Mike,

We are using ASDM 6.4. All clients are on VLAN 1 10.0.1.0/24. ASA has 10.0.1.1 and the DHCP server is on 10.0.1.2. We've configured it to be the DHCP Relay Server. If we want to enable DHCP Relay on the inside network, we get the erorr

"The DHCP Relay Agent cannot be enabled on the inside interface, because this interface is already being used to relay DHCP requests to the server."

How can we solve this?

We basically have to have the DHCP server on the same subnet as all of the clients. Any chance?

Why if the clients are on the same network as the Server?

Mike

Mike,

Are you saying that if our DHCP server is on the same subnet as the clients and ASA's DHCP services are disabled, the DHCP server is supposed to automatically repsond to DHCP requests from the clients?

Let me try to be precise, because I really need to get this fixed:

1. We've got ASA's outside network configured with a static IP address provided by our ISP. Works fine.

2. We've got ethernet 0/1 - 0/7 configured to be members of VLAN 1 and the inside network 10.0.1.0/24.

3. ASA has 10.0.1.1.

4. We've got an Apple Airport Extreme which provides DHCP services configured to manually use 10.0.1.2. It's connected to ehternet 0/1.

Now, a host connected on ethernet 0/2 with a manual IP address of let's say 10.0.1.100 works fine. It sees the Apple AirPort Extreme.

But: If we set the host to acquire an IP address via DHCP, it does not get an IP. It seems as if the DHCP request is not picked up by the Airport Extreme on 10.0.1.2 and not answered.

Do we have to somehow configure a rule or route or anything else for the ASA to forward DHCP requests from hosts to the Airport Extreme?

Sorry for being a pain but we really need to get this working.

No, i mean its fine, but you do know that This is all layer 2 traffic. I mean, the ASA will be just like a dump switch and no configuration whatsoever is needed. I would suggest you to remove any DHCP commands from the ASA firewall as they are not needed at all.

As a test, you can have the ASA to request a DHCP address from that server and see if you get any to test the server functionality or Activate the DHCP server on the ASA itself.

Mike

Thanks Mike,

That clarifies things.

May I ask you to

a) Let me know what's the best way to clear all DHCP commands fromt he ASA. Could you provide me the command?

b) Is there another command with which I can test whether the ASA can successfully request an address from the DHCP server?

Thanks in advance.

Hi,

Let me know what's the best way to clear all DHCP commands fromt he ASA. Could you provide me the command?

Clear config DHCPD

Is there another command with which I can test whether the ASA can successfully request an address from the DHCP server?

Other than make the ASA to request one, no. Have you tested that server before putting it into production?

Mike

Did you cleared the commands for DHCP?

Mike

Correct

Mike

Why would you put it as a bridge? Can you just modify the option of default gateway and point it to the ASA?

Mike