11-04-2015 11:11 AM - edited 03-08-2019 02:34 AM
Hello Everyone:
There is an ASA 5510. interface inside, interface outside, three subinterfaces in a third physical port. There is a DHCP on the LAN connected to the inside interface.
Currently, the machines get their IP address from this device on their own VLAN (inside).
Now, I'm adding new devices on separated vlan connected to one of those subinterfaces I mentioned before. I activated dhcp relay on the ASA, pointing at the DHCP server on the LAN, and enabled it on that subinterface *(guest). All was OK for the new VLAN, but computers on the LAN started to get IP address from the new scope which should only provide addresses for the new VLAN.
Ex:
LAN: 172.16.1.0/24
New VLAN: 172.24.1.0/24
PCs on the LAN are getting IP addresses from 172.24.1.0/24 subnet...
New VLAN_____PC on New VLAN
|
|
(guest)
LAN ------(inside) ASA (outside) ------- Internet
|
|_________PConLAN
DHCP Server
Is there any means to prevent this from happening, or do you know what could be causing this?
PS: no router before the ASA. No L3 SW. No ip-helper on any SW from the LAN.
Thanks.
Regards.
 
					
				
		
11-04-2015 04:09 PM
What do you have running the DHCP server?
11-04-2015 07:09 PM
Windows 2008 Server.
It´s like the relay agent didn´t work.
11-05-2015 07:02 AM
Hi. The problem was solve. It was the DHCP Server who is triccky. Scopes must be outside any superscope created. That way It worked.
Just want you to know that.
Thanks.
Regards.
 
					
				
		
11-04-2015 07:09 PM
Hello,
Two solutions come to my mind.
1- Bind the mac address of your clients in the old LAN to the IP addrsses in the DHCP server, so your client will recieve always the same ip address you assigned. For your new LAN, you do not need to do anything.
2- Move your DHCP server to a seperate VLAN and use DHCP relay for your both old and new LAN
Hope it helps,
Masoud
11-04-2015 07:09 PM
Is the subnet mask of DHCP server correct? Is it /24?
11-04-2015 07:12 PM
I've checked the mask. It's ok.
And the issue is that on that vlan, I will install about 200 ip phones. It´s a little complicated to fix macs
11-04-2015 07:23 PM
I surfed some other websites and noticed the issue is common. I think moving the DHCP server to a new VLAN works.
Hope it helps,
Masoud
11-04-2015 07:31 PM
Mmmm. I think I'm moving the vlan behind the firewall, and I will IP helpers from a L3 SW that is installed there.
Thanks.
11-05-2015 07:07 AM
Please get back with the result.
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide