Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6626
Views
0
Helpful
5
Replies

DHCP logging

arun nori
Level 1
Level 1

‎11-12-2013 01:32 PM - edited ‎03-11-2019 08:04 PM

Hello all,

Is it possible to enable logging to check dhcp stats? I have 252 bindings limit on an asa and would to know if there was a way to get the information of the maximum bindings at any given time on an asa. Also, if there has been a rejected request for an IP address due to the limit being reached?

Thanks,

Arun

Labels:
0 Helpful
5 Replies 5

Marius Gunnerud
VIP
VIP

‎11-18-2013 07:51 AM

I don't believe that the ASA has a DHCP logging specifically for DHCP.  You could set your logging to informational and then each time a client requests and receives and address, or is rejected for that matter, it will be logged.

the down side is that you need to filter the log to get the output you want.

--

Please rate all helpful posts.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

anori0001
Level 1
Level 1
In response to Marius Gunnerud

‎11-18-2013 08:53 AM

Hello Marius,

Could you provide me with an example on how it would look? I mean a screenshot of the log message?

Thanks,

Arun

0 Helpful

Marius Gunnerud
VIP
VIP
In response to anori0001

‎11-18-2013 01:34 PM

It would look something like this:

%ASA-5-111008: User 'enable_15' executed the 'logging buffered informational' command.

%ASA-5-111010: User 'enable_15', running 'CLI' from IP 0.0.0.0, executed 'logging buffered informational'

%ASA-6-302015: Built inbound UDP connection 1 for inside:0.0.0.0/68 (0.0.0.0/68) to identity:255.255.255.255/67 (255.255.255.255/67)

%ASA-6-302015: Built outbound UDP connection 2 for inside:255.255.255.255/68 (255.255.255.255/68) to identity:10.10.10.1/67 (10.10.10.1/67)

%ASA-6-604103: DHCP daemon interface inside:  address granted 0063.6973.636f.2d63.3230.302e.3064.6638.2e30.3030.302d.4661.302f.30 (10.10.10.10)

%ASA-6-302020: Built outbound ICMP connection for faddr 10.10.10.10/0 gaddr 10.10.10.1/4388 laddr 10.10.10.1/4388

%ASA-6-302021: Teardown ICMP connection for faddr 10.10.10.10/0 gaddr 10.10.10.1/4388 laddr 10.10.10.1/4388

--

Please rate all helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Marius Gunnerud
VIP
VIP
In response to Marius Gunnerud

‎11-18-2013 01:36 PM

Although this isn't a log, you can get a good overview of how many addresses have been handed out and/or rejected:

ciscoasa(config)# show dhcpd statistics

DHCP UDP Unreachable Errors: 0

DHCP Other UDP Errors: 0

Address pools        1

Automatic bindings   1

Expired bindings     0

Malformed messages   0

Message              Received

BOOTREQUEST          0

DHCPDISCOVER         1

DHCPREQUEST          1

DHCPDECLINE          0

DHCPRELEASE          0

DHCPINFORM           0

Message              Sent

BOOTREPLY            0

DHCPOFFER            1

DHCPACK              1

DHCPNAK              0

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

jumora
Level 7
Level 7
In response to Marius Gunnerud

‎11-18-2013 12:58 PM

I would check with SNMP/MIBs on the ASA, but logs don't actually send reports.

Value our effort and rate the assistance!
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card