09-11-2018 06:47 AM - edited 02-21-2020 08:13 AM
It is my understanding that you can configure up to 4 DHCP servers on an ASA. So if an ASA was configured this way, (with 4 relays configured on the same interface) does the firewall go through the list of the 4 relays in the config in order? If the first one listed replies, do the other 3 even become used? Is there any way to influence the ASA to use more than one, assuming all 4 DHCP servers are reachable at any given time? Or is it the case as long as the first one listed is replying, the other's in the config are really there for "backup purposes". Please advise
thanks
09-12-2018 01:55 AM
Hello,
Referring to the document below, it seems that ASA sends the request from client to all the configured DHCP servers as unicast request and I would assume that it is left for the servers and clients to decide who replies or which reply the client uses to obtain the ip address. Also, 10 DHCP servers can be configured:
Snippet from the same link:
You can define up to ten DHCP servers. When a client sends a DHCP Discover packet, it is forwarded to all of the DHCP servers.
Here is an example:
dhcprelay server 198.51.100.2 outside dhcprelay server 198.51.100.3 outside dhcprelay server 198.51.100.4 outside dhcprelay enable inside dhcprelay setroute inside
Here are some example debugs when multiple DHCP servers are used:
DHCP: Received a BOOTREQUEST from interface 2 (size = 300) DHCPRA: relay binding found for client 000c.291c.34b5. DHCPRA: setting giaddr to 192.0.2.1. dhcpd_forward_request: request from 000c.291c.34b5 forwarded to 198.51.100.2. dhcpd_forward_request: request from 000c.291c.34b5 forwarded to 198.51.100.3. dhcpd_forward_request: request from 000c.291c.34b5 forwarded to 198.51.100.4.
Here is an example packet capture when multiple DHCP servers are used:
ASA# show cap out 3 packets captured 1: 18:48:41.211628 192.0.2.1.67 > 198.51.100.2.67: udp 300
2: 18:48:41.211689 192.0.2.1.67 > 198.51.100.3.67: udp 300
3: 18:48:41.211704 192.0.2.1.67 > 198.51.100.4.67: udp 300
HTH
AJ
09-12-2018 04:22 AM
11-03-2018 05:53 PM
I recently configured a lab for multiple dhcp relays, it was from a switch as opposed to an asa, as the previous guy said, i can confirm multiple discover packets will be sent but the first dhcp server to respond will be used.
A potential workaround is if you can randomly delay the responses from the server - im not a windows guy though!
Hope that helps.
Azam
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide