworks.com/articles/Solution/DHCP-Clients-sending-DHCPDECLINE-packets

So the Duplicate ip address detection is on the client machine, does not matter what your DHCP server is. ASA does proxy arp by default, but only when there is a corresponding NAT statement. Proxy arp is usually not a required feature on your inside interface, so you can disable this for testing. 

Once I disabled proxy-arp on the BVI and all of the bridged interfaces the problem is gone.

The problem was not duplicate IP's. The problem was that it kept sending a decline and then DHCP would try another IP.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: