cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

4151
Views
10
Helpful
8
Replies
scott.bridges
Beginner

ASA Client-ID and DHCP question

Hello,

I have an ASA whose Outside interface is obtaining DHCP IP & Default Gateway.  When I look at the DHCP Client Lease Information I see: Client-ID: cisco-xxxx.xxxx.xxxx-outside-HOSTNAME where x=MAC and HOSTNAME=configured ASA hostname.

I am trying to change this to a standard MAC response response only.  I have the following configuration:
!
interface GigabitEthernet0/0
 mac-address aaaa.bbbb.cccc
 nameif outside
 security-level 0
 ip address dhcp setroute
!
dhcp-client client-id interface outside
!

But I am still sending the same Client-ID.

Any ideas how to make this feature work?  I understand the "cisco-xxx..." Client-ID is default with ASA's, but I also understand you can change it...

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Hi Scott,

 

>> Client ID that you see on the ASDM under client-lease information is something local to ASA and not being sent to the other device.

>> What other device will see is decided in the interface configuration where you can specify the mac address to be used for client-id. Default option is Client-ID: cisco-xxxx.xxxx.xxxx-outside-HOSTNAME but one can change it to only MAC.

>> From the captures it is clear that your dhcp server will be getting only MAC address as the client-id identifier.

 

Hope it helps!!!

 

Thanks,

R.Seth

Don't forget to mark correct answer, if your queries are answered.!!!!

View solution in original post

8 REPLIES 8
Rishabh Seth
Rising star

Hi Scott,

This command seems to work fine on 9.5.1 version, what version are you using on your ASA?

Thanks,

R.Seth

Apologies,

ASA 5505 running 9.1(6)8

The latest software I see posted is 9.2.4.  Are you running the new X series for 9.5.1?

I'll try upgrading to 9.2.4.

Hi Scott,

The mac address is sent to the DHCP server with dhcp-client client-id interface <int-name> command on version 9.1(6)8 as well.

>> You can confirm if the ASA is sending the MAC address as the clinet id, by applying capture on the ASA for dhcp traffic and view the capture in wireshark and verify the client id in the packet.

>> Probably you should check the dhcp server as well. 

What device is used as the dhcp server?

 

Thanks,

R.Seth

 

Hi Seth,

What is the best way to setup this type of capture on the ASA as far as sequence of events?  I'm assuming since I'm coming from the Inside interface, I should:

1: remove "ip address dhcp setroute"
2: shutdown Gi0/0 (Outside)
3: setup packet capture via wizard
4: add "ip address dhcp setroute" to Gi0/0
5: no shutdown Gi0/0

Also, just to clarify with your configuration:  Which Client-ID format is your ASA sending?
1:  cisco-aaaa.bbbb.cccc-outside-HOSTNAME
or
2:  aaaa.bbbb.cccc
 

My goal is to achieve option 2.  My understanding is that if I set the "mac-address" option on Gi0/0 followed by "dhcp-client client-id interface outside" in global, option 2 should be the result.

Thanks again for your help

 

Edit:  Also, I believe the DHCP server is Windows 2008, but not 100%

Hi Scott,

 

Use cli to configure captures:

 cap capi interface inside match udp an an eq bootpc
 cap capi interface inside match udp an an eq bootps

Export captures using:

https://asaIP/capture/capi/pcap

Note: http server should be enabled on the ASA.

>> After exporting caputre, disable captures using: no cap capi

ASA is sending the client id as:aaaa.bbbb.cccc when client id is configured.

If there nothing specified then client id is seen as:  cisco-aaaa.bbbb.cccc-outside-HOSTNAME.

>> I am using another ASA as a dhcp server.

 

Thanks,

R.Seth

 

Hi Seth,

Thanks for these CLI instructions.  Very cool and didn't know about the simplicity of the CLI and URL.

I ended up having to Shut/No Shut Gi0/0 (Outside) in order to produce a DHCP Request.  

Within the DHCP Request I see:
Option 61: Client Identifier
  Client MAC address: Transiti_aa:bb:cc (aa:aa:bb:bb:cc:cc)
Option 12: Host Name
  Host Name:  My-Device-Hostname

Along with other standard DHCP options.  These are the two I see as most relevant.

Yet when I open up ASDM, go to Monitoring, DHCP, DHCP Client Leasing Information, I still see the same "cisco-aa.bb...." Client-ID as before.

Could this be because I merely shut/noshut Gi0/0 and didn't give it enough time to timeout the lease?  Any idea on how to force the DHCP Server to renew (assuming this is the issue)?

Thank you

Hi Scott,

 

>> Client ID that you see on the ASDM under client-lease information is something local to ASA and not being sent to the other device.

>> What other device will see is decided in the interface configuration where you can specify the mac address to be used for client-id. Default option is Client-ID: cisco-xxxx.xxxx.xxxx-outside-HOSTNAME but one can change it to only MAC.

>> From the captures it is clear that your dhcp server will be getting only MAC address as the client-id identifier.

 

Hope it helps!!!

 

Thanks,

R.Seth

Don't forget to mark correct answer, if your queries are answered.!!!!

View solution in original post

Hi Seth,

Thank you for clarifying that what I see in ASDM isn't exactly what is being sent to DHCP Server.  I wish they would fix/change this!

Thank you for your help!

Content for Community-Ad