DHCP relay on ASA and DHCP snooping on Catalyst problem
[LEFT][B] [URL="http://crazyvlan.blogspot.com/2008/10/dhcp-relay-in-asa-and-dhcp-snooping-on.html"]DHCP relay on ASA and DHCP snooping on Catalyst problem[/URL] [/B]
I ran into a problem that took me 2 hours to figure out and thought I'd share it :)
I'm running DHCP snooping on my network with Catalyst 2950/2960 switches and routed all VLANs through a 3550. My DHCP server is a Windows 2003.
For objective reasons I decided to route a VLAN through the firewall (ASA 5510). The problem occured while trying to obtain an IP from the DHCP for a device in that VLAN. All I got debugging ASA was (123.456.789.123 is my DHCP server):
[INDENT]dhcpd_forward_request: request from abcd.acbd.dabc forwarded to 123.456.789.123.
DHCPD: setting giaddr to 192.168.0.1.[/INDENT]When debugging DHCP snooping on one of the switches my eye cought this:
[INDENT][FONT=courier new]31w1d: DHCP_SNOOPING_SW: Encoding opt82 CID in vlan-mod-port format[/FONT]
[FONT=courier new]31w1d: DHCP_SNOOPING_SW: Encoding opt82 RID in MAC address format[/FONT][/INDENT]I disabled option 82 on the switch as I didn't need it anyway...
[INDENT]no ip dhcp snooping information option[/INDENT]...and bingo:
[INDENT]dhcpd_forward_request: request from abcd.acbd.dabc forwarded to 123.456.789.123.
dhcp_l3_punt_cb: pkt src 123.456.789.123/17152, dest 192.168.0.1/17152
DHCPD/RA: Punt 123.456.789.123/17152 --> 192.168.0.1/17152 to CP
DHCPRA: Received a BOOTREPLY from interface 1
DHCPRA: relay binding found for client abcd.acbd.dabc.
DHCPRA: Adding rule to allow client to respond using offered address 192.168.0.53
DHCPRA: forwarding reply to client abcd.acbd.dabc.
DHCPRA: relay binding found for client abcd.acbd.dabc.[/INDENT]Maybe I'll edit later the article including the explanation but I can't do it now as I have a lot of work ahead of me today.
Cheers[/LEFT]