Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3681
Views
10
Helpful
6
Replies

Cisco FTD DHCP Problem

behrouz6408021
Level 1
Level 1

‎01-27-2021 11:35 PM

Hello

I have Collapse Core Network and My Core Switch is 6500 . The Core handling Inter VLAN Routing and it is gateway for my clients . in the next hop after Core Switch i have ASA 5525X . and every things is OK

when replace ASA with FPR4110 all of things OK except DHCP traffic

My DHCP server is Windows Server . when cliente request IP address from DHCP Server Some Client can obtain IP Address and many not obtain IP address .

 

0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎01-28-2021 02:52 AM - edited ‎01-28-2021 02:52 AM

have you configured DHCP relay agent :

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200475-Configure-DHCP-Server-Relay-on-FTD-Using.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Marius Gunnerud
VIP
VIP

‎01-28-2021 06:28 AM

in addition to what @balaji.bandi  has mentioned, are all the clients on the same subnet or are they on different subnets?  Is traffic opened for UDP/53 in the FDT firewall for DHCP traffic that needs to traverse the firewall?

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

behrouz6408021
Level 1
Level 1
In response to Marius Gunnerud

‎01-29-2021 05:50 AM

Our Clients are in different subnets and Core Switch (6500) is the gateway of our clients

and all of config related to "IP helper " under Core Switch interface is done .

this scenario is OK with ASA and all of DHCP traffic are allowed in ASA .

when replaced ASA with FTD 4110 ( DHCP Traffic allowed on FTD ) clients cannot obtain IP Address from DHCP server . our DHCP Server is Microsoft windows Server.

One of the things I suspect is DHCP Snooping and DHCP option on our Access Switch and Core Switch. but i cannot test it

DHCP traffic is UDP/67 and UDP/68 .

 

0 Helpful

behrouz6408021
Level 1
Level 1
In response to behrouz6408021

‎01-29-2021 05:56 AM

But what is different between Cisco ASA and FTD in DHCP Snooping Options and Packet ?

when ASA is the next hop of Core Switch all of thing about DHCP and IP address obtaining are OK

when replaced with FTD 4110 i cannot seen DHCP requested from Source Interface VLAN on Core Switch .

 

0 Helpful

Marius Gunnerud
VIP
VIP
In response to behrouz6408021

‎01-29-2021 06:45 AM

Yes, sorry, I got mixed up with another case when I mentioned UDP/53.

I have seen this issue a few times.  In the situations that I was involved with the connection table showed that connections for DHCP was setup towards the outside interface (i.e. default route for internet was being established before dynamic routing).  A clear connection on the FTD CLI solved the issue.

I had TAC on the case and they did a change...which escapes me right now.  I will try to find the solution they came with

 

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

vikas.gupta@pbfenergy.com
Level 1
Level 1
In response to Marius Gunnerud

‎03-02-2022 06:53 AM

Were you able to find the solution that TAC did?

 

Thanks

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card