[c-nsp] Cisco ASA 5520 and DHCP relay

Alasdair Gow alasdair.gow at lumison.net
Wed Mar 12 12:13:04 EDT 2008 

Have you tried taking the asa out of the equation?

Use a switch (or crossover depending on your setup) and once you know 
the linux box is doing dhcp correctly put the asa back in.

Or have you done this already?

What are the logs on the asa saying?

Whats the MTU set at, everything the same? win/asa/linux?

Can you run tcpdump on the linux client and then set to dhcp and see if 
its sending ok?

Ally


Eimantas Zdanevičius wrote:
> Hello all,
>
>
> I have linux dhcp server connected to one ASA 5520 (routing mode, single 
> context) interface, and dhcp clients connected to other ASA 5520 
> interface. I have set dhcprelay agent on asa:
>
> dhcprelay server dhcp_server servers
> dhcprelay enable test
> dhcprelay timeout 60
>
> Linux DHCP server configuration:
>
> default-lease-time  1800;    # 1/2 hour
> max-lease-time      3600;    # 1 hour
> min-lease-time       900;    # 1/4 hour
> one-lease-per-client true;
> option arp-cache-timeout 3600;
> option netbios-node-type 1;
> ddns-update-style none;
> ddns-updates off;
> authoritative;
> subnet 10.5.0.0 netmask 255.255.255.0 {
>         option routers                  10.5.0.254;
>         option subnet-mask              255.255.255.0;
>         option domain-name-servers      10.0.0.1,10.0.0.2;
>         host asus { fixed-address 10.5.0.20; hardware ethernet 
> 00:18:f3:3e:bc:3e; }
> }
>
> I have laptop (named asus in dhcp config) with Windows XP and Linux 
> operating systems. When i run Windows XP my laptop gets ip address and 
> all works fine. But linux cant get ip address from dhcp server.
>
> i can't see any activity on dhcp server from linux client (message.log, 
> tcpdump), when i run windows i see DHCP messages on dhcp server.
>
>
> how can i resolve this problem?
>
> How can i debug dhcp packets on asa5520?
>
>
> Thanks,
> Eimantas
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>   


-- 
Alasdair Gow
Lumison
t: 0845 1199 900
d: 0131 514 4042

P.S. It's a hat-trick - Lumison have been nominated for best business broadband, best email and best VoIP provider for the 2008 ISPAs


-- 

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed.  
If you have received this email in error please notify the sender. Any 
offers or quotation of service are subject to formal specification.  
Errors and omissions excepted.  Please note that any views or opinions 
presented in this email are solely those of the author and do not 
necessarily represent those of Lumison, nplusone or lightershade ltd.  
Finally, the recipient should check this email and any attachments for the 
presence of viruses.  Lumison, nplusone and lightershade ltd accepts no 
liability for any damage caused by any virus transmitted by this email.

More information about the cisco-nsp mailing list