DHCP relay on ASA and DHCP snooping on Catalyst problem

I ran into a problem that took me 2 hours to figure out and thought I'd share it :)
I'm running DHCP snooping on my network with Catalyst 2950/2960 switches and routed all VLANs through a 3550. My DHCP server is a Windows 2003.
For objective reasons I decided to route a VLAN through the firewall (ASA 5510). The problem occured while trying to obtain an IP from the DHCP for a device in that VLAN. All I got debugging ASA was (123.456.789.123 is my DHCP server):

dhcpd_forward_request: request from abcd.acbd.dabc forwarded to 123.456.789.123.
DHCPD: setting giaddr to 192.168.0.1.

When debugging DHCP snooping on one of the switches my eye cought this:

31w1d: DHCP_SNOOPING_SW: Encoding opt82 CID in vlan-mod-port format
31w1d: DHCP_SNOOPING_SW: Encoding opt82 RID in MAC address format

I disabled option 82 on the switch as I didn't need it anyway...

no ip dhcp snooping information option

...and bingo:

dhcpd_forward_request: request from abcd.acbd.dabc forwarded to 123.456.789.123.
dhcp_l3_punt_cb: pkt src 123.456.789.123/17152, dest 192.168.0.1/17152
DHCPD/RA: Punt 123.456.789.123/17152 --> 192.168.0.1/17152 to CP
DHCPRA: Received a BOOTREPLY from interface 1
DHCPRA: relay binding found for client abcd.acbd.dabc.
DHCPRA: Adding rule to allow client to respond using offered address 192.168.0.53
DHCPRA: forwarding reply to client abcd.acbd.dabc.
DHCPRA: relay binding found for client abcd.acbd.dabc.

Maybe I'll edit later the article including the explanation but I can't do it now as I have a lot of work ahead of me today.
Cheers!

Follow by Email

Sponsored Links

Labels