Correct, I meant 0/2.  I changed that up there.

I can't try to statically assign it as I'm home now with no access to that laptop; however I think you are on to something when I showed the interface config via telnet.  Seems it claims the interface is down though the ASDM shows everything I know to look at as to the fact it's enabled and up.  How can I fix that (i'm not a Cisco guy).  I doubt it, but it could just be that the laptop is the only thing plugged into it and the laptop is probably asleep now.  Link should stay active though I would think.

Interface Ethernet0/2 "OpenInternet", is down, line protocol is down

  Hardware is i82546GB rev03, BW 100 Mbps

        Auto-Duplex, Auto-Speed

        MAC address 000a.b89c.e6a2, MTU 1500

        IP address 10.0.27.15, subnet mask 255.255.255.0

        11447275 packets input, 8221504873 bytes, 596 no buffer

        Received 11447275 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 6030778 overrun, 0 ignored, 0 abort

        455017 L2 decode drops

        2 packets output, 128 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 babbles, 0 late collisions, 0 deferred

        0 lost carrier, 0 no carrier

        input queue (curr/max blocks): hardware (0/0) software (0/0)

        output queue (curr/max blocks): hardware (0/1) software (0/0)

  Traffic Statistics for "OpenInternet":

        909 packets input, 103688 bytes

        1 packets output, 28 bytes

        890 packets dropped

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

Actually it was because the laptop was in sleep mode.  I woke it up and the lines went UP.

Yes I can ping 10.0.27.15 if I statically assign an IP.

Yes I have tried other machines other than this laptop.

Interface Ethernet0/2 "OpenInternet", is up, line protocol is up
  Hardware is i82546GB rev03, BW 100 Mbps
        Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
        MAC address 000a.b89c.e6a2, MTU 1500
        IP address 10.0.27.15, subnet mask 255.255.255.0
        11447633 packets input, 8221545570 bytes, 596 no buffer
        Received 11447629 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 6030778 overrun, 0 ignored, 0 abort
        455017 L2 decode drops
        7 packets output, 504 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        input queue (curr/max blocks): hardware (5/0) software (0/0)
        output queue (curr/max blocks): hardware (0/1) software (0/0)

Hi Robert,

Try gathering the output of 'debug dhcpd packet' and 'debug dhcp event' during a time when your client is looking for an IP address. That might give some clue as to what's going on.

Packet captures would also be helpful so you can see exactly where the requests are failing. You could setup a capture like this:

capture dhcp-cap interface OpenInternet match udp any any range 67 68

-Mike

I ran the following to commands and received "enabled at level 1".  I then had the dhcp client searching for a server and ran the commands several times during this period with the same results.

CDG515ASA01# debug dhcpd packet
debug dhcpd packet enabled at level 1
CDG515ASA01# debug dhcpd event
debug dhcpd event enabled at level 1

Next I tried to setup this command however it had an issue with "MATCH" I believe it was.

CDG515ASA01# capture dhcp-cap interface OpenInternet match udp any any range 67 68

capture dhcp-cap interface "OpenInternet" match udp any any range     

                                                             ^
ERROR: % Invalid input detected at '^' marker.

Thanks for all your help so far!

Hi Robert,

Sorry, I should have asked what version you are running before giving you the capture command. Use this instead:

access-list dhcp-acl permit udp any any range 67 68

capture dhcp-cap access-list dhcp-acl interface OpenInternet

Once that's done, have the client try to request an address again. Next, look at the output of 'show cap dhcp-cap' and let us know if you see 2-way communication between the client and the ASA.It would also be helpful to pull the capture off the ASA in PCAP format so we can look at it in Wireshark. You can do that by browsing to this link and saving the file:

https:///capture/dhcp-cap/pcap

-Mike

Well it took a while but I think i got it going.  Show dchp-cap doesn't work for me, but please understand that I barely know how to work this equipment unfortunately, but I'm learning.  I had to look up how to get in and out of config mode.  :$   The Pcap output is fine I think.

It has null characters so I will attach the txt file rather than copy-pasting.

Didn't work. 

I have blown away this configuration and recreated at least 7 times with different names.  I even tried making a new vlan interface from 0/2.  Finally I had to resort to asking for help. 

Cisco Adaptive Security Appliance Software Version 7.2(2)
Device Manager Version 5.2(2)

Client is Win Xp sp3

I can't power cycle the device till later this evening since that will drop everyone in the office as well as a few VPN users that are in it right now, but I will let you know what happens after I do.

Thanks a whole lot for your help so far.

Hello,

Do you have an access-list on that interface? If yes, can you add an entry

like "access-list   line 1 permit ip host 0.0.0.0 host

255.255.255.255"?

Hope this helps.

Regards,

NT

I was able to power cycle the device on Sunday and DHCP is working fine.  I think the dhcp_daemon got stuck as you mentioned.

Thank-you