Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1046
Views
0
Helpful
4
Replies

5505 interface can't get dhcp

uapresents1
Level 1
Level 1

‎12-18-2010 11:31 AM - edited ‎03-11-2019 12:24 PM

I don't understand why I can't get DHCP services to work on the wifi 3rd interface on an ASA 5505.  I have the basic license so can't get to inside but I don't see why that should matter.

I have a wireless AP plugged into Ethernet0/6, wireless clients can connect but never receive dhcp.  Here is from the log where they are trying:

     Dec 17 2010 12:12:35: %ASA-7-710005: UDP request discarded from 0.0.0.0/68 to wifi:255.255.255.255/67

If I switch the dhcp pool to inside and change the wireless AP to inside it all works fine.  But that doesn't give me the security I want.

ASA Version 7.2(4)
!
hostname asa
domain-name server.pvt
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd kOnQwctX3GA7YBoq encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
mac-address 3946.9a99.6995
nameif outside
security-level 0
ip address 99.195.134.53 255.255.255.252
!
interface Vlan3
no forward interface Vlan1
nameif wifi
security-level 50
ip address 10.10.10.1 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
switchport access vlan 3
!
interface Ethernet0/5
!
interface Ethernet0/6
switchport access vlan 3
!
interface Ethernet0/7
!
ftp mode passive
clock timezone MST -7
dns server-group DefaultDNS
domain-name server.pvt
object-group network egress-dns
network-object host 4.2.2.2
network-object host 4.2.2.1
object-group service egress-web tcp
port-object eq www
port-object eq https
access-list wifi_access_in extended permit ip any any
access-list inside_access_in extended permit ip any any
pager lines 24
logging enable
logging timestamp
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu wifi 1500
ip verify reverse-path interface inside
ip verify reverse-path interface outside
ip verify reverse-path interface wifi
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
nat (wifi) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
access-group wifi_access_in in interface wifi
route outside 0.0.0.0 0.0.0.0 99.195.134.53 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.248 inside
no snmp-server location
no snmp-server contact
telnet timeout 5
ssh 192.168.1.0 255.255.255.248 inside
ssh timeout 10
ssh version 2
console timeout 10
dhcpd option 3 ip 10.10.10.1
!
dhcpd address 10.10.10.11-10.10.10.21 wifi
dhcpd dns 4.2.2.2 interface wifi
dhcpd option 3 ip 10.10.10.1 interface wifi
dhcpd enable wifi
!
dhcprelay timeout 60

vpnclient mode client-mode
!
!
prompt hostname context
no compression svc http-comp
Cryptochecksum:a0ca3663ebb2aaeda310fa4eb605a29b
: end

Labels:
0 Helpful
4 Replies 4

Maykol Rojas
Cisco Employee
Cisco Employee

‎12-18-2010 01:43 PM

Hello,

Try to put it back again on the WiFi interface and check the DHCP binding, you need to make sure that you have room in your "Inside hosts" license in order to provide an IP address for this device.

Cheers

Mike

Mike
0 Helpful

uapresents1
Level 1
Level 1
In response to Maykol Rojas

‎12-19-2010 09:02 AM

Good idea Mike,

sh dhcpd bind is empty.

Also:

asa# sh dhcpd state
Context  Configured as DHCP Server
Interface inside, Not Configured for DHCP
Interface outside, Not Configured for DHCP
Interface wifi, Configured for DHCP SERVER

asa# sh dhcpd statist
DHCP UDP Unreachable Errors: 0
DHCP Other UDP Errors: 0

Address pools        1
Automatic bindings   0
Expired bindings     0
Malformed messages   0

Message              Received
BOOTREQUEST          0
DHCPDISCOVER         1
DHCPREQUEST          1
DHCPDECLINE          0
DHCPRELEASE          0
DHCPINFORM           0

Message              Sent
BOOTREPLY            0
DHCPOFFER            1
DHCPACK              1
DHCPNAK              0

I also checked monitoring, properties,user licenses in ASDM and it says:

Internet interface: outside (host limit applies to all other interfaces)

Number of Licenses Available:10

Number of Licenses in Use:2

Number of denied connections: 0 on wifi, 0 on inside

I tried adding a second laptop to the wireless (which also failed to get an IP address) and none of the above changed at all.  Doesn't this indicate the wifi clients are not even getting to the dhcp service?

Phil

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to uapresents1

‎12-20-2010 01:09 AM

Hi,

do  a debug dhcpd packet and debug dhcpd event and post result here.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

uapresents1
Level 1
Level 1
In response to cadet alain

‎12-21-2010 03:28 PM

After I upgraded to the latest IOS this problem went away.

I'd like to thank everyone that tried to help though!

Phil

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card