Menu Close

FMC DHCP Relay Error

Aref Alsouqi 0 Comments

While I was trying to configure DHCP Relay on an FTD the other day, I was stuck for a while with the Error : DHCP: Interface 'inside' is currently configured as CLIENT... . The exact error is below, and that was happening every time I was trying to deploy the configs on the FMC:

Error : DHCP: Interface 'inside' is currently configured as CLIENT and cannot be changed to a RELAY SERVER by a RELAY feature

Surfing the web trying to find a fix, a few posts where talking about disabling the call-home feature. However, I could not find a way to do this through FMC. And to be honest, I was not a 100% sure how the call-home would affect DHCP Relay.

The error I was getting was clearly stating the inside interface was configured as a DHCP client. But the interface was assigned with a static IP address. On that FTD box I had AnyConnect configured and one of the options was to use an internal DHCP server via the inside interface. So, under the AnyConnect tunnel group general-attributes I had the command dhcp-server applied. So I thought that would have been the issue then. I removed that command but did not really help.

I was left with no options apart from reloading the FTD. After the reload, I tried to configure the DHCP Relay and it worked. So, I said, it must have been something to do with the dhcp-server command I removed. To try to reproduce the issue, I removed the DHCP Relay configs, and then added again the dhcp-server command. And then added again the DHCP Relay and it worked.

That for me did not make any sense, and I think the main reason why it was not working would be due to some software bug. In fact, surfing the web, I could find a similar reported bug. Although it was not exactly the same, but for me it seemed that the FTD I was working on was hitting a similar bug.

Here is the snippet of the call-home and DHCP Relay configs from my FTD:

ftdv-03# sh run | be call
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
snort preserve-connection
Cryptochecksum:e59a9fd9f33ce581468c9c3a63e555d9
: end
ftdv-03# sh run dhcprelay
dhcprelay server 192.168.130.229 outside
dhcprelay enable inside
dhcprelay timeout 60

As you can see, in the end the call-home feature and the DHCP Relay can coexist together. I had already covered DHCP Relay configuration on FMC in this previous post. Take a look if you want to read more about it.

This wraps this post on Error : DHCP: Interface 'inside' is currently configured as CLIENT and cannot be changed to a RELAY SERVER by a RELAY feature.

Please let me know if you ever came across a similar situation, and how did you manage to fix it in the comments below.

Thank you for reading!

Posted in Blog, Firepower, FMC, FTD, Security
Tagged , , ,

About the Author: Aref Alsouqi

I work as a security technical architect with exposure to different environments and different technologies. I love exploring the new technologies and going the extra mile to understand how they work behind the scenes. My main BAU focus areas are Cisco ISE, Firepower and AnyConnect.

View all post by Aref Alsouqi

Related Posts

>
Scroll To Top
Share via
Facebook
Twitter
LinkedIn
Mix
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap