09-29-2008 05:40 AM
I have the following dhcpd configuration:
dhcpd address 10.1.1.5-10.1.1.7 outside
dhcpd enable outside
When I do
show proc | inc dhcp ,
I see the process, so it seems to be active. But when the client sends requests they droped on the outside interface with message:
%PIX-7-710005: UDP request discarded from 10.1.1.2/67 to outside:10.1.1.1/67
I searched on web, and seems this error means the device is not listening on this port. It was suggested to reboot the deamon, which I did, but I still get the same error. Any idea what to do?
09-29-2008 07:09 AM
Have you configured the acl on the outside interface to allow in-coming DHCP requests?
HTH>
09-29-2008 07:51 AM
the acl is ip any any
09-29-2008 08:07 AM
For testing purposes - try adding:-
permit udp any any eq 67 log
permit udp any any eq 68 log
09-29-2008 09:13 AM
I added something similar, and I'll try this also. Here is what I have right now:
access-list inside-acl extended permit ip any any
access-list inside-acl extended permit udp any any
******************
To give you little more information. Seems the dhcp server configuration on this device works fine. The issue is with dhcprelay packets coming from another device between my client and the server. Here is what I amtyring to set up:
Client---dhcprelay(pix1)---dhcpserver(pix2)
When I configure the outside interface of pix1 with
ip address dhcp, it seems to get an ip address from the server just fine. But when the request comes in the form of a unicast udp packet through a relay vs. a multicast packet, the dhcpserver(pix2) drops the packet. Not sure why ...
10-08-2008 04:02 AM
I am doing some captures and see the service seems to work. Except that the device which is doing relay drops the udp packet from my dhcp server on its outside interface. Here is the message I see in the logs:
%PIX-7-710005: UDP request discarded from 128.231.200.221/67 to outside:165.112.89.1/67
Here is the relevant config from the dhcprelay device:
interface Ethernet0
speed 100
duplex full
nameif outside
security-level 0
ip address 128.231.70.36 255.255.255.0
!
interface Ethernet1
speed 100
duplex full
nameif inside
security-level 25
ip address 165.112.89.1 255.255.255.0
!
access-list outside-acl extended permit ip any any
access-list inside-acl extended permit ip any any
!
!
dhcprelay server 128.231.200.221 outside
dhcprelay enable inside
dhcprelay setroute inside
dhcprelay timeout 90
!
10-08-2008 04:41 AM
One more item to add, this packet drop shows up in the aspdrop capture also. Any thoughts on why?
10-08-2008 06:50 AM
Just to share the result with other folks, so you do not run into this issue, or know a possible way out. Seems I was running into an undocumented bug with 7.2(1) or rather one that was not seen before. 7.2(4) however is working fine. Thank you all for your comments.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: