12-09-2012 09:01 PM
PAN OS 5.0
App Version 342-1602 (12/04/12)
Uptime 22 days
PAN-OS DHCP server stopped working today (worked earliar only change wildfire & global protect updates)
DHCP server status shows it is not enabled although configured.
<says not configured>
admin@PA-200> show dhcp server lease ethernet1/4
dhcp server is not enabled on interface 'ethernet1/4' or configuration not committed yet
<no lease>
admin@PA-200> show dhcp server lease all
<tried clearing but nothing to clear>
admin@PA-200> clear dhcp lease all
Cleared 0 leases.
<dhcp log>
tail follow yes mp-log dhcpd.log
also doesn't show any logs since 12/6 days ago..
I've tried disabling dhcp on the interface, commit and reenabled and commit with no success.
Config snip
dhcp {
interface {
ethernet1/4 {
server {
option {
lease {
timeout 2880;
}
gateway 10.1.1.1;
dns {
primary 208.67.222.222;
secondary 198.153.192.40;
}
}
mode enabled;
probe-ip yes;
ip-pool 10.1.1.10-10.1.1.24;
reserved {
planning to open a case but wondering if there is anything else i can try besides rebooting.
I also noticed a 'debug dhcpd global ' command but not sure where its logging to work to.
admin@PA-200> debug dhcpd global
> off off
> on on
> show show
admin@PA-200> debug dhcpd global show
sw.dhcpd.runtime.debug.level: debug
12-27-2012 01:10 PM
Hello, we have isolated some DHCP issues internally. If this issue does continue to persist I recommend opening a case with support.
Otherwise we have addressed some issues in PAN-OS 5.0.1 with regards to DHCP. I recommend upgrading to PAN-OS 5.0.1.
12-09-2012 09:33 PM
So after troubleshooting for close to 4 hours the problem just fixed itself... :smileyshocked:
Logs below show no dhcp from 2012/12/09 16:34:21 to 2012/12/10 00:07:54
min@PA-200> show log system subtype equal dhcp start-time equal 2012/12/09@15:00:00
Time Severity Subtype Object EventID ID Description
===============================================================================
2012/12/09 15:03:12 info dhcp lease-s 0 DHCP lease started ip 10.1.1.15 --> mac 98:4b:4a
:67:ac:04, interface ethernet1/4
2012/12/09 15:04:18 info dhcp lease-s 0 DHCP lease started ip 10.1.1.19 --> mac 00:24:e8
:9d:08:3a, interface ethernet1/4
2012/12/09 15:38:08 info dhcp lease-s 0 DHCP lease started ip 10.1.1.15 --> mac 98:4b:4a
:67:ac:04, interface ethernet1/4
2012/12/09 15:38:12 info dhcp lease-s 0 DHCP lease started ip 10.1.1.10 --> mac 74:f0:6d
:42:e6:82, interface ethernet1/4
2012/12/09 16:30:30 info dhcp lease-s 0 DHCP lease started ip 10.1.1.15 --> mac 98:4b:4a
:67:ac:04, interface ethernet1/4
2012/12/09 16:34:21 info dhcp lease-s 0 DHCP lease started ip 10.1.1.19 --> mac 00:24:e8
:9d:08:3a, interface ethernet1/4
2012/12/09 23:58:37 info dhcp server- 0 DHCP server on. interface ethernet1/4
2012/12/10 00:07:54 info dhcp lease-s 0 DHCP lease started ip 10.1.1.15 --> mac 98:4b:4a
:67:ac:04, interface ethernet1/4
2012/12/10 00:08:21 info dhcp lease-s 0 DHCP lease started ip 10.1.1.23 --> mac e8:99:c4
:0a:1d:cf, interface ethernet1/4
2012/12/10 00:09:39 info dhcp lease-s 0 DHCP lease started ip 10.1.1.16 --> mac 00:24:d7
:94:39:80, interface ethernet1/4
2012/12/10 00:10:07 medium dhcp server- 0 DHCP server runs out of ip pool interface ethern
et1/4
2012/12/10 00:14:03 info dhcp lease-s 0 DHCP lease started ip 10.1.1.15 --> mac 98:4b:4a
:67:ac:04, interface ethernet1/4
2012/12/10 00:17:02 info dhcp lease-s 0 DHCP lease started ip 10.1.1.16 --> mac 00:24:d7
:94:39:80, interface ethernet1/4
at 23:58:37 it just enabled dhcp on its own.
2012/12/09 23:58:37 info dhcp server- 0 DHCP server on. interface ethernet1/4
admin@PA-200> show log config start-time equal 2012/12/09@15:00:00
Time Host Command Admin Client Result
===============================================================================
2012/12/09 16:47:48 10.1.1.19 edit admin Web Succeeded (Data filtering changes to wildfire)
2012/12/09 16:48:04 10.1.1.19 commit admin Web Submitted
2012/12/09 22:59:31 10.1.1.19 edit admin Web Succeeded
2012/12/09 23:15:15 10.1.1.19 commit admin Web Submitted
2012/12/09 23:25:22 10.1.1.19 edit admin Web Succeeded (DHCP ethernet1/4 set to disable)
2012/12/09 23:25:36 10.1.1.19 commit admin Web Submitted
2012/12/09 23:27:02 10.1.1.19 edit admin Web Succeeded (DHCP ethernet1/4 set to enable)
2012/12/09 23:27:31 10.1.1.19 commit admin Web Submitted
atleast it fixed it self but still concerning
12-27-2012 01:10 PM
Hello, we have isolated some DHCP issues internally. If this issue does continue to persist I recommend opening a case with support.
Otherwise we have addressed some issues in PAN-OS 5.0.1 with regards to DHCP. I recommend upgrading to PAN-OS 5.0.1.
01-04-2013 11:49 AM
thank you i've upgraded to 5.0.1 and have not yet seen this issue happen again
02-26-2013 03:14 AM
Hello.
I don't think this issue has been resolved yet.
A customer (running PAN-OS 5.0.1) called today saying their DHCP on wireless isn't working. I checked the leases and I could see a few but none were from last couple of hours. After checking configuration (and finding out everything is ok) I decided to disable and enable again DHCP service on the interface where it wasn't working. In total there were 2 interfaces with DHCP configured on them. After enabling DHCP again and committing policy I tried to list leases again. But DHCP wasn't working on either interface! I checked configuration again and everything was ok. I tried deleting and configuring DHCP again but it didn't help. I tried enable in disabling it again but nothing worked. Last entry in dhcpd.log was 6 days old so that was no help either. After a while (between 1 and 2 hours) DHCP appeared again on both interfaces and started working.
So there are some serious issues with DHCP service in PAN-OS version 5.0.1 as well. Is there a way to start/stop/status dhcpd service from CLI?
Best regards,
Simon
02-26-2013 05:37 AM
Additional fixes regarding DHCP have gone into PAN OS 5.0.2. Here is a release note entry from the "Addressed issues" section for 5.0.2:
46849, 46844, 46681, 46474 – The firewall was intermittently failing to respond to DHCP requests from hosts after upgrading to PAN-OS 5.0. Issue due to a problem that occurred after lease information was saved on the firewall every 12 hours after a restart, the issue was cleared, but would then occur again after 12 hours.
DHCPD needs to be restarted from root if needed.
02-27-2013 11:30 PM
How do I login as root? Is it possible and allowed by PA?
02-28-2013 05:19 AM
You would have to contact Palo Alto Networks Support if a process needs to be restarted from root.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
