01-27-2021 11:35 PM
Hello
I have Collapse Core Network and My Core Switch is 6500 . The Core handling Inter VLAN Routing and it is gateway for my clients . in the next hop after Core Switch i have ASA 5525X . and every things is OK
when replace ASA with FPR4110 all of things OK except DHCP traffic
My DHCP server is Windows Server . when cliente request IP address from DHCP Server Some Client can obtain IP Address and many not obtain IP address .
01-28-2021 02:52 AM - edited 01-28-2021 02:52 AM
have you configured DHCP relay agent :
01-28-2021 06:28 AM
in addition to what @balaji.bandi has mentioned, are all the clients on the same subnet or are they on different subnets? Is traffic opened for UDP/53 in the FDT firewall for DHCP traffic that needs to traverse the firewall?
01-29-2021 05:50 AM
Our Clients are in different subnets and Core Switch (6500) is the gateway of our clients
and all of config related to "IP helper " under Core Switch interface is done .
this scenario is OK with ASA and all of DHCP traffic are allowed in ASA .
when replaced ASA with FTD 4110 ( DHCP Traffic allowed on FTD ) clients cannot obtain IP Address from DHCP server . our DHCP Server is Microsoft windows Server.
One of the things I suspect is DHCP Snooping and DHCP option on our Access Switch and Core Switch. but i cannot test it
DHCP traffic is UDP/67 and UDP/68 .
01-29-2021 05:56 AM
But what is different between Cisco ASA and FTD in DHCP Snooping Options and Packet ?
when ASA is the next hop of Core Switch all of thing about DHCP and IP address obtaining are OK
when replaced with FTD 4110 i cannot seen DHCP requested from Source Interface VLAN on Core Switch .
01-29-2021 06:45 AM
Yes, sorry, I got mixed up with another case when I mentioned UDP/53.
I have seen this issue a few times. In the situations that I was involved with the connection table showed that connections for DHCP was setup towards the outside interface (i.e. default route for internet was being established before dynamic routing). A clear connection on the FTD CLI solved the issue.
I had TAC on the case and they did a change...which escapes me right now. I will try to find the solution they came with
03-02-2022 06:53 AM
Were you able to find the solution that TAC did?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide