01-27-2021 11:35 PM
Hello
I have Collapse Core Network and My Core Switch is 6500 . The Core handling Inter VLAN Routing and it is gateway for my clients . in the next hop after Core Switch i have ASA 5525X . and every things is OK
when replace ASA with FPR4110 all of things OK except DHCP traffic
My DHCP server is Windows Server . when cliente request IP address from DHCP Server Some Client can obtain IP Address and many not obtain IP address .
01-28-2021 02:52 AM - edited 01-28-2021 02:52 AM
have you configured DHCP relay agent :
01-28-2021 06:28 AM
in addition to what @balaji.bandi has mentioned, are all the clients on the same subnet or are they on different subnets? Is traffic opened for UDP/53 in the FDT firewall for DHCP traffic that needs to traverse the firewall?
01-29-2021 05:50 AM
Our Clients are in different subnets and Core Switch (6500) is the gateway of our clients
and all of config related to "IP helper " under Core Switch interface is done .
this scenario is OK with ASA and all of DHCP traffic are allowed in ASA .
when replaced ASA with FTD 4110 ( DHCP Traffic allowed on FTD ) clients cannot obtain IP Address from DHCP server . our DHCP Server is Microsoft windows Server.
One of the things I suspect is DHCP Snooping and DHCP option on our Access Switch and Core Switch. but i cannot test it
DHCP traffic is UDP/67 and UDP/68 .
01-29-2021 05:56 AM
But what is different between Cisco ASA and FTD in DHCP Snooping Options and Packet ?
when ASA is the next hop of Core Switch all of thing about DHCP and IP address obtaining are OK
when replaced with FTD 4110 i cannot seen DHCP requested from Source Interface VLAN on Core Switch .
01-29-2021 06:45 AM
Yes, sorry, I got mixed up with another case when I mentioned UDP/53.
I have seen this issue a few times. In the situations that I was involved with the connection table showed that connections for DHCP was setup towards the outside interface (i.e. default route for internet was being established before dynamic routing). A clear connection on the FTD CLI solved the issue.
I had TAC on the case and they did a change...which escapes me right now. I will try to find the solution they came with
03-02-2022 06:53 AM
Were you able to find the solution that TAC did?
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: