Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2465
Views
0
Helpful
4
Replies

DHCP Requests not being relayed

ammartalal
Level 1
Level 1

‎08-26-2021 08:21 AM

We are having the below diagram

 

 

HLD.jpg

 

Core switch is having an IP 10.195.8.4/23 on the default VLAN and is having IP address 10.195.10.5/24 on VLAN10. Cisco ASA FW is having 2 connections from the core switch, one is an access on VLAN1, and the other is a port-channel that handles all other VLANs traffic, including VLAN10. Cisco ASA is having the IP 10.195.8.2/23 configured on the interface connected to VLAN1, and it is having the IP 10.195.10.1/24 configured on interface port-channel1.10 (VLAN10 in this case). The DHCP server is having an IP address of 10.195.8.1/23.

 

When we removed the IP address of VLAN1 from the core switch, i.e. 10.195.8.4/23, all DHCP traffic was dropped. We have ip helper-address configured on all needed VLANs inside the Core Switch, and it is also configured on the ASA as well on all required interfaces.

 

Is there anything that needs to be modified/added to bypass the need for the Core Switch ip helper-address and relying totally on the ASA for that role? Or is there any other suggestion?

 

Thank you in advance.

Labels:
0 Helpful
4 Replies 4

Georg Pauwen
VIP
VIP

‎08-26-2021 12:59 PM

Hello,

 

post the full configs of both the core switch and the ASA...

0 Helpful

rmfalconer
Level 1
Level 1

‎08-26-2021 01:00 PM

You need a helper statement on the vlan 10 interface. DHCP is a broadcast and won't cross an L3 boundary.

What does the routing look like after you removed the vlan1 interface from the core switch? What's the gateway for the DHCP server and how does traffic from vlan 10 get to vlan 1? 

 

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to rmfalconer

‎08-26-2021 02:19 PM

The original post asks 2 questions: 1) is it possible to have the ASA forward the dhcp requests instead of having the core switch do it? 2) why does the dhcp relay not work when the core switch IP address for vlan 1 is removed?

I have a suggestion for 1). This link discusses how to have ASA forward dhcp requests

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/116265-configure-product-00.html#anc10

I do not have enough information about the situation to answer 2)

HTH

Rick
0 Helpful

paul driver
VIP
VIP

‎08-28-2021 11:42 AM - edited ‎08-28-2021 01:59 PM

Hello

As you have removed the vlan1 SVI off the core and this was the DG for you clients then suggest you:
1- disable ip routing on the core and add a DG to the asa from vlan 10 for mgt

2- Change the ip address on the ASA for vlan1 to be 10.195.8.4/23 ( old core vlan 1 SVI)


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents