cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5072
Views
0
Helpful
4
Replies

The ASA 5505 DHCP Problem

amanpreet.s
Level 1
Level 1

Hi,

I have configured ASA 5505. Everything works great except the DHCP. If i reload the firewall then sometimes it gives the ip addresses to the clients but after sometime the client can't get any ip through DHCP. on the other side the manual configuration works just fine.

I am using 8.3 OS and following is the partial information on dhcp from running-config:


dhcpd address 10.2.1.100-10.2.1.130 inside
dhcpd dns x.x7.7x.1x0 x.x7.7x.1x0 interface inside
dhcpd wins 10.x.1.x interface inside
dhcpd lease 28800 interface inside
dhcpd domain xxx.com interface inside
dhcpd update dns both override interface inside
dhcpd enable inside

any help will be appreciated.

Thanks

4 Replies 4

Hi,

To check why the ASA won't assign an IP sometimes or if there's any communication problem at that point you can use:

debug dhcpd event

debug dhcpd packet

Federico.

Thank you Federico for replying.

I am keep getting these messge after starting the debug:

DHCPD: Server msg received, fip=ANY, fport=0 on inside interface
DHCPD: DHCPREQUEST received from client 0100.1xx1.xxxx.0b.
DHCPD: zero is an invalid client address.

is this normal or you see any prob.

Thanks

Is the ASA assigning IPs to the directly connected subnet on the inside or are you doing DHCP relay with another device?

Another approach to capture the communication:

access-list dhcp-acl permit udp any any range 67 68

capture dhcp-cap access-list dhcp-acl interface inside

Once  that's done, have the client try to request an address again. Next,  look at the output of 'show cap dhcp-cap' and let us know if you see  2-way communication between the client and the ASA.It would also be  helpful to pull the capture off the ASA in PCAP format so we can look at  it in Wireshark. You can do that by browsing to this link and saving  the file:

https:///capture/dhcp-cap/pcap

Federico.

After seeing the error zero is invalid address, I changed the dhcp pool to 99 to 131 and i am not seeing that error anymore. I know it shouldn't matter but i just changed it to be on safe side.

I've attached the file. please take look.

Review Cisco Networking for a $25 gift card