cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
453
Views
0
Helpful
7
Replies

dhcpd configuration

sansari
Level 1
Level 1

I have the following dhcpd configuration:

dhcpd address 10.1.1.5-10.1.1.7 outside

dhcpd enable outside

When I do

show proc | inc dhcp ,

I see the process, so it seems to be active. But when the client sends requests they droped on the outside interface with message:

%PIX-7-710005: UDP request discarded from 10.1.1.2/67 to outside:10.1.1.1/67

I searched on web, and seems this error means the device is not listening on this port. It was suggested to reboot the deamon, which I did, but I still get the same error. Any idea what to do?

7 Replies 7

andrew.prince
Level 10
Level 10

Have you configured the acl on the outside interface to allow in-coming DHCP requests?

HTH>

the acl is ip any any

For testing purposes - try adding:-

permit udp any any eq 67 log

permit udp any any eq 68 log

I added something similar, and I'll try this also. Here is what I have right now:

access-list inside-acl extended permit ip any any

access-list inside-acl extended permit udp any any

******************

To give you little more information. Seems the dhcp server configuration on this device works fine. The issue is with dhcprelay packets coming from another device between my client and the server. Here is what I amtyring to set up:

Client---dhcprelay(pix1)---dhcpserver(pix2)

When I configure the outside interface of pix1 with

ip address dhcp, it seems to get an ip address from the server just fine. But when the request comes in the form of a unicast udp packet through a relay vs. a multicast packet, the dhcpserver(pix2) drops the packet. Not sure why ...

I am doing some captures and see the service seems to work. Except that the device which is doing relay drops the udp packet from my dhcp server on its outside interface. Here is the message I see in the logs:

%PIX-7-710005: UDP request discarded from 128.231.200.221/67 to outside:165.112.89.1/67

Here is the relevant config from the dhcprelay device:

interface Ethernet0

speed 100

duplex full

nameif outside

security-level 0

ip address 128.231.70.36 255.255.255.0

!

interface Ethernet1

speed 100

duplex full

nameif inside

security-level 25

ip address 165.112.89.1 255.255.255.0

!

access-list outside-acl extended permit ip any any

access-list inside-acl extended permit ip any any

!

!

dhcprelay server 128.231.200.221 outside

dhcprelay enable inside

dhcprelay setroute inside

dhcprelay timeout 90

!

One more item to add, this packet drop shows up in the aspdrop capture also. Any thoughts on why?

Just to share the result with other folks, so you do not run into this issue, or know a possible way out. Seems I was running into an undocumented bug with 7.2(1) or rather one that was not seen before. 7.2(4) however is working fine. Thank you all for your comments.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: