Running an ASA5505, tried 7.2.4(30) and (33), set up a dhcp relay server, as of this morning clients couldn't obtain new dhcp leases. Did a "debug dhcprelay event 255" at the console, saw this message which doesn't seem to be documented anywhere:
dhcpd_rcv_callback received udp error 2
Did a packet trace on the outside interface of the ASA, saw DHCP discover/offer packets being sent forwarded from the ASA and then received back from the DHCP server as expected. Changed to a different DHCP server and the error went away, clients were able to obtain leases.
The problem appears to be with the DHCP server itself, but the server admin can't find anything wrong with it. Wondering if anyone can clarify what the above error message means so it might help us find the problem on the server.
In other cases I've seen with this error message, the DHCP server was misbehaving in some way. Expand your capture on the ASA to capture all traffic (not just udp traffic) to the dhcp server. Check to make sure the server is not also sending back an ICMP port unreachable for each DHCP Discover.
You can also do 'clear dhcprelay stat', then re-attempt obtaining an IP address, and collect 'show dhcprelay stat'. Are the values for DHCP UDP Unreachable Errors or DHCP Other UDP Errors increasing?
Thanks for the reply. Turns out that the dhcp server had recently been given a second IP address. It was still listening for dhcp requests using the old IP address, but replying to the ASA using the new address. The two IP's were similar enough that I didn't notice it in the packet trace, but that was what the ASA was choking on. Too bad the error message wasn't a little friendlier -- something like "received unsolicited reply from dhcp server with ip address x.x.x.x", instead of "dhcpd_rcv_callback received udp error 2".
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :