Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA DHCP relay feature

Hi all ,

We have created our DHCP scopes on the firewall for our wireless users , now we need to move them to physical DHCP server . The users interfaces are on the ASA so we need to use the DHCP relay feature on the ASA but when i am trying to add it it is giving me the following :

DHCPRA: can't enable DHCP Relay when DHCPD is running on any interface

       Use the 'no dhcpd enable <server_ifc>' command

       on any interface that has been enabled.

dhcprelay command failed

DHCPRA: can't enable DHCP Relay when DHCPD is running on any interface

       Use the 'no dhcpd enable <server_ifc>' command

       on any interface that has been enabled.

dhcprelay command failed

even though i have deleted the dhcpd server commands for WIRELESS-EMPLOYEE & WIRELESS-GUEST-USER but still it is not working . My question is will the relay feature work when we want to move only interface gig0/1.504 & gig0/1.505 to relay and keep 0/1.599 for dhcpd server . Do i need to remove all the subinterfaces from dhcpd sever inorder relay to work on this interface ?

My configurations are :

interface GigabitEthernet0/1.504

description REQUIRES AD AUTHENTICATION

vlan 504

nameif WIRELESS-EMPLOYEE

security-level 50

ip address 192.168.xx.xx 255.255.252.0 standby 192.168.xx.xx

!

interface GigabitEthernet0/1.505

description REQUIRES NAC GUEST ACCOUNT

vlan 505

nameif WIRELESS-GUEST-USER

security-level 50

ip address 192.168.xx.xx 255.255.252.0 standby 192.168.xx.xx

!

interface GigabitEthernet0/1.599

description GUEST_RH1

vlan 599

nameif GUEST_RH1

security-level 50

ip address 192.168.xx.xx 255.255.255.224 standby 192.168.xx.xx

dhcpd lease 1800

!

dhcpd address 192.168.xx.xx-192.168.xx.xx WIRELESS-EMPLOYEE

dhcpd enable WIRELESS-EMPLOYEE

!

dhcpd address 192.168.xx.xx-192.168.xx.xx WIRELESS-GUEST-USER

dhcpd enable WIRELESS-GUEST-USER

!

dhcpd address 192.168.xx.xx-192.168.xx.xx GUEST_RH1

dhcpd enable GUEST_RH1

2 REPLIES
Super Bronze

ASA DHCP relay feature

Hi,

To my understanding if you are configuring DHCP Relay on the ASA you cant have a DHCP Server running on the ASA for the interfaces that are somehow participating in the DHCP Relay.

This means that you cant have the ASA acting as DHCP Server for clients on the interface that contains the clients for the DHCP Relay or on the interface where the DHCP Server for DHCP Relay is configured. If your actual DHCP Server is located behind the subint Gi0/1.599 then you can run DHCP Server for clients on that server.

- Jouni

ASA DHCP relay feature

You say that you have removed the DHCD config from the interfaces, but in the output you posted the configuration is still there?

dhcpd enable WIRELESS-EMPLOYEE

dhcpd enable WIRELESS-GUEST-USER

Issue the following commands and then test please.

no dhcpd enable WIRELESS-EMPLOYEE

no dhcpd enable WIRELESS-GUEST-USER

dhcprelay server

dhcprelay enable WIRELESS-EMPLOYEE

dhcprelay enable WIRELESS-GUEST-USER

dhcprelay setroute WIRELESS-EMPLOYEE

dhcprelay setroute WIRELESS-GUEST-USER

--

Please remember to rate and select a correct answer

--

Please remember to rate and select a correct answer
306
Views
0
Helpful
2
Replies
CreatePlease to create content