Force a DHCP release / renew on ASA from CLI

Similar Messages

• How can I force a DHCP client to renew its IP address??

  Hi to all,
  I have installed in a customer, a Cisco 2801 who has configured a DHCP pool. This router takes a reload every month (by maintenance purposes), when it is up (in the network we have AVAYA phones working fine, it's a call center), this phones takes a reload to renew the ip, which is assigned by the DHCP pool.
  The problem is when some phones try to renew its IP address (after the router reload), the phone detects a IP conflict an it forces a reload. This reload normally is in production hours, the agents lose their phones and they can't work......
  There is some option to force the DHCP client to do a IP renewal from the DHCP server???
  Thanks to all.
  Regards.
  David.

  First of all you should investigate what is going so horribly wrong in your network that you have to reload your router every month (and even worse in production hour). If it's an instability, have you tried to update to a newer IOS-version?
  Regarding your DHCP-problem. For that you just have to configure your DHCP-server correctly by specifying a database-agent:
  http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/12-4t/dhcp-12-4t-book/config-dhcp-server.html#GUID-5F022CF5-671E-49E7-8FBD-69997EEBC730 
  With this function the router stores all bindings and knows (also after a reload) which addresses are already assigned to which system.

• EA3500 issue, possibily with DHCP lease renewal

  I have a new EA3500 router that's working great for a variety of devices* except a Windows7 laptop.  24 hours after establishing a connection, the laptop loses connectivity and it's very difficult to re-establish a connection.  Usually I have to reboot the router, but 24 hours later the problem returns and Windows is unable to connect. 
  My router settings include DHCP client lease time set to 1440 minutes (24 hours), so I thought the problem might have something to do with DHCP lease renewal.  To test this theory, on Saturday night I did ipconfig/release and ipconfig/renew and established connectivity from the laptop.
  Sunday morning I spoke with Linksys support and changed several settings per their recommendation:
  Network mode mixed (I had it on N-only for some reason)
  Assigned different SSIDs to the 2.4GHz band and 5 GHz band
  2.4 GHz band channel is 20MHz only, using channel 9
  5 GHz band channel is 40 MHz only, using channel 161
  I also power cycled the router. 
  Everything worked fine until Sunday night, 24 hours after the release/renew, when I lost connectivity.  I am not sure what to try next and whether the problem lies with the router or the laptop. 
  * other devices include Macbook, 3 iPhones, iPad, 2 Kindles, printer, DVD player

  If you are only having this problem with the laptop then there is a possibility that the problem might really be with the laptop. What you can do on the router though is to add the laptop on DHCP reservation. In that way, even if the router’s DHCP Lease time will stop, the laptop will still be connected since the laptop will now have a fix ip address.

• Force WLAN client to renew ip on WLC with dynamic interfaces

  Hi there
  we would like to have a "two tier" authentication for the corporate WLAN clients:
  Requirements
  1. Machine Authentication
  The client gets machine authenticated based on the machine account in the Active Directory with PEAP. At this stage, the client will get a IP from VLAN A. VLAN A has limited access to the corporate infrastructure (DNS, AD, some volumes / shares, and so on). The filtering is done with an IP access list on the layer 3 VLAN interface on the core switches.
  2. User Authentication
  The users logs in on the client and gets user authenticated based on his user account in the Active Directory with PEAP - only users with a valid Machine Access Restriction (MAR) are allowed to login. Now the client is moved to another VLAN B. VLAN B has full access to the corporate infrastructure, here is no IP access list.
  Infrastructure
  We have the following:
  2 x WLC 5508 with 7.3.101.0
  2 x ACS 5.3.0.40.6
  Problem
  Now we have the problem, that the Windows client sometimes takes up to 3 minutes to connect to the WLAN after the users loggs in. In the debug, I can see that this happens because the client is stuck in DHCP renewal:
  1. After the machine has been authenticated it has an IP assigned from VLAN A. This works pretty well if the client gets rebooted.
  2. If the user loggs in the first time after the reboot, the users gets connected within 10 seconds, what is pretty good. The client has now an IP in VLAN B.
  3. Now the user logs out of Windows and I can see in the debug, that the client is putted into VLAN A (machine authentication) again, but the client still tries to DHCPREQUEST the IP address from VLAN B (user authentication). Because this request is sent out on the wrong dynamic interface on WLC, the DHCPREQUEST is not acknowleged an the client get stuck in this situation.
  4. If the user or another users logs in again shortly after the logout, the client still tries to DHCPREQUEST the IP of VLAN B and now the "3 times DHCP failure on WLC" comes into play, because WLC thinks that the DHCP server is not reachable -> but it only does not answer a wrong DHCPREQUEST.
  Question
  On ISE there is a way to force the client to renew the DHCP address (via CoA, but this has its limitations too --> need to install Active X or Java applet). I think there is now way to force the client to renew its IP with ACS, but my question is, is there a workaround and are there any others, that maybe already solved this problem?
  Alternative
  If there is now way to bring this to work with two different VLAN's, I could try to realize this with only one VLAN. After the machine authentication I could apply a WLC ACL to restrict access to the corporate infrastructure. If the user authentication happens, I could "remove" this ACL to grant full access for this user / client. But I am still interested in the other solution ;-)
  Thanks in advance for any advise and best regards
  Dominic

  Your second option is what you should do. Changing the vlan on a client that already has an IP address especially on wireless will not know it has been put in a different vlan and that's why it breaks. If There was a way to change the vlan and send something to the WLC to disassociate the client, that might work.
  Sent from Cisco Technical Support iPhone App

• ISE DHCP automatic renew dont work on the browser

  ISE v1.2
  I use wired and wireless (WLC 7.2)
  Normaly when GUEST user connect he get IP in the default VLAN, he is redirected and he enter his login and password
  Then the VLAN guest is puched, his IP is renewed and he get new IP in GUEST vlan
  But in my case I must perform ipconfig /release and ipconfig /renew manualy by cly on the computer
  It is not done automatycaly on the browser(mozilla 26.0 and internet explorer 11.0.9600, I have activated java and activex
  What is the issue, why DHCP renew ip is not donne automaticaly ?
  Please help

  Check the "Enable Agent IP refresh after VLAN change" parameter to refresh the Windows client IP address in both wired and wireless environments for MAB with posture.
  To ensure the Mac OS X client IP address is refreshed when the assigned  VLAN changes, this parameter is required for Mac OS X client machines  accessing the network via the native Mac OS X supplicant in both wired  and wireless environments.
  Note When you use the "Enable Agent  IP refresh after VLAN change" option, Cisco ISE sends "DHCP release  delay" and "DHCP renew delay" settings (as specified below) instead of  using the "Network transition delay" setting used for Windows Agent profiles. If you do not use the "Enable Agent  IP refresh after VLAN change" option, Cisco ISE sends "Network  transition delay" timer settings to client machines, but Cisco ISE will  not send both.

• Connecting ASA from inside of the network

  The LAN has 10.10.10.0/24 ip pool and ASA has 10.10.11.0/24 pool. When i connect to the ASA from the inside of the network , i can't get to any node in the network but i can when i am outside of the network. I need to connect to all nodes even when I am inside of the network connecting to ASA. please advise.

  John,
  Understand now, Hmmm.. indeed strange, this is what we could do to try isolating the problem and try confirming some local connectivity.
  since 10.10.10.0/24 is routed through the ASA firewall 10.10.10.254 as all hosts default gateway load your asdm real time log and note traffic while trying to ping from user labtop to any other hosts on the same 10.10.10.0/24 segment, I am sure you have probably checked but from the users labtop have you verify machine is getting proper 10.10.10.x address with correct mask and DG given from ASA DHCP, if ASA is your inside DHCP server go to ASA command lline and issue.
  asa#show dhcpd binding - to confirm hosts IP assigement is there for
  try pinging from the ASA itself towards that particular users 10.10.10.X address to confirm local connectivity from asa to labtop.
  Also from the labtop take note of complete output of ipconfig : and note all its current adapter bindings .
  c:\ipconfig /all
  It seems this could be more of a settings issues on the machines but confirm above.
  Also what ASA code version ? show ver
  and what version os VPN client ?
  Rgds
  Jorge

• WRV210 DHCP Lease Renewal

  I have been having intermitent connectivity issues with all devices on my network, and I have noticed that the DHCP leases are not renewing on the router.  The only solution I have right now is to reboot the router every day.  Has anyone had this issue, or have any ideas about fixes other than assigning static IP addresses for everything?
  Thanks,
  Mike

  When you noticed that the DHCP lease has not renewed, if you go to a client machine and do a release/renew will it get an IP address then? Check and see if you are on the latest firmware version for your router. If you are having to reboot the router just to have DHCP broadcast acknowledged then you may want to go ahead and give your SBSC a call and open up a case with them.
  You can find your SBSC here.

• WRT150N DHCP Lease Renewal Lockup

  I have a WRT150N that uses both wireless and wired clients. It is connected to a Roadrunner cable modem that renews DHCP ever 24 hours (approximately at 0545). If one of the clients is in use at that time the WRT150N locks up and will not respond to any of the clients. I have to unplug the WRT150N to restart it. I had a WRT54G previously and this never happened. I've uploaded the newest firmware to no avail and I can't afford having to do a hard restart 3 or 4 times a week. Is there a solution or would it be better to deep 6 this router and go back to what works.

  When you noticed that the DHCP lease has not renewed, if you go to a client machine and do a release/renew will it get an IP address then? Check and see if you are on the latest firmware version for your router. If you are having to reboot the router just to have DHCP broadcast acknowledged then you may want to go ahead and give your SBSC a call and open up a case with them.
  You can find your SBSC here.

• Cisco ASA 5505 performance issues on downloads - data into the ASA from the Internet

  I have having serious issues with performance on my ASA 5505s that I am testing with 9.2.3 code.
  I stripped the config and removed as much stuff as I could - no VPN etc. and I am ONLY getting about 30-40Mbps downloads from sites but 95Mbps uploads????  Anyone else seeing these problems?   If I remove the firewall my PC can hit 300/300Mbps to the same sites using the same switch and cable.
  I installed 1Gb of mem on the ASA 5505 but it made no difference. The ASA has a UL IP Security license but I am only using and inside and outside address for these tests, no other ports configured.
  Is anyone else seeing this performance problem with the 9.2.3 code?  I went to this from 8.2.5 to try to resolve QOS failure bugs that I found in the 8.2.5 code. I did not expect to have a performance hit though and it is only on downloads TO the ASA from the Internet from all speed test sites that I try. Uploading speeds seem fine. No access-lists on my interfaces either...barebones config.
  My FIOS and switch interfaces are fine...no errors on any interfaces and the same switch interface hits 300/300Mbps when my laptop is directly attached. 
  Anyone have a barebones config on their ASA 5505 that flies...I will try it on mine and see if some command somewhere (hidden) is causing the issue. I even cleared the config and started with a clean slate just in case I was missing some command from the older configs that may have impacted performance.

  After changing the switch with a high end switch my performance increased but I am still not happy with the throughput out of my ASA. I have about 50+ ASAs 5505s and a dozen 5510s. Most remote sites have 5505s. All my sites right now have 8.2.5-51 and I wanted to put 9.2.3 out there to solve issues I have uncovered on the 8.2.5 code with regards to QOS issues.
  I get much better results using the Cisco 3750X attached to the FIOS  (right around 300/300 with my laptop directly attached to the 3750x bypassing the ASA - my FIOS circuit rating is also 300/300).  Going through the ASA to the same test site I get download speeds of 35 to 75. Changes randomly which really bothers me. My uploads speeds are ALWAYS faster then my download speeds.  Example - best download I would ever get is 75Mb and my upload would usually hit 95Mb during the same test period.
  I may have to live with it but the inconsistency is what really bothers me.
  Here is the config I am currently using. Nothing going on during testing since only a single PC is attached. VPN tunnel to the main site can be up or down...doesn't seem to make any difference. PC does to site directly from outside interface of ASA...split tunneling. Even when I removed tunnels and tested with just the ASA as a firewall to the Internet I was still seeing the same inconsistencies.
  Anything obviously  missing - new command or anything?   Xlates causing issues?

• Unable to release the change request from se01

  HI All,
  Recently i had applied Rsecnotes as per sap recommendation in EWA Report and I implemented successfully in DEV System. But, When i try to release the change requests from SE01 in (DEV System)
  it is giving the error message "Object Func<objectname> is inactive". I have unlocked all the request and checked but still problem exsist.
  Please help me to release the request and implement in the landscape.
  Thanks,
  Rajesh N

  Hi,
  Activate the object using se03 and then relaese the request
  thanks

• WRT610N - Connections slows - must Release/Renew IP???? Help - Also with WRT310N

  Hello!
  Here is a problem summary:  I just replaced my old WRT4G with a new WRT610N.   This never happened with my WRT54G.  At reboot of the WRT610N - I get ~6.2mbps (DSL) download speed like I have always gotten on my old router and this is the speed I'm paying for.  After 24 hours - I only get ~ 4 mbps download and after 48 hours it usually down to about 1.8 mbps......the problem is solved by going into the 610's Status Page and Releasing then Renewing the IP......it's better again and back to 6.2 for another 24 hours or so.......I also had a 310n that did the same thing and I returned it for the 610n only to have the exact same problem.....
  Details:
  CAT 6 Cable
  Mounted vertically for better heat control
  - When it slowed down - I have a fan configured to cool it - cooled it so that everything was cool - not even warm to the touch - nothing changed and actually got worse - so heat doesn't seem to be an issue...
  - Primarily using 2 Wired connections and occasional wireless - but primarily this is over wired connections....
  - Firmware is most recent firmware as that is the way it came out of the box with the most recent firmware already installed
  - Had the exact same issue with the WRT310N
  - I've debugged it to the IP release/renew fixing it.......My connection comes through a Actiontec Qwest DSL modem/router but never had this problem with the WRT54G - nothing has changed there, same setup.
  - When it was slow - I bypassed the 610nand and speeds were normal - hooked it back through the router and slow until I release/renew the IP....
  This is really weired and frustrating......If I can't fix it soon - I'll have to switch to another brand.....the only work around I can see is a daily release/renew - but I don't seen any programming for that feature.....
  Thoughts!!!!   THANKS!

  Thanks for the suggestion.  I've already tried that and I'm at 1300 now.....also did the ping test and had it set at 1352.....but no differences....  I chated with Linksys yesterday and they told me take it back to the store and get another one.....  That won't solve this problem because I think it is a problem that linksys is simply ignoring as an issue....to have 2 routers do the same thing and both routers to be bad.....that tells me they have a problem in quality control or they don't know what's wrong......   I have one more work around I'm going to try which is to move over my dsl modem and let the linksys act as the modem.......my neighbor has it that way and his seems to work better.....we'll see....!   I'm not hold much hope and I'll probably end up returning it and just use my old G router or try another brand......

• Releasing an IP address from a DSL modem

  Hello all,
  I have a Mac G5 and a Dell with one dsl internet connection. I'm too cheap for a router or hub, I'd like to be able to unplug the modem from the mac and plug it into the PC when i want to get online on that.
  I know I need to release the IP address from the MAC. How do I do it??
  Any help is appreciated.
  Justin

  I am not sure where you got your information, but it doesn't work like that.
  Your modem does this function, by assigning IP address from the server of your ISP.
  A Router distributes multible IP addresses for multible computers. But if your are using an ethernet cable and plugging in and unplugging from one to another it is a non issue.
  Don

• How can I transfer or release one of OSX from my Apple ID?

  Hi all,
  I had a MacBook Air with 10.7.x pre-installed. When I open it, I registered it to my account.
  Then I bought a new version of MacBook Air and forward my old one to my colleague. For sure I registered the new one's to my Apple ID too. A year later I upgraded it to 10.8 too.
  Now my colleague has some issue and he needs to format and reinstall MacOSX of old version like pre-installed one. But installation does not continue with his Apple Id (for sure). There is no choice for me to release it or re-register...
  Question is this : How can I transfer or release one of OSX from my Apple ID and my colleague can registered it on his name?
  I seems I have 2x OSX. I can continue to give my ID and install again. But I don't want. (I checked community but issue is not exactly the same, therefore I opened this again)
  Any advice?
  Thanks,
  Cenk

  When you sell a machine with Lion or Mountain Lion preinstalled, you need to use Internet Recovery before selling it:
  Hold Command + Option + R keys while booting up or restarting and, once connected to Apple's servers, go to Disk Utility and erase the drive. The servers will then automatically reinstall the original system version. That install then will not be associated with your Apple ID and the buyer will be able to reinstall if necessary. You should have also unregistered your machine on Apple's website.
  https://daw.apple.com/cgi-bin/WebObjects/DSAuthWeb.woa/wa/classicLogin?appIdKey= 58ef9db8ff4d201409e7270a68e4408ae1678e1618204c476572a1b5e5fb3518&path&language=U S-EN
  Sign in, choose the Mac to delete and then click on unregister.

• Telnet to ASA from Nei Switch

  Hi Everyone.
  I have ASA  connected to Switch.
  This is outside connection.
  I was trying to Telnet to ASA  from Switch which has outside connection to ASA.
  I config the command
  telnet 192.168.0.0 255.255.0.0 outside
  Still from Switch i am unable to telnet to ASA ?
  ASA  has default route to switch with route outside command
  Need to know  things below
  1>Is this possible to Telnet to both outside and inside interface of ASA  from the nei switch which is on outside interface of ASA  ??

  Hello,
  So this means that outside interface is never allowed telnet by design right?
  Correct,
  As I mention on my previous post
  Also you cannot access a distant-interface, this means from an inside user you will be able to access inside interface but traffic to outside interface ip address will be denied no matter what ( Security desing meassure)
  Regards
  Remember to rate all of the helpful posts

• Can't Release firm planned order from ASCP.

  I can't release firm planned order from ASCP the following massage appear " FRM-40200 , Field is protected against update ".
  appreciate your help on that.
  regards.
  Ahmad.

  Please post the details of the application release, database version and OS.
  I can't release firm planned order from ASCP the following massage appear " FRM-40200 , Field is protected against update ".
  appreciate your help on that.Please mention the navigation path along with the form name and version.
  Thanks,
  Hussein