Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1441
Views
0
Helpful
2
Replies

ASA DHCP relay feature

Mohammad Tbaili
Level 1
Level 1

‎12-01-2013 10:42 PM - edited ‎03-11-2019 08:11 PM

Hi all ,

We have created our DHCP scopes on the firewall for our wireless users , now we need to move them to physical DHCP server . The users interfaces are on the ASA so we need to use the DHCP relay feature on the ASA but when i am trying to add it it is giving me the following :

DHCPRA: can't enable DHCP Relay when DHCPD is running on any interface

       Use the 'no dhcpd enable <server_ifc>' command

       on any interface that has been enabled.

dhcprelay command failed

DHCPRA: can't enable DHCP Relay when DHCPD is running on any interface

       Use the 'no dhcpd enable <server_ifc>' command

       on any interface that has been enabled.

dhcprelay command failed

even though i have deleted the dhcpd server commands for WIRELESS-EMPLOYEE & WIRELESS-GUEST-USER but still it is not working . My question is will the relay feature work when we want to move only interface gig0/1.504 & gig0/1.505 to relay and keep 0/1.599 for dhcpd server . Do i need to remove all the subinterfaces from dhcpd sever inorder relay to work on this interface ?

My configurations are :

interface GigabitEthernet0/1.504

description REQUIRES AD AUTHENTICATION

vlan 504

nameif WIRELESS-EMPLOYEE

security-level 50

ip address 192.168.xx.xx 255.255.252.0 standby 192.168.xx.xx

!

interface GigabitEthernet0/1.505

description REQUIRES NAC GUEST ACCOUNT

vlan 505

nameif WIRELESS-GUEST-USER

security-level 50

ip address 192.168.xx.xx 255.255.252.0 standby 192.168.xx.xx

!

interface GigabitEthernet0/1.599

description GUEST_RH1

vlan 599

nameif GUEST_RH1

security-level 50

ip address 192.168.xx.xx 255.255.255.224 standby 192.168.xx.xx

dhcpd lease 1800

!

dhcpd address 192.168.xx.xx-192.168.xx.xx WIRELESS-EMPLOYEE

dhcpd enable WIRELESS-EMPLOYEE

!

dhcpd address 192.168.xx.xx-192.168.xx.xx WIRELESS-GUEST-USER

dhcpd enable WIRELESS-GUEST-USER

!

dhcpd address 192.168.xx.xx-192.168.xx.xx GUEST_RH1

dhcpd enable GUEST_RH1

Labels:
0 Helpful
2 Replies 2

Jouni Forss
VIP Alumni
VIP Alumni

‎12-01-2013 11:17 PM

Hi,

To my understanding if you are configuring DHCP Relay on the ASA you cant have a DHCP Server running on the ASA for the interfaces that are somehow participating in the DHCP Relay.

This means that you cant have the ASA acting as DHCP Server for clients on the interface that contains the clients for the DHCP Relay or on the interface where the DHCP Server for DHCP Relay is configured. If your actual DHCP Server is located behind the subint Gi0/1.599 then you can run DHCP Server for clients on that server.

- Jouni

0 Helpful

Marius Gunnerud
VIP
VIP
In response to Jouni Forss

‎12-02-2013 01:03 AM

You say that you have removed the DHCD config from the interfaces, but in the output you posted the configuration is still there?

dhcpd enable WIRELESS-EMPLOYEE
dhcpd enable WIRELESS-GUEST-USER

Issue the following commands and then test please.

no dhcpd enable WIRELESS-EMPLOYEE

no dhcpd enable WIRELESS-GUEST-USER

dhcprelay server

dhcprelay enable WIRELESS-EMPLOYEE

dhcprelay enable WIRELESS-GUEST-USER

dhcprelay setroute WIRELESS-EMPLOYEE

dhcprelay setroute WIRELESS-GUEST-USER

--

Please remember to rate and select a correct answer

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card