ASA 5500 and DHCP Problem

kakados2000 · ‎04-25-2012

Hello everybody.

I am facing a problem.

DHCP is active on the INSIDE interface.

However i get the following log messages:

UDP request discarded from 192.168.1.254/67 to INSIDE:192.168.1.1/67

dhcpd address 192.168.1.2-192.168.1.249 INSIDE
dhcpd dns 8.8.8.8 8.8.4.4 interface INSIDE
dhcpd lease 36000 interface INSIDE
dhcpd enable INSIDE

The dhcpd state shows inside as active.

I really dont get, why it doesnt get an offer back.

Jouni Forss · ‎04-25-2012

Hi,

Shouldn't the source address for the request be "0.0.0.0" and not an actual IP address from the same subnet?

Or is some network device forwarding initial DHCP messages to the ASA?

There shouldnt be many things that could be wrong with the DHCP on ASA. Either you use DHCP for hosts that are connected to the ASAs interface running the DHCP or you are using dhcprelay on the ASA to relay the DHCP messages to an actual server.

- Jouni

kakados2000 · ‎04-25-2012

Hi Jouni,

basically the requests commning from a wireless controller. thats why its not 0.0.0.0.

If i connect a host directly to the ASA i get a DHCP. I would like to use the ASA as DHCP over the wireless controller.

Julio Carvajal · ‎04-25-2012

Hello,

Do you have any logs while the issue happens, I mean we can see on that monitor tool that you were dropping packets but we will need to see what the logs say to determine why this happens.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

kakados2000 · ‎04-25-2012

Hi Julio,

the only log message i see (that is related to this), is the one i posted:

UDP request discarded from 192.168.1.254/67 to INSIDE:192.168.1.1/67

Julio Carvajal · ‎04-25-2012

Hello,

hmm it got to be something else, I mean that log does not show that the Interface went down it only shows that a UDP packets was not allowed to traverse the ASA due to the Accelerated Security Path ( ASP algorithm)

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

siddhartham · ‎03-07-2013

I am having the same issue, did you find any solution for this...

Below is my config

dhcpd dns 208.67.222.123 208.67.220.123

dhcpd lease 43200

dhcpd ping_timeout 20

dhcpd option 3 ip 172.16.8.1

dhcpd address 172.16.8.40-172.16.8.167 guest

dhcpd enable guest

and the logs..

%ASA-7-710005: UDP request discarded from 172.16.8.201/67 to guest:172.16.8.1/67

172.16.8.201 is the wireless controller and 172.16.8.1 is the Firewall Guest interface

Siddhartha

siddhartham · ‎03-07-2013

found the issue.

ASA s don't support Unicast DHCP requests, thts why its discarding the proxied DHCP requests from the wireless controller.

work around- Disable DHCP proxy on the controller ( its a global setting not a per WLAN setting)

https://supportforums.cisco.com/thread/2178369

Siddhartha