cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1097
Views
0
Helpful
5
Replies

DHCP Wierdness, ASA5506-X and Wyse thin clients

itsupport
Level 1
Level 1

Hi.

I am rolling out some Cisco 5506 FTD devices, to our remote offices. In the head office, we have an ASA5508-X, controlled by a vFMC, but for the remote sites I am just using the HTTPS based configuration, directly on the device. All that the branch office devices need to do is connect to an ISP, bring up a VPN to the head office, and send all IP traffic down it. I also need to get an IP address to the devices inside of the branch office networks somehow. All devices are running FTD 6.2.0.0

At the moment, I have the branch office 5506 set up as a DHCP server. Client machines are predominantly Wyse Cx10 thin clients, which FTP down their config from the head office, then connect via RDP to a terminal server. The problem being reported back from user, is that sporadically, the Wyse devices are throwing up an error " DHCP lease expired", and punting the user out of their session. A reboot after a few minutes gets everything working. I am aware of how DHCP is supposed to work, and I cannot figure out what is wrong. There have only ever been about 5 devices inside of the network which would have requested an address, and 100 in the range, so it is not running out. Looking at a Windows machine shows a lease time of 60mins being doled out by the 5506, which for this scenario seems a bit short. So, questions:

1. Any idea why the normal DHCP lease renewal would not be working?
2. Is there any way that a longer lease time could be configured? An hour seems a bit short for this application, changing it to a month would probably be a functional workaround.
3. Is there any way of setting up a DHCP relay on the 5506? I would actually prefer the DHCP server to be centralised in the head office.

I know these devices are severely limited without a vFMC to control them, but changing the DHCP lease time and configuring a relay are the sorts of things that are normal on a $50 no name home router made a decade ago.




5 Replies 5

Hello @itsupport

 

1. Any idea why the normal DHCP lease renewal would not be working?

 For this one you could try to update the device driver or ask support for vendor.


2. Is there any way that a longer lease time could be configured? An hour seems a bit short for this application, changing it to a month would probably be a functional workaround.

ASA allows for up to 12 days lease. To change it you need to use the command dhcpd lease 1048575 (time in seconds equivalent to 12 days)


3. Is there any way of setting up a DHCP relay on the 5506? I would actually prefer the DHCP server to be centralised in the head office.

 

Yes you can. Use the following command:

 

dhcprelay server "External DHCP IP Address" outside

dhcprelay enable inside

 

-If I helped you somehow, please, rate it as useful.-

The ASA 5506X are running FTD, rather than ASA software. I don't think that #2 and #3 are supported options.

They are supported. This is a ASA with FirePOWER ?

 

Then your have the ASA firmware 9.x something i would assume with FirePOWER analyzing traffic through the managment port ?

Please rate as helpful, if that would be the case. Thanx

No, this device is NOT running ASA with FirePOWER. it is running Firepower Threat defence.   Quite different.

itsupport
Level 1
Level 1

Just in case anyone is interested, I logged a call with TAC over this. Response was that the DHCP lease is fixed at one hour, and cannot be changed. :(  

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: