Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1424
Views
3
Helpful
9
Replies

ASA + multiple subinterfaces/vlans + Microsoft DHCP Server + problem

dmeligrana_insud
Level 1
Level 1

‎11-04-2015 11:11 AM - edited ‎03-08-2019 02:34 AM

Hello Everyone:

 

                  There is an ASA 5510. interface inside, interface outside, three subinterfaces in a third physical port. There is a DHCP on the LAN connected to the inside interface.

                  Currently,  the machines get their IP address from this device  on their own VLAN (inside).

                  Now, I'm adding new devices on separated vlan connected to one of those subinterfaces I mentioned before. I activated dhcp relay on the ASA, pointing at the DHCP server on the LAN, and enabled it on that subinterface *(guest). All was OK for the new VLAN, but computers on the LAN started to get IP address from the new scope which should only provide addresses for the new VLAN.

Ex:

LAN: 172.16.1.0/24

New VLAN: 172.24.1.0/24

PCs on the LAN are getting IP addresses from 172.24.1.0/24 subnet...

                                New VLAN_____PC on New VLAN

                                       |

                                       |

                                   (guest)

    LAN    ------(inside)   ASA  (outside) ------- Internet

       | 

       |_________PConLAN

DHCP Server

Is there any means to prevent this from happening, or do you know what could be causing this?

PS: no router before the ASA. No L3 SW. No ip-helper on any SW from the LAN.

Thanks.

Regards.

Labels:
0 Helpful
9 Replies 9

Robert Falconer
Level 1
Level 1

‎11-04-2015 04:09 PM

What do you have running the DHCP server?

dmeligrana_insud
Level 1
Level 1
In response to Robert Falconer

‎11-04-2015 07:09 PM

Windows 2008 Server. 

It´s like the relay agent didn´t work.

0 Helpful

dmeligrana_insud
Level 1
Level 1
In response to dmeligrana_insud

‎11-05-2015 07:02 AM

Hi. The problem was solve. It was the DHCP Server who is triccky. Scopes must be outside any superscope created. That way It worked.

Just want you to know that.

Thanks.

Regards.

0 Helpful

Masoud Pourshabanian
VIP Alumni
VIP Alumni

‎11-04-2015 07:09 PM

Hello,

Two solutions come to my mind.

1- Bind the mac address of your clients in the old LAN to the IP addrsses in the DHCP server, so your client will recieve always the same ip address you assigned. For your new LAN, you do not need to do anything.

2- Move your DHCP server to a seperate VLAN and use DHCP relay for your both old and new LAN

Hope it helps,

Masoud

0 Helpful

Masoud Pourshabanian
VIP Alumni
VIP Alumni
In response to Masoud Pourshabanian

‎11-04-2015 07:09 PM

Is the subnet mask of DHCP server correct? Is it /24?

0 Helpful

dmeligrana_insud
Level 1
Level 1
In response to Masoud Pourshabanian

‎11-04-2015 07:12 PM

I've checked the mask. It's ok. 

And the issue is that on that vlan, I will install about 200 ip phones. It´s a little complicated to fix macs

0 Helpful

Masoud Pourshabanian
VIP Alumni
VIP Alumni
In response to dmeligrana_insud

‎11-04-2015 07:23 PM

I surfed some other websites and noticed the issue is common. I think moving the DHCP server to a new VLAN works.

Hope it helps,

Masoud

0 Helpful

dmeligrana_insud
Level 1
Level 1
In response to Masoud Pourshabanian

‎11-04-2015 07:31 PM

Mmmm. I think I'm moving the vlan behind the firewall, and I will IP helpers from a L3 SW that is installed there.

Thanks.

0 Helpful

Masoud Pourshabanian
VIP Alumni
VIP Alumni
In response to dmeligrana_insud

‎11-05-2015 07:07 AM

Please get back with the result.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card