(218) 277-7818

So I got a call today about an office that just installed new computers and half of them weren’t working. The guy on site said he did a wireshark capture and the DHCP server was out of IPs. It’s rare to get someone calling ME with a pcap, but he wants me to increase the DHCP pool size. Better to be careful with that, I log into the ASA 5505.

I verify all the leases are used up:

asa5505# show dhcpd statistics
DHCP UDP Unreachable Errors: 0
DHCP Other UDP Errors: 0

Address pools 1
Automatic bindings 126
Expired bindings 293
Malformed messages 0

Message Received

Message Sent
DHCPACK 872932

Uh-oh, we are out of addresses! I do a

show dhcpd bindings all

to see the current leases. Omitted here, I can see it’s full. I check the inside interface and see it’s a /23, while the DHCP pool is only a /25:

interface Vlan1
nameif inside
security-level 100
ip address

dhcpd address inside

Maybe I can just extend the pool like he wants

Will the extended pool work with the existing config? I check that the access-lists used for tunnels and nat don’t need to be modified. In my case, that’s not a problem:

nat (inside) 0 access-list no-nat

crypto map tunnels 10 match address acl_remote1

crypto map tunnels 15 match address acl_remote2

access-list no-nat extended permit ip

access-list acl_remote1 extended permit ip

access-list acl_remote2 extended permit ip

I’d like to increase the dhcpd range to solve my problem now, but i can’t:

asa5505# show arp

inside 00ab.cd0e.9753 7479
inside 00ab.cd0e.9755 7479

there are static ips just outside the range! I could

#clear dhcpd binding all

But then all the computers that are working would need a release/renew, ugh. It turns out, he only needs about 20 more addresses right now.

So I go through the list, pinging each host, and when I find a dead one, I check the arp and verify it’s clear.
After a few minutes, I have a list of bindings to clear:

clear dhcpd binding
clear dhcpd binding

clear dhcpd binding

Then I do a quick

#show dhcpd bindings all


#sh arp

again to verify the newly freed IPs are being used. Problem solved!


The economy is always in a the depression all the time.

We’re gonna show you how you can use that depression to make a better equity profile that’s overflowing with markets!