Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1046
Views
0
Helpful
2
Replies

ASA5512 / 5515 / 5516 - DHCP Relay Issue 9.10(1)7 - 10

RobjBrown
Level 1
Level 1

‎03-07-2019 06:09 AM - edited ‎02-21-2020 08:54 AM

Hi All,

 

We currently use a variety of ASA's of the 5512,5515 and 5516 variety to segregate non internal networks. These inner firewalls run DHCP Relay to our DHCP servers in the inside network, so DHCP requests would leave the relevant device, traverse the firewall, through our local core at the site and onward to the DHCP server. This was all working fine and we've had no problems. Since upgrading the firewalls from 9.10(1)2 to 9.10(1)7 and 9.10(1)10 we are finding some strange problems with DHCP relay.

 

The problem only seems to affect non windows devices, things like Printers/MFDs or one of our segregated networks contains the Cisco Wireless IP Phones, 7925 series. These devices will not pick up an IP Address automatically although a windows based device will and is unaffected.

 

Has anyone else experienced any issues on this particular software version, I haven't seen anything in the Bug Reports and am now wondering if its a configuration issue and we have been fortunate up until now not to come across it.

 

Any advice would be appreciated.


Rob

 

 

0 Helpful
2 Replies 2

Rahul Govindan
VIP Alumni
VIP Alumni

‎03-07-2019 07:31 AM - edited ‎03-07-2019 07:33 AM

When something like this happens, I always look at the release notes to see if they changed or fixed something in the new release. On checking the release notes, I see one DHCP relay related bug that was fixed in 9.10

 

DHCP Relay With Dual ISP and Backup IPSEC Tunnels Causes Flapping -CSCvh83849

 

Looking at the bug details, there is a mention of a behavior change. 

 

"The resolution of this defect introduces a change in behavior, or additional functionality, over previous releases"
 
It is possible that they changed something during the bug fix that broke existing functionality. Also, looking at recently open bugs, I see the following one for DHCP-relay:
 
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo12057
 
The bug states that clients sending the DHCP-unicast flag (DHCP Broadcast flag set to 0) are affected. This could be why some of your devices are affected and some are not. A packet capture on the ASA inside interface could confirm this. 
 
0 Helpful

RobjBrown
Level 1
Level 1
In response to Rahul Govindan

‎03-12-2019 02:59 AM

Thats great, and thankyou for the information, the latter bug definitely sounds like the issue I'm having. I'll debug the DHCP requests and see if this is the bug I'm hitting.

Many Thanks

Rob
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card