ASA DHCP relay feature

Unanswered Question
Dec 1st, 2013
User Badges:

Hi all ,


We have created our DHCP scopes on the firewall for our wireless users , now we need to move them to physical DHCP server . The users interfaces are on the ASA so we need to use the DHCP relay feature on the ASA but when i am trying to add it it is giving me the following :


DHCPRA: can't enable DHCP Relay when DHCPD is running on any interface

       Use the 'no dhcpd enable <server_ifc>' command

       on any interface that has been enabled.

dhcprelay command failed

DHCPRA: can't enable DHCP Relay when DHCPD is running on any interface

       Use the 'no dhcpd enable <server_ifc>' command

       on any interface that has been enabled.

dhcprelay command failed

even though i have deleted the dhcpd server commands for WIRELESS-EMPLOYEE & WIRELESS-GUEST-USER but still it is not working . My question is will the relay feature work when we want to move only interface gig0/1.504 & gig0/1.505 to relay and keep 0/1.599 for dhcpd server . Do i need to remove all the subinterfaces from dhcpd sever inorder relay to work on this interface ?

My configurations are :

interface GigabitEthernet0/1.504

description REQUIRES AD AUTHENTICATION

vlan 504

nameif WIRELESS-EMPLOYEE

security-level 50

ip address 192.168.xx.xx 255.255.252.0 standby 192.168.xx.xx

!

interface GigabitEthernet0/1.505

description REQUIRES NAC GUEST ACCOUNT

vlan 505

nameif WIRELESS-GUEST-USER

security-level 50

ip address 192.168.xx.xx 255.255.252.0 standby 192.168.xx.xx

!

interface GigabitEthernet0/1.599

description GUEST_RH1

vlan 599

nameif GUEST_RH1

security-level 50

ip address 192.168.xx.xx 255.255.255.224 standby 192.168.xx.xx

dhcpd lease 1800

!

dhcpd address 192.168.xx.xx-192.168.xx.xx WIRELESS-EMPLOYEE

dhcpd enable WIRELESS-EMPLOYEE

!

dhcpd address 192.168.xx.xx-192.168.xx.xx WIRELESS-GUEST-USER

dhcpd enable WIRELESS-GUEST-USER

!

dhcpd address 192.168.xx.xx-192.168.xx.xx GUEST_RH1

dhcpd enable GUEST_RH1

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jouni Forss Sun, 12/01/2013 - 23:17
User Badges:
  • Super Bronze, 10000 points or more

Hi,


To my understanding if you are configuring DHCP Relay on the ASA you cant have a DHCP Server running on the ASA for the interfaces that are somehow participating in the DHCP Relay.


This means that you cant have the ASA acting as DHCP Server for clients on the interface that contains the clients for the DHCP Relay or on the interface where the DHCP Server for DHCP Relay is configured. If your actual DHCP Server is located behind the subint Gi0/1.599 then you can run DHCP Server for clients on that server.


- Jouni

Marius Gunnerud Mon, 12/02/2013 - 01:03
User Badges:
  • Red, 2250 points or more
  • Cisco Designated VIP,

    2017 Firewalling

You say that you have removed the DHCD config from the interfaces, but in the output you posted the configuration is still there?


dhcpd enable WIRELESS-EMPLOYEE


dhcpd enable WIRELESS-GUEST-USER


Issue the following commands and then test please.


no dhcpd enable WIRELESS-EMPLOYEE

no dhcpd enable WIRELESS-GUEST-USER


dhcprelay server

dhcprelay enable WIRELESS-EMPLOYEE

dhcprelay enable WIRELESS-GUEST-USER

dhcprelay setroute WIRELESS-EMPLOYEE

dhcprelay setroute WIRELESS-GUEST-USER


--

Please remember to rate and select a correct answer

Actions

This Discussion