Solved: DHCP issues with ASA 5505

Daniel-IT78 · ‎01-22-2016

All of my client computers that are setup to get their IP address and DNS automatically are coming back with the same incorrect information. If I do an ipconfig /all I get the DHCP and therefore the DNS are coming from 192.168.3.1 which is our Cisco ASA 5505, but the DNS Servers are not right.

Connection-specific DNS Suffix . : company.local
DHCP Enabled. . . . . . . . . . . . : Yes
Autoconfiguration Enabled . : Yes
IPv4 Address. . . . . . . . . . . . : 192.168.3.204(Preferred)
Subnet Mask . . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, January 22, 2016 10:32:37 AM
Lease Expires . . . . . . . . . . : Saturday, January 23, 2016 10:32:40 AM
Default Gateway . . . . . . . . : 192.168.3.1
DHCP Server . . . . . . . . . . . : 192.168.3.1
DNS Servers . . . . . . . . . . . : 192.168.3.2
192.168.2.70
NetBIOS over Tcpip. . . . . . . : Enabled

The issue that I am having is that they are receiving an address for 192.168.3.2 which was removed as a DNS server and never had the DHCP role. Also, If i look at the DHCP settings for the ASA it has a scope setup for 192.168.3.10 - 150 with the DNS address of 192.168.2.70 but it is listed as disabled. I can also see client devices with address of 150+ so I don't know what is actually handling the DHCP.

Result of the command: "show running-config dhcpd"
dhcpd dns 192.168.2.70
dhcpd domain company.local
!
dhcpd address 192.168.3.10-192.168.3.150 inside
dhcpd option 242 ascii Mcipadd=192.168.100.252,httpsrvr=192.168.100.252,tftpdir=/,mcport=1719,l2qvlan=100,l2qsig=5,l2qaud=5,phndlength=4,vlantest=999 interface inside

My experience with Cisco networking is limited but a number of things just don't add up.

johnd2310 · ‎01-26-2016

Hi,

I think you have another device assigning dhcp addresses. Can you check the new switches that were installed and make sure they are not configured for dhcp. 192.168.3.1 is probably one of the new switches installed. Trace the cable that is connected to interface INSIDE on the asa and see which device that cable is connected to.

Thanks

John

**Please rate posts you find helpful**

View solution in original post

Philip D'Ath · ‎01-22-2016

How long ago was 192.168.3.2 removed as a DNS server from DHCP?

I don't see anything suggested the config is disabled.

If you see clients with IP address greater than 150 than there is probably a second DHCP server on your network. Do an "ipconfig /all" on them, and find out which DHCP server they are using.

Daniel-IT78 · ‎01-22-2016

The DNS server was removed last week and while there are several servers in our network that have the DHCP role, none of them are even in the 192.168.3.x range that all of our users are getting. They have always had 192.168.3.1 listed as the DHCP server and gateway. What I am referring to as being disabled is listed in the GUI as not Enabled.

Philip D'Ath · ‎01-22-2016

If you are sure 192.168.3.1 is the ASA and should be the DHCP server, then you should correct this configuration issue and enable it. This may resolve your other issue.

Daniel-IT78 · ‎01-22-2016

Therein lies the million dollar question. If it is not listed as enabled on the ASA (at least in the GUI) and there is not a DHCP server configured to handle the 192.168.3.x scope then where are they getting their addresses from. My boss installed some new switches a few months back but she told me that she just plugged them in with no configuration at all. I dont know if some combination of autoconfig is pushing things down to the clients or what.

johnd2310 · ‎01-22-2016

Hi,

You will have to do a wireshark capture of DHCP packets on one of the PCs. Check the mac address of the dhcp server in the capture and see if that matches the mac address of the ASA inside interface.

Thanks

John

**Please rate posts you find helpful**

Daniel-IT78 · ‎01-26-2016

I actually already had the MAC address and it really does make me question whether the ASA is handling either the gateway or the DHCP. The address for the ASA which is what I would typically see as the gateway address is this.

192.168.3.254 CISCO SYSTEMS, INC. A4:4C:11:EF:29:A8

The IP and MAC address of what is listed as the gateway and DHCP is this.

192.168.3.1 CISCO SYSTEMS, INC. 00:1B:53:E5:47:20

The ASA's address matches up with the appropriate port but I don't know where the other could be coming from. I am also unable to access it via the web or SSH. Oddly I can access something via Telnet but it doesn't allow me to do much of anything.

Interface Vlan1 "inside", is up, line protocol is up
Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
MAC address a44c.11ef.29a8, MTU 1500
IP address 192.168.3.254, subnet mask 255.255.255.0

Also, would this static routing be configured correctly when our DHCP addresses are 192.168.3.X. As mentioned before my networking skills are lacking and the person who set this up is long since gone.

johnd2310 · ‎01-26-2016

Hi,

I think you have another device assigning dhcp addresses. Can you check the new switches that were installed and make sure they are not configured for dhcp. 192.168.3.1 is probably one of the new switches installed. Trace the cable that is connected to interface INSIDE on the asa and see which device that cable is connected to.

Thanks

John

**Please rate posts you find helpful**

Daniel-IT78 · ‎01-27-2016

I was able to track down which device was handing out the DHCPs and it was believed that it was only doing so for voice. Digging into the system and I found that it had a DHCP pool for Voice and Data so now we just have to decide how to want to move forward. Thank you everyone for your help.

Philip D'Ath · ‎01-26-2016

Have have two devices configure with the same IP address.

You need to unplug the ASA. Delete the ARP entry from your machine ("arp -d 192.168.3.1"), and then try and ping. If you get a response another device has the same IP address.

Keep unplugging network ports one at a time until the ping stops. You just find the device with a duplicate IP address.