[c-nsp] dhcprelay regression on latest pix 515 firmware (8.0.4)

Alexander Fisher alex at alexfisher.me.uk
Wed Apr 1 05:42:52 EDT 2009 

Hi

I've uncovered a problem with the latest pix 515 firmware (asa-8.0.4)
which didn't exist in 8.0.3.
The dhcprelay function no longer works in some circumstances.
Specifically, I can no longer
do automated linux client installs over the network (FAI).  The
initial dhcp at pxeboot time works fine,
but the later dhcp operation after kernel boot fails.

The client sends a DHCP Request and this gets relayed to the server
without problems, but the
returned DHCP Ack is not forwarded back to the client.

Turning on debug dhcprelay error etc gives...

DHCPRA: relay binding created for client 001d.09fa.6f13.
DHCPD: setting giaddr to 192.168.63.1.
dhcpd_forward_request: request from 001d.09fa.6f13 forwarded to shadowcat.
DHCPD/RA: Punt shadowcat/17152 --> 192.168.63.1/17152 to CP
DHCPRA: Received a BOOTREPLY from interface 2
DHCPRA: relay binding found for client 001d.09fa.6f13.
DHCPRA: Adding rule to allow client to respond using offered address dmz2
DHCPRA: forwarding reply to client 001d.09fa.6f13.
DHCPRA: relay binding found for client 001d.09fa.6f13.
DHCPD: setting giaddr to 192.168.63.1.
dhcpd_forward_request: request from 001d.09fa.6f13 forwarded to shadowcat.
DHCPD/RA: Punt shadowcat/17152 --> 192.168.63.1/17152 to CP
DHCPRA: Received a BOOTREPLY from interface 2
DHCPRA: relay binding found for client 001d.09fa.6f13.
DHCPRA: exchange complete - relay binding deleted for client 001d.09fa.6f13.
DHCPD: returned relay binding 192.168.63.1/001d.09fa.6f13 to address pool.
dhcpd_destroy_binding() removing NP rule for client 192.168.63.1
DHCPRA: forwarding reply to client 001d.09fa.6f13.
DHCPRA: Can't Create binding
DHCPD: setting giaddr to 192.168.63.1.
dhcpd_forward_request: request from 001d.09fa.6f13 forwarded to shadowcat.
DHCPD/RA: Punt shadowcat/17152 --> 192.168.63.1/17152 to CP
DHCPRA: Received a BOOTREPLY from interface 2
DHCPRA: dhcp_relay_agent_receiver:can't find binding
DHCPRA: Can't Create binding
DHCPD: setting giaddr to 192.168.63.1.
dhcpd_forward_request: request from 001d.09fa.6f13 forwarded to shadowcat.
DHCPD/RA: Punt shadowcat/17152 --> 192.168.63.1/17152 to CP
DHCPRA: Received a BOOTREPLY from interface 2
DHCPRA: dhcp_relay_agent_receiver:can't find binding
DHCPRA: Can't Create binding
DHCPD: setting giaddr to 192.168.63.1.
dhcpd_forward_request: request from 001d.09fa.6f13 forwarded to shadowcat.
DHCPD/RA: Punt shadowcat/17152 --> 192.168.63.1/17152 to CP
DHCPRA: Received a BOOTREPLY from interface 2
DHCPRA: dhcp_relay_agent_receiver:can't find binding

Googling turned up nothing, so hopefully this post might be of help to someone.
Does anybody know what could cause the "DHCPRA: Can't Create binding" error?

Kind Regards,
Alex

More information about the cisco-nsp mailing list