Unable to get IP Address from ASA5520 (Configured as DHCP server

Adam David · ‎04-05-2012

Hi,

I’ve configured 2 ASA5520 firewall, one with DCHP server setting and the other one with DHCP client setting. The problem is the DHCP client unable to get an ip address from DHCP server. The configuration for both are as follows.

Toplogy

DHCP Server (10.10.10.10) -------------- ethernet switch --------------DHCP Client

ASA5520 as DHCP Server

DHCP-Server# sh int ip br

Interface IP-Address OK? Method Status Protocol

Ethernet0/0 unassigned YES unset administratively down up

Ethernet0/1 10.10.10.10 YES manual up up

DHCP-Server# sh run int e0/1

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 10.10.10.10 255.255.255.0

DHCP-Server#

DHCP-Server# sh run dhcpd

dhcpd address 10.10.10.11-10.10.10.20 inside

dhcpd enable inside

!

DHCP-Server#

ASA5520 as DHCP Client

DHCP-Client# sh run int e0/0

!

interface Ethernet0/0

no nameif

no security-level

ip address dhcp setroute

DHCP-Client#

DHCP-Client# sh ip

System IP Addresses:

Interface Name IP address Subnet mask Method

Ethernet0/0 unassigned unassigned DHCP

Current IP Addresses:

Interface Name IP address Subnet mask Method

Ethernet0/0 unassigned unassigned DHCP

DHCP-Client#

DHCP-Client# sh int ip br

Interface IP-Address OK? Method Status Protocol

Ethernet0/0 unassigned YES DHCP up up

There’s no issue with physical connection as I’m able to ping both firewalls if I configure it with static IP. Please help.

varrao · ‎04-05-2012

HI Adam,

On the DHCP client ASA, you would need to specify the security-level as well as nameif on the eth0/0 interface.

Varun

Thanks,
Varun Rao

Adam David · ‎04-05-2012

Thanks Varun for your prompt reply. I’ve specified the security level as suggested but still didn’t work.

DHCP-Client# sh run int e0/0

!

interface Ethernet0/0

nameif outside

security-level 0

ip address dhcp setroute

DHCP-Client#

DHCP-Client# sh int ip br

Interface IP-Address OK? Method Status Protocol

Ethernet0/0 unassigned YES DHCP up up

DHCP-Client# sh ip ad

System IP Addresses:

Interface Name IP address Subnet mask Method

Ethernet0/0 outside unassigned unassigned DHCP

Current IP Addresses:

Interface Name IP address Subnet mask Method

Ethernet0/0 outside unassigned unassigned DHCP

DHCP-Client# sh run int e0/0

!

interface Ethernet0/0

nameif outside

security-level 0

ip address dhcp setroute

DHCP-Client#

DHCP-Client# sh int e0/0

Interface Ethernet0/0 "outside", is up, line protocol is up

Hardware is linaeth, BW Unknown Speed-Capability, DLY 1000 usec

Auto-Duplex(Full-duplex), (100 Mbps)

Media-type configured as RJ45 connector

MAC address 00ab.a72f.0100, MTU 1500

IP address unassigned

0 packets input, 46 bytes, 0 no buffer

Received 1 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 L2 decode drops

0 packets output, 108624 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

input queue (curr/max packets): hardware (128/128) software (0/1)

output queue (curr/max packets): hardware (0/0) software (0/1)

Traffic Statistics for "outside":

1 packets input, 32 bytes

185 packets output, 106012 bytes

0 packets dropped

1 minute input rate 0 pkts/sec, 0 bytes/sec

1 minute output rate 0 pkts/sec, 86 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 0 pkts/sec, 0 bytes/sec

5 minute output rate 0 pkts/sec, 90 bytes/sec

5 minute drop rate, 0 pkts/sec

DHCP-Client# D

Amit Rai · ‎04-06-2012

Hi Adam,

Can you remove the switch from between and see if you ar able to get the IP address

In case that does not work.

Please collect the outputs of below debugs from both the ASA and send it to me.

debug dhcpd event

debug dhcpd packet

debug dhcpc error

debug dhcpc packet

debug dhcpc detail

Unable to get IP Address from ASA5520 (Configured as DHCP server)