ASA DHCP server problems

Geminorum_cco · ‎03-13-2013

Hi everybody,

thanks for an excellent forum!

I have a wierd problem with 3 ASA 5505s... They are set up on a small lan to serve as dhcp server, very flat straight forward setup - single vlan with a couple of phones printers pcs and such.

Now. When the lease time runs out for lets say one of the ip phones (specifically a 7912) everything stops. Or if the sw port it is connected to is reset it is unable to recover. With cdp i can see that it maintains its old ip add, and i can see the dhcp conversation with the asa (debug dhcpd packet 255 and dhcp debug event 255).

The only way to get it back up is to clear the specific lease on the asa and reset the sw port again. Then it gets a new ip and i can access it again.

Why?

Below is a debug output from the ASA. To me it looks like it just keeps requesting the address but for some unexplained reason it never starts using it. I'm wondering if that delayed ACK seen in the debug output is the cause!?

I've set the lease time to what 14 days or so for the scope and made sure every client renewed so i have some time to dig into this.

But any help is much appreciated!

Thanks in advance.

** SNIP **

DHCPD: Server msg received, fip=ANY, fport=0 on inside interface

DHCPD: DHCPREQUEST received from client 0100.137f.ed76.b2.

DHCPD: Extracting client address from the message

DHCPD: State = DHCPS_REBOOTING

DHCPD: Client 0100.137f.ed76.b2 specified it's address 10.101.50.172

DHCPD: Client is on the correct network

DHCPD: Client accepted our offer

DHCPD: Client and server agree on address 10.101.50.172

DHCPD: Renewing client 0100.137f.ed76.b2 lease

DHCPD: Client lease can be renewed

DHCPD: adding option 15

DHCPD: adding option 150

DHCPD: adding option 161

DHCPD: adding option 162

DHCPD: deleting option 15

DHCPD: deleting option 150

DHCPD: deleting option 161

DHCPD: deleting option 162

DHCPD: ACK is being delayed and will be sent later

DHCPD: Server msg received, fip=ANY, fport=0 on inside interface

DHCPD: DHCPDISCOVER received from client 0100.137f.ed76.b2 on interface inside.

DHCPD: Sending DHCPOFFER to client 0100.137f.ed76.b2 (10.101.50.172).

DHCPD: adding option 15

DHCPD: adding option 150

DHCPD: adding option 161

DHCPD: adding option 162

DHCPD: client requests option 150.

DHCPD: copy option 150 (length = 4) to outgoing message.

DHCPD: Total # of raw options copied to outgoing DHCP message is 1.

DHCPD: broadcasting BOOTREPLY to client 0013.7fed.76b2.

DHCPD: deleting option 15

DHCPD: deleting option 150

DHCPD: deleting option 161

DHCPD: deleting option 162

DHCPD: Server msg received, fip=ANY, fport=0 on inside interface

DHCPD: DHCPREQUEST received from client 0100.137f.ed76.b2.

DHCPD: Extracting client address from the message

DHCPD: State = DHCPS_REBOOTING

DHCPD: State = DHCPS_REQUESTING

DHCPD: Client 0100.137f.ed76.b2 specified it's address 10.101.50.172

DHCPD: Client is on the correct network

DHCPD: Client accepted our offer

DHCPD: Client and server agree on address 10.101.50.172

DHCPD: Renewing client 0100.137f.ed76.b2 lease

DHCPD: Client lease can be renewed

DHCPD: adding option 15

DHCPD: adding option 150

DHCPD: adding option 161

DHCPD: adding option 162

DHCPD: deleting option 15

DHCPD: deleting option 150

DHCPD: deleting option 161

DHCPD: deleting option 162

DHCPD: ACK is being delayed and will be sent later

** SNIP **

s-mvasquez · ‎09-20-2013

We are seeing the the same thing on an ASA5505. The initial discover gets a response, but the request during a client renew, gets a ACK being delayed and will be sent later message.

paolo bevilacqua · ‎09-20-2013

Wrong forum, post in "Security - Firewalling". You can move your posting with the Actions panel on the right.