Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
11-16-2018 06:32 AM
I was having issues with DHCP being blocked, so I can a packet capture from the PA to see if I could tell was was blocking the DHCP traffic and if it could possbile be the PA. It shows the mac address of the interface on the PA as the source and then its lists a mac address that I cannot identify as the destination. So if anyone has any ideas of how to figure out what that destination mac belongs too I would appreicate it. The PA has to be reading it from somewhere
11-16-2018 01:05 PM
Thanks I thought that would be the case, so that is my mystery mac address, so should it be listing that management plan and not the mac address of the server that the PA is trying to relay it too, it lists the destination IP for the DHCP server correctly but gives the mac address of the management plane as the destination not the mac of the DHCP server
11-16-2018 01:10 PM
Those internal mac addresses are not listed on the management plane. If you still have the packets with all the other stages (recevie, transmit, firewall and drop). Check on the other capture if that mystery mac address is present.
11-16-2018 01:16 PM
I think I only have the drop, so does that mean that the management plane is failing to pass the traffic on , it show the IP address of the DHCP server in the capture but then list the managemen plane and the destination mac, that doesn't seem right, LOL
11-16-2018 02:01 PM
It is diificult to determine the cause without additiional information. It could due to many thing, for example, security policy block and others. It will be helpful to have a debug flow basic and show counter global filter packet-filter yes delta yes output to provide more information.
Is this the only dhcp relay configured on the firewall? Do you have a network diagram that can provide additional information about the setup. Also, as others already said, any packet captures or logs on the DHCP server end?
11-16-2018 02:11 PM
support sent me a doc
based on that he says the management plane is something completely different from the control plane. I think it shows the are one and the same
https://media.paloaltonetworks.com/documents/Single_Pass_Parallel_Processing_Architecture.pdf
11-16-2018 02:13 PM
It was the only relay set for the vlan in question, right now we changed that to make it work and no rules were blocking the traffic we checked for that.
To get additional info I need to have the tech that changed it put it back for testing, but I understand the need for more info
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
