09-15-2015 10:56 AM - edited 03-11-2019 11:36 PM
Hello,
I have an ASA whose Outside interface is obtaining DHCP IP & Default Gateway. When I look at the DHCP Client Lease Information I see: Client-ID: cisco-xxxx.xxxx.xxxx-outside-HOSTNAME where x=MAC and HOSTNAME=configured ASA hostname.
I am trying to change this to a standard MAC response response only. I have the following configuration:
!
interface GigabitEthernet0/0
mac-address aaaa.bbbb.cccc
nameif outside
security-level 0
ip address dhcp setroute
!
dhcp-client client-id interface outside
!
But I am still sending the same Client-ID.
Any ideas how to make this feature work? I understand the "cisco-xxx..." Client-ID is default with ASA's, but I also understand you can change it...
Thanks
Solved! Go to Solution.
09-17-2015 10:06 AM
Hi Scott,
>> Client ID that you see on the ASDM under client-lease information is something local to ASA and not being sent to the other device.
>> What other device will see is decided in the interface configuration where you can specify the mac address to be used for client-id. Default option is Client-ID: cisco-xxxx.xxxx.xxxx-outside-HOSTNAME but one can change it to only MAC.
>> From the captures it is clear that your dhcp server will be getting only MAC address as the client-id identifier.
Hope it helps!!!
Thanks,
R.Seth
Don't forget to mark correct answer, if your queries are answered.!!!!
09-16-2015 03:48 AM
Hi Scott,
This command seems to work fine on 9.5.1 version, what version are you using on your ASA?
Thanks,
R.Seth
09-17-2015 04:17 AM
Apologies,
ASA 5505 running 9.1(6)8
The latest software I see posted is 9.2.4. Are you running the new X series for 9.5.1?
I'll try upgrading to 9.2.4.
09-17-2015 05:46 AM
Hi Scott,
The mac address is sent to the DHCP server with dhcp-client client-id interface <int-name> command on version 9.1(6)8 as well.
>> You can confirm if the ASA is sending the MAC address as the clinet id, by applying capture on the ASA for dhcp traffic and view the capture in wireshark and verify the client id in the packet.
>> Probably you should check the dhcp server as well.
What device is used as the dhcp server?
Thanks,
R.Seth
09-17-2015 06:13 AM
Hi Seth,
What is the best way to setup this type of capture on the ASA as far as sequence of events? I'm assuming since I'm coming from the Inside interface, I should:
1: remove "ip address dhcp setroute"
2: shutdown Gi0/0 (Outside)
3: setup packet capture via wizard
4: add "ip address dhcp setroute" to Gi0/0
5: no shutdown Gi0/0
Also, just to clarify with your configuration: Which Client-ID format is your ASA sending?
1: cisco-aaaa.bbbb.cccc-outside-HOSTNAME
or
2: aaaa.bbbb.cccc
My goal is to achieve option 2. My understanding is that if I set the "mac-address" option on Gi0/0 followed by "dhcp-client client-id interface outside" in global, option 2 should be the result.
Thanks again for your help
Edit: Also, I believe the DHCP server is Windows 2008, but not 100%
09-17-2015 06:20 AM
Hi Scott,
Use cli to configure captures:
cap capi interface inside match udp an an eq bootpc
cap capi interface inside match udp an an eq bootps
Export captures using:
https://asaIP/capture/capi/pcap
Note: http server should be enabled on the ASA.
>> After exporting caputre, disable captures using: no cap capi
ASA is sending the client id as:aaaa.bbbb.cccc when client id is configured.
If there nothing specified then client id is seen as: cisco-aaaa.bbbb.cccc-outside-HOSTNAME.
>> I am using another ASA as a dhcp server.
Thanks,
R.Seth
09-17-2015 08:58 AM
Hi Seth,
Thanks for these CLI instructions. Very cool and didn't know about the simplicity of the CLI and URL.
I ended up having to Shut/No Shut Gi0/0 (Outside) in order to produce a DHCP Request.
Within the DHCP Request I see:
Option 61: Client Identifier
Client MAC address: Transiti_aa:bb:cc (aa:aa:bb:bb:cc:cc)
Option 12: Host Name
Host Name: My-Device-Hostname
Along with other standard DHCP options. These are the two I see as most relevant.
Yet when I open up ASDM, go to Monitoring, DHCP, DHCP Client Leasing Information, I still see the same "cisco-aa.bb...." Client-ID as before.
Could this be because I merely shut/noshut Gi0/0 and didn't give it enough time to timeout the lease? Any idea on how to force the DHCP Server to renew (assuming this is the issue)?
Thank you
09-17-2015 10:06 AM
Hi Scott,
>> Client ID that you see on the ASDM under client-lease information is something local to ASA and not being sent to the other device.
>> What other device will see is decided in the interface configuration where you can specify the mac address to be used for client-id. Default option is Client-ID: cisco-xxxx.xxxx.xxxx-outside-HOSTNAME but one can change it to only MAC.
>> From the captures it is clear that your dhcp server will be getting only MAC address as the client-id identifier.
Hope it helps!!!
Thanks,
R.Seth
Don't forget to mark correct answer, if your queries are answered.!!!!
09-17-2015 10:28 AM
Hi Seth,
Thank you for clarifying that what I see in ASDM isn't exactly what is being sent to DHCP Server. I wish they would fix/change this!
Thank you for your help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide