Solved: DHCPD address on ASA

mahesh18 · ‎05-07-2013

Hi everyone,

when we need to configure DHCP pool on ASA we use command

dhcpd address 192.168.50.3-192.168.50.192 interface x

But why we will use this option below

dhcpd address 192.168.150.120-192.168.150.120 int y

Need to know why we make a dhcpd pool of single address?

Thanks

Mahesh

Jouni Forss · ‎05-07-2013

Hi,

Is this from some example or where is it from?

I dont personally see a point in a 1 address DHCP Pool.

Otherwise the "interface" parameter is used to separate certain parameters to only apply to certain interface on the ASA since there might be multiple interfaces on the ASA with DHCP running.

This would let you for example to configure separate DNS servers for each DHCP interface.

To be honest, the DHCP options of the ASA are very few. If you are trying to achieve anything more complicated I would suggest separate DHCP server or using even some Cisco Router as the DHCP server.

One special pool size limitation is with regards the ASA5505 model.

Since it has 10 and 50 users licenses, those will limit how big you can configure only a limited size pool. If the pool configured is too big the ASA will give an error message.

In general the ASA is limited to a pool of the size /24 network and you cant configure multiple pools per interface.

- Jouni

View solution in original post

Jouni Forss · ‎05-07-2013

Ok,

Well I am not sure why would anyone configure an DHCP Pool of 1 IP address.

Maybe it has been there for some test previously because I cant see much use for it in a production environment if there was only 1 IP address it could assign to a host.

Are the host behind that "y" currently directly connected to the ASA through a switched L2 network? Or is there a router behind that interface and routers configured towards in on the ASA? (route y 192.168.150.x)

Is that IP address currently binded to any device

show dhcpd binding

- Jouni

View solution in original post

Jouni Forss · ‎05-07-2013

But wasnt the single IP address configured for interface Y and not interface X?

If the "show dhcpd bindings" shows the Pool IP address in its listing then that DHCP Pool is in use.

Totally different matter ofcourse if there are more hosts trying to get an IP address. Which they naturally cant get since there is only one IP address in the pool.

- Jouni

View solution in original post

Jouni Forss · ‎05-07-2013

Hi,

The command "show dhcpd binding" command should show you all the IP address that the ASA has given with the DHCP service.

I dont know why the pools have been configured the way you say they have been.

You can also check the output of "show arp" or "show arp | inc y" to see if there are more than the one DHCP host behind interface named "y".

If there is only a single host with the IP address from the DHCP Pool then I guess its just some device for which someone wanted to use DHCP. But I still dont know why it was configured in that way.

Was there something wrong with the setup or something you need to find out other than the fact that its a pretty wierd setup (1 IP address DHCP pool) ?

- Jouni

View solution in original post

Jouni Forss · ‎05-07-2013

Hi,

But did you already state in the original post how it was configured?

If I had the following interfaces on my ASA for example

interface GigabitEthernet0/2

description LAN - WLAN Trunk

interface GigabitEthernet0/2.100

vlan 100

nameif LAN

security-level 100

ip add 10.10.100.1 255.255.255.0

interface GigabitEthernet0/2.200

vlan 200

nameif WLAN

security-level 100

ip add 10.10.200.1 255.255.255.0

And I wanted to configure DHCP configurations for these then I would configure the following for example

dhcpd address 10.10.100.100-10.10.100.200 LAN

dhcpd dns 8.8.8.8 LAN

dhcpd enable LAN

dhcpd address 10.10.200.100-10.10.200.200 WLAN

dhcpd dns 8.8.8.8 WLAN

dhcpd enable WLAN

Nothing much more to it configuration wise.

- Jouni

View solution in original post

Jouni Forss · ‎05-07-2013

Hi,

If the command "show arp | inc y" is showing several IP address for the interface "y" and also includes the single IP address configured in the DHCP Pool then it means that

The host with the DHCP Pool IP address has gotten the IP address with the use of DHCP from the ASA
Rest of the visible IP address from the "show arp" command have been configured staticly with their IP addresses and DONT use DHCP. Atleast they dont use the ASA as a DHCP server but might get the IP address from some other DHCP server but I doub it.

- Jouni

View solution in original post

Jouni Forss · ‎05-07-2013

Hi,

Yes, the only IP address that the ASA will give with the DHCP service is the one configured in the pool

You can confirm this with the previously mentioned command

show dhcpd binding

Which will show all the IP addresses the ASA has given with its DHCP service.

The other hosts with the other IP addresses are either configured with a static network settings on the actual host or they are getting their IP address from some other device. I would imagine they have been configured staticly.

- Jouni

View solution in original post

Jouni Forss · ‎05-07-2013

Hi,

Is this from some example or where is it from?

I dont personally see a point in a 1 address DHCP Pool.

Otherwise the "interface" parameter is used to separate certain parameters to only apply to certain interface on the ASA since there might be multiple interfaces on the ASA with DHCP running.

This would let you for example to configure separate DNS servers for each DHCP interface.

To be honest, the DHCP options of the ASA are very few. If you are trying to achieve anything more complicated I would suggest separate DHCP server or using even some Cisco Router as the DHCP server.

One special pool size limitation is with regards the ASA5505 model.

Since it has 10 and 50 users licenses, those will limit how big you can configure only a limited size pool. If the pool configured is too big the ASA will give an error message.

In general the ASA is limited to a pool of the size /24 network and you cant configure multiple pools per interface.

- Jouni

mahesh18 · ‎05-07-2013

Hi jouni,

this was from config of ASA.

But seems this box has some other inetrface also config for DHCP pool and that has IP range.

Thanks

Mahesh

Jouni Forss · ‎05-07-2013

Ok,

Well I am not sure why would anyone configure an DHCP Pool of 1 IP address.

Maybe it has been there for some test previously because I cant see much use for it in a production environment if there was only 1 IP address it could assign to a host.

Are the host behind that "y" currently directly connected to the ASA through a switched L2 network? Or is there a router behind that interface and routers configured towards in on the ASA? (route y 192.168.150.x)

Is that IP address currently binded to any device

show dhcpd binding

- Jouni

mahesh18 · ‎05-07-2013

Hi jouni,

It has no route that goes via interface x.

sh dhcpd binding shows

same ip and mac address.

thanks

mahesh

Jouni Forss · ‎05-07-2013

But wasnt the single IP address configured for interface Y and not interface X?

If the "show dhcpd bindings" shows the Pool IP address in its listing then that DHCP Pool is in use.

Totally different matter ofcourse if there are more hosts trying to get an IP address. Which they naturally cant get since there is only one IP address in the pool.

- Jouni

mahesh18 · ‎05-07-2013

hi jouni,

Say gi0/0 is outside interface then it has

gi0/0.1 interface z this has dhcp pool with multiple ip address.

gi0/0.2 interface y this is dhcp pool with single ip

when i do sh dhcpd binding it shows IP int range of int Z but only 1 ip for interface y

as interface y is config as dhcp pool with single ip.

Thanks

Mahesh

Jouni Forss · ‎05-07-2013

Hi,

The command "show dhcpd binding" command should show you all the IP address that the ASA has given with the DHCP service.

I dont know why the pools have been configured the way you say they have been.

You can also check the output of "show arp" or "show arp | inc y" to see if there are more than the one DHCP host behind interface named "y".

If there is only a single host with the IP address from the DHCP Pool then I guess its just some device for which someone wanted to use DHCP. But I still dont know why it was configured in that way.

Was there something wrong with the setup or something you need to find out other than the fact that its a pretty wierd setup (1 IP address DHCP pool) ?

- Jouni

mahesh18 · ‎05-07-2013

Hi Jouni,

I just need to know how this is configured.

i will run above commands and will let you know.

Thanks

Mahesh

mahesh18 · ‎05-07-2013

Hi jouni,

When i ran the command sh arp | inc y it shows

3 ip addresses one of which is .120

dhcpd address 192.168.150.120-192.168.150.120 int y

i am just trying to undertsand how dhcp pool with single ip in pool is using the few ip addresses

Thanks

mahesh

Jouni Forss · ‎05-07-2013

Hi,

But did you already state in the original post how it was configured?

If I had the following interfaces on my ASA for example

interface GigabitEthernet0/2

description LAN - WLAN Trunk

interface GigabitEthernet0/2.100

vlan 100

nameif LAN

security-level 100

ip add 10.10.100.1 255.255.255.0

interface GigabitEthernet0/2.200

vlan 200

nameif WLAN

security-level 100

ip add 10.10.200.1 255.255.255.0

And I wanted to configure DHCP configurations for these then I would configure the following for example

dhcpd address 10.10.100.100-10.10.100.200 LAN

dhcpd dns 8.8.8.8 LAN

dhcpd enable LAN

dhcpd address 10.10.200.100-10.10.200.200 WLAN

dhcpd dns 8.8.8.8 WLAN

dhcpd enable WLAN

Nothing much more to it configuration wise.

- Jouni

Jouni Forss · ‎05-07-2013

Hi,

If the command "show arp | inc y" is showing several IP address for the interface "y" and also includes the single IP address configured in the DHCP Pool then it means that

The host with the DHCP Pool IP address has gotten the IP address with the use of DHCP from the ASA
Rest of the visible IP address from the "show arp" command have been configured staticly with their IP addresses and DONT use DHCP. Atleast they dont use the ASA as a DHCP server but might get the IP address from some other DHCP server but I doub it.

- Jouni

mahesh18 · ‎05-07-2013

Hi jouni,

the interface y has ip statically configured as 192.168.150.121

dhcpd pool has single ip 192.168.150.120

so it means whatever host has ip 192.168.150.120 its getting ip from DHCP server defined on ASA right?

All other hosts with IP like .121,122,123 are statically configured right?

Thanks

Mahesh

Jouni Forss · ‎05-07-2013

Hi,

Yes, the only IP address that the ASA will give with the DHCP service is the one configured in the pool

You can confirm this with the previously mentioned command

show dhcpd binding

Which will show all the IP addresses the ASA has given with its DHCP service.

The other hosts with the other IP addresses are either configured with a static network settings on the actual host or they are getting their IP address from some other device. I would imagine they have been configured staticly.

- Jouni

mahesh18 · ‎05-07-2013

Hi Jouni,

Regards again.

Mahesh