ASA 5515 DHCP issues

Jake Stroud · ‎11-06-2013

Fairly new with ASA's, and could use a little help. I have an ASA5515 configured as a DHCP server in a customer environment. Clients that obtain their IP's via DHCP lose network connectivity after a short period of time, however clients that are staticly connected still have network connectivity.

Attached are output from the show version and show run commands.

Client is using Ruckus Wireless with an 1106 controller and 9 AP's, 2 unmanaged switches and Windows XP/7 clients. Not a very complicated network.

Any ideas would be greatly appreciated.

Jake

Jake Stroud · ‎11-08-2013

The static clients not losing connectivity is what is really confusing me. Maybe the lease time? A rogue dhcp server? Any way to check this on the Asa?

Sent from Cisco Technical Support iPhone App

Jouni Forss · ‎11-08-2013

Hi,

Dont really know what the problem would be.

It seems to me that there are a lot of unneeded DHCP configurations on the unit atleast

To my understanding the below 4 configurations are only needed if your WAN interface was acting as a DHCP Client. I mean a situation where your ASA would get its public IP address through DHCP from the ISP instead of the current setting which is static.

dhcp-client client-id interface WAN

dhcpd auto_config WAN

dhcpd auto_config WAN interface management

dhcpd auto_config WAN interface LAN

The below to my understanding is not needed since you have already set the interface specific DNS servers

dhcpd dns 99.99.99.53 99.99.99.153

The below to my understanding is not needed as you dont have any DynDNS configurations on the ASA.

dhcpd update dns both interface LAN

Seems to me tha the below configuration configured DNS server correct? Though you already have a configuration for the LAN interface with the "dhcpd dns" configuration.

dhcpd option 6 ip 8.8.8.8 4.2.2.2 interface LAN

I don't know if these really have anything to do with your problem but I just thought that they were not needed.

It seems to me that the only configurations you would need for basic DHCP would be

dhcpd address 192.168.123.100-192.168.123.249 LAN

dhcpd dns 8.8.8.8 4.4.2.2 interface LAN

dhcpd enable LAN

Is the connectivity cut complete? I mean can you even ping internal gateway of the users? Are you able to ping anything with IP address directly?

I guess you could choose one DHCP IP address as a test and capture its traffic and see what you see in the traffic capture at the time before and after the problem. You can do that probably on the client directly or perhaps also on the ASA

On the ASA the capture could be done with the following configuration

access-list CAPTURE permit ip host any

access-list CAPTURE permit ip any host

capture CAPTURE type raw-data access-list CAPTURE interface LAN buffer 33500000 circular-buffer

To view if anything is hitting the capture use the command

show capture

To show contents of the capture on the CLI use the command

show capture CAPTURE

To copy the capture to your computer so you can open it with Wireshark for example use the command

copy /pcap capture:CAPTURE tftp://x.x.x.x/CAPTURE.pcap

To remove the capture use the command

no capture CAPTURE

The ACL created has to be removed separately.

Does sound like an ASA problem to me but maybe the capture might tell something. Atleast you could confirm if the any traffic even reaches the ASA when the client is expiriencing problems.

Hope this helps

- Jouni

Jake Stroud · ‎11-08-2013

Thanks for your reply.

I made the edits you suggested, but then found what I think may have been causing the issue.

Customer had a user that was using his own wi-fi/router device in his office. We disconnected that device and things seem to be working fine!

Sent from Cisco Technical Support iPhone App