Hello. Yes the DHCP pool is

Charger1129 · ‎10-15-2014

Hello. I have a current set up on our Cisco ASA with a guest wireless network that uses a DHCP scope configured on the ASA firewall. The problem I am having is that any clients who connect to this guest network cannot acquire an IP address via DHCP. The AP's are set up as FlexConnect in our environment.

So far I have tried disabling/enabling the scope as well as reloading the ASA and no luck.

Saurav Lodh · ‎10-16-2014

DHCP packets from client to server utilize UDP source port 68 and destination port 67. DHCP packets from the server to the client utilize UDP source port 67 and destination port 68. DNS uses UDP port 53. These ports must be allowed through the firewall when internal DNS and DHCP servers are implemented.

Vibhor Amrodia · ‎10-21-2014

Hi,

In this scenario , the ASA is acting as a DHCP server so these ports doesn't have to be allowed through to get this working.

You would have to check the DHCP requests on the ASA interface using the captures or debugs and see if the DORA process is completing or not ?

Also , if you are using a windows machine , run wire shark and see the captures.

Thanks and Regards,

Vibhor Amrodia

Charger1129 · ‎10-28-2014

Any thoughts based on the below?

DHCPD: checking for expired leases.
DHCPD: Server msg received, fip=ANY, fport=0 on wireless interface
DHCPD: DHCPINFORM received from client <MAC ADDRESS> (10.10.10.55).
DHCPD: DHCPINFORM no configuration exists, try forwarding the message.
DHCPD: checking for expired leases.
DHCPD: Server msg received, fip=ANY, fport=0 on wireless interface
DHCPD: DHCPINFORM received from client <MAC ADDRESS> (10.10.10.61).
DHCPD: DHCPINFORM no configuration exists, try forwarding the message.
DHCPD: Server msg received, fip=ANY, fport=0 on wireless interface
DHCPD: DHCPINFORM received from client <MAC ADDRESS> (10.10.10.55).
DHCPD: DHCPINFORM no configuration exists, try forwarding the message.

Vibhor Amrodia · ‎10-28-2014

Hi,

From these Debugs , i see that the client already has got an IP address and that is why it is sending a DHCP INFORM packet.

"DHCPInform is a new DHCP message type, defined in RFC 2131, used by computers on the network to request and obtain information from a DHCP server for use in their local configuration. When this message type is used, the sender is already externally configured for its IP address on the network, which may or may not have been obtained using DHCP. This message type is not currently supported by the DHCP service provided in earlier versions of Windows NT Server and may not be recognized by third-party implementations of DHCP software. "

Refer:-

http://technet.microsoft.com/en-us/library/cc958940.aspx

Is this IP from the Pool configured on the ASA device ?

Running Wire shark captures and then trying a renew and release for ipconfig should show the issue.

Thanks and Regards,

Vibhor Amrodia

Charger1129 · ‎11-03-2014

Hello. Yes the DHCP pool is configured on the ASA. I don't really see anything too out of the ordinary in the wireshark capture, but I could be missing something.

Is there anything specific I should be looking for?

Charger1129 · ‎10-28-2014

Does anyone know the troubleshoot commands to do a debug on this?

Cisco ASA DHCP - Unable to acquire IP DHCP Address