Cisco ASA and DHCP not Accepted

By September 7, 2018September 18th, 2020Blog, Cisco, Networking
Cisco WLC Web Conole Enable DHCP Proxy Check

So we’ve run into this problem a couple of times. The symptom is DHCP being issued from a Cisco ASA (multiple devices/versions), but not being “accepted” by the DHCP client.  The DHCP client I was testing with was a Windows workstation in this case.  The other time we saw it, it was a Mac laptop that couldn’t accept the DHCP offer.

So the ASA or DHCP server makes a valid offer to the client.  The client “sees” the offer—if you are on the client, and do an “ipconfig”, you see the gateway address get filled out—but then it will lose the information.  The client then requests another address; the DHCP server offers the next address in the pool.  This continues till the DHCP runs through all available addresses in the pool.

After testing this both on a wired port for the network and across the WiFi network, the symptoms were the same.  Here is the debug from the command “debug dhcpd packets 250” command:

DHCPD: Total # of raw options copied to outgoing DHCP message is 0.
DHCPD: broadcasting BOOTREPLY to client 0026.b9e1.2065.
DHCPD/RA: Server msg received, fip=ANY, fport=0 on GUEST interface
DHCPD: DHCPREQUEST received from client 0100.26b9.f213.01.
DHCPD: Extracting client address from the message
DHCPD: State = DHCPS_REBOOTING
DHCPD: State = DHCPS_REQUESTING
DHCPD: Client 0100.26b9.f213.01 specified it’s address 192.168.0.36
DHCPD: Client is on the correct network
DHCPD: Client accepted our offer
DHCPD: Client and server agree on address 192.168.0.36
DHCPD: Renewing client 0100.26b9.f213.01 lease
DHCPD: Client lease can be renewed
DHCPD: Sending DHCPACK to client 0100.26b9.f213.01 (192.168.0.36).
DHCPD: Including FQDN option name ‘aLappy.local’ rcode1=0, rcode2=0 flags=0x0DHCPD: Total # of raw options copied to outgoing DHCP message is 0.
DHCPD: broadcasting BOOTREPLY to client 0026.b9e1.2065.
DHCPD/RA: Server msg received, fip=ANY, fport=0 on GUEST interface
DHCPD: DHCPDECLINE received from client 0100.26b9.f213.01.
DHCPD/RA: Binding successfully deactivated
dhcpd_destroy_binding() removing NP rule for client 192.168.0.36
DHCPD/RA: free ddns info and binding
DHCPD/RA: Server msg received, fip=ANY, fport=0 on GUEST interface
DHCPD: DHCPDISCOVER received from client 0100.26b9.f213.01 on interface GUEST.
DHCPD: send ping pkt to 192.168.0.37
DHCPD: ping got no response for ip: 192.168.0.37
DHCPD: Add binding 192.168.0.37 to radix tree
DHCPD/RA: Binding successfully added to hash table
DHCPD: Sending DHCPOFFER to client 0100.26b9.f213.01 (192.168.0.37).DHCPD: Total # of raw options copied to outgoing DHCP message is 0.
DHCPD: broadcasting BOOTREPLY to client 0026.b9e1.2065.
DHCPD/RA: Server msg received, fip=ANY, fport=0 on GUEST interface
DHCPD: DHCPREQUEST received from client 0100.26b9.f213.01.
DHCPD: Extracting client address from the message
DHCPD: State = DHCPS_REBOOTING
DHCPD: State = DHCPS_REQUESTING
DHCPD: Client 0100.26b9.f213.01 specified it’s address 192.168.0.37
DHCPD: Client is on the correct network
DHCPD: Client accepted our offer
DHCPD: Client and server agree on address 192.168.0.37
DHCPD: Renewing client 0100.26b9.f213.01 lease
DHCPD: Client lease can be renewed
DHCPD: Sending DHCPACK to client 0100.26b9.f213.01 (192.168.0.37).
DHCPD: Including FQDN option name ‘aLappy.local’ rcode1=0, rcode2=0 flags=0x0DHCPD: Total # of raw options copied to outgoing DHCP message is 0.
DHCPD: broadcasting BOOTREPLY to client 0026.b9e1.2065.
DHCPD/RA: Server msg received, fip=ANY, fport=0 on GUEST interface
DHCPD: DHCPDECLINE received from client 0100.26b9.f213.01.
DHCPD/RA: Binding successfully deactivated
dhcpd_destroy_binding() removing NP rule for client 192.168.0.37
DHCPD/RA: free ddns info and binding
DHCPD/RA: Server msg received, fip=ANY, fport=0 on GUEST interface
DHCPD: DHCPDISCOVER received from client 0100.26b9.f213.01 on interface GUEST.
DHCPD: send ping pkt to 192.168.0.38
DHCPD: ping got no response for ip: 192.168.0.38
DHCPD: Add binding 192.168.0.38 to radix tree
DHCPD/RA: Binding successfully added to hash table
DHCPD: Sending DHCPOFFER to client 0100.26b9.f213.01 (192.168.0.38).DHCPD: Total # of raw options copied to outgoing DHCP message is 0.
DHCPD: broadcasting BOOTREPLY to client 0026.b9e1.2065.
DHCPD/RA: Server msg received, fip=ANY, fport=0 on GUEST interface
DHCPD: DHCPREQUEST received from client 0100.26b9.f213.01.
DHCPD: Extracting client address from the message
DHCPD: State = DHCPS_REBOOTING
DHCPD: State = DHCPS_REQUESTING
DHCPD: Client 0100.26b9.f213.01 specified it’s address 192.168.0.38
DHCPD: Client is on the correct network
DHCPD: Client accepted our offer
DHCPD: Client and server agree on address 192.168.0.38
DHCPD: Renewing client 0100.26b9.f213.01 lease
DHCPD: Client lease can be renewed
DHCPD: Sending DHCPACK to client 0100.26b9.f213.01 (192.168.0.38).
DHCPD: Including FQDN option name ‘aLappy.local’ rcode1=0, rcode2=0 flags=0x0DHCPD: Total # of raw options copied to outgoing DHCP message is 0.
DHCPD: broadcasting BOOTREPLY to client 0026.b9e1.2065.
DHCPD/RA: Server msg received, fip=ANY, fport=0 on GUEST interface
DHCPD: DHCPDECLINE received from client 0100.26b9.f213.01.
DHCPD/RA: Binding successfully deactivated
dhcpd_destroy_binding() removing NP rule for client 192.168.0.38
DHCPD/RA: free ddns info and binding
DHCPD/RA: Server msg received, fip=ANY, fport=0 on GUEST interface
DHCPD: DHCPDISCOVER received from client 0100.26b9.f213.01 on interface GUEST.
DHCPD: send ping pkt to 192.168.0.39
DHCPD: ping got no response for ip: 192.168.0.39
DHCPD: Add binding 192.168.0.39 to radix tree
DHCPD/RA: Binding successfully added to hash table
DHCPD: Sending DHCPOFFER to client 0100.26b9.f213.01 (192.168.0.39).DHCPD: Total # of raw options copied to outgoing DHCP message is 0.
DHCPD: broadcasting BOOTREPLY to client 0026.b9e1.2065.
DHCPD/RA: Server msg received, fip=ANY, fport=0 on GUEST interface
DHCPD: DHCPREQUEST received from client 0100.26b9.f213.01.
DHCPD: Extracting client address from the message
DHCPD: State = DHCPS_REBOOTING
DHCPD: State = DHCPS_REQUESTING
DHCPD: Client 0100.26b9.f213.01 specified it’s address 192.168.0.39
DHCPD: Client is on the correct network
DHCPD: Client accepted our offer
DHCPD: Client and server agree on address 192.168.0.39
DHCPD: Renewing client 0100.26b9.f213.01 lease
DHCPD: Client lease can be renewed
DHCPD: Sending DHCPACK to client 0100.26b9.f213.01 (192.168.0.39).
DHCPD: Including FQDN option name ‘aLappy.local’ rcode1=0, rcode2=0 flags=0x0

DHCPD: Total # of raw options copied to outgoing DHCP message is 0.
DHCPD: broadcasting BOOTREPLY to client 0026.b9e1.2065.
DHCPD/RA: Server msg received, fip=ANY, fport=0 on GUEST interface
DHCPD: DHCPDECLINE received from client 0100.26b9.f213.01.
DHCPD/RA: Binding successfully deactivated
dhcpd_destroy_binding() removing NP rule for client 192.168.0.39
DHCPD/RA: free ddns info and binding

What we see is the client requesting an IP address. Getting a valid DHCP offer, accepting the offer, then requesting again. This continues till the pool is fully depleted.

So what is causing the issue? What we found is that the Cisco WLC was having a WLAN that connected to each of the VLANs that were having this problem. On the WLC web console in the Controller > Advanced > DHCP area, it had Enable DHCP Proxy check on.

To fix the issue, you need to turn the Enable DHCP Proxy off and reload the WLC.

Jason Howe, PEI

Leave a Reply