DHCP / DHCPD server stopped working 5.0

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

DHCP / DHCPD server stopped working 5.0

L3 Networker

PAN OS 5.0

App Version 342-1602 (12/04/12)

Uptime 22 days


PAN-OS DHCP server stopped working today (worked earliar only change wildfire & global protect updates)

DHCP server status shows it is not enabled although configured.

<says not configured>

admin@PA-200> show dhcp server lease ethernet1/4

dhcp server is not enabled on interface 'ethernet1/4' or configuration not committed yet

<no lease>
admin@PA-200> show dhcp server lease all

<tried clearing but nothing to clear>

admin@PA-200> clear dhcp lease all

Cleared 0 leases.

<dhcp log>

tail follow yes mp-log dhcpd.log

also doesn't show any logs since 12/6 days ago..

I've tried disabling dhcp on the interface, commit and reenabled and commit with no success.

Config snip

dhcp {

          interface {

            ethernet1/4 {

              server {

                option {

                  lease {

                    timeout 2880;

                  }

                  gateway 10.1.1.1;

                  dns {

                    primary 208.67.222.222;

                    secondary 198.153.192.40;

                  }

                }

                mode enabled;

                probe-ip yes;

                ip-pool 10.1.1.10-10.1.1.24;

                reserved {

planning to open a case but wondering if there is anything else i can try besides rebooting.

I also noticed a 'debug dhcpd global ' command but not sure where its logging to work to.


admin@PA-200> debug dhcpd global
> off    off
> on     on
> show   show

admin@PA-200> debug dhcpd global show

sw.dhcpd.runtime.debug.level: debug

1 accepted solution

Accepted Solutions

Hello, we have isolated some DHCP issues internally.  If this issue does continue to persist I recommend opening a case with support. 

Otherwise we have addressed some issues in PAN-OS 5.0.1 with regards to DHCP.  I recommend upgrading to PAN-OS 5.0.1.

View solution in original post

7 REPLIES 7

L3 Networker

So after troubleshooting for close to 4 hours the problem just fixed itself... :smileyshocked:

Logs below show no dhcp from 2012/12/09 16:34:21 to 2012/12/10 00:07:54

min@PA-200> show log system subtype equal dhcp start-time equal 2012/12/09@15:00:00

Time                Severity Subtype Object EventID ID Description

===============================================================================

2012/12/09 15:03:12 info     dhcp           lease-s 0  DHCP lease started ip 10.1.1.15 --> mac 98:4b:4a

:67:ac:04, interface ethernet1/4

2012/12/09 15:04:18 info     dhcp           lease-s 0  DHCP lease started ip 10.1.1.19 --> mac 00:24:e8

:9d:08:3a, interface ethernet1/4

2012/12/09 15:38:08 info     dhcp           lease-s 0  DHCP lease started ip 10.1.1.15 --> mac 98:4b:4a

:67:ac:04, interface ethernet1/4

2012/12/09 15:38:12 info     dhcp           lease-s 0  DHCP lease started ip 10.1.1.10 --> mac 74:f0:6d

:42:e6:82, interface ethernet1/4

2012/12/09 16:30:30 info     dhcp           lease-s 0  DHCP lease started ip 10.1.1.15 --> mac 98:4b:4a

:67:ac:04, interface ethernet1/4

2012/12/09 16:34:21 info     dhcp           lease-s 0  DHCP lease started ip 10.1.1.19 --> mac 00:24:e8

:9d:08:3a, interface ethernet1/4

2012/12/09 23:58:37 info     dhcp           server- 0  DHCP server on. interface ethernet1/4

2012/12/10 00:07:54 info     dhcp           lease-s 0  DHCP lease started ip 10.1.1.15 --> mac 98:4b:4a

:67:ac:04, interface ethernet1/4

2012/12/10 00:08:21 info     dhcp           lease-s 0  DHCP lease started ip 10.1.1.23 --> mac e8:99:c4

:0a:1d:cf, interface ethernet1/4

2012/12/10 00:09:39 info     dhcp           lease-s 0  DHCP lease started ip 10.1.1.16 --> mac 00:24:d7

:94:39:80, interface ethernet1/4

2012/12/10 00:10:07 medium   dhcp           server- 0  DHCP server runs out of ip pool interface ethern

et1/4

2012/12/10 00:14:03 info     dhcp           lease-s 0  DHCP lease started ip 10.1.1.15 --> mac 98:4b:4a

:67:ac:04, interface ethernet1/4

2012/12/10 00:17:02 info     dhcp           lease-s 0  DHCP lease started ip 10.1.1.16 --> mac 00:24:d7

:94:39:80, interface ethernet1/4

admin@PA-200>

at 23:58:37 it just enabled dhcp on its own.

2012/12/09 23:58:37 info     dhcp           server- 0  DHCP server on. interface ethernet1/4

admin@PA-200> show log config start-time equal 2012/12/09@15:00:00

Time                Host            Command   Admin      Client Result

===============================================================================

2012/12/09 16:47:48 10.1.1.19       edit      admin      Web    Succeeded  (Data filtering changes to wildfire)

2012/12/09 16:48:04 10.1.1.19       commit    admin      Web    Submitted

2012/12/09 22:59:31 10.1.1.19       edit      admin      Web    Succeeded

2012/12/09 23:15:15 10.1.1.19       commit    admin      Web    Submitted

2012/12/09 23:25:22 10.1.1.19       edit      admin      Web    Succeeded (DHCP ethernet1/4 set to disable)

2012/12/09 23:25:36 10.1.1.19       commit    admin      Web    Submitted

2012/12/09 23:27:02 10.1.1.19       edit      admin      Web    Succeeded (DHCP ethernet1/4 set to enable)

2012/12/09 23:27:31 10.1.1.19       commit    admin      Web    Submitted

atleast it fixed it self but still concerning

Hello, we have isolated some DHCP issues internally.  If this issue does continue to persist I recommend opening a case with support. 

Otherwise we have addressed some issues in PAN-OS 5.0.1 with regards to DHCP.  I recommend upgrading to PAN-OS 5.0.1.

thank you i've upgraded to 5.0.1 and have not yet seen this issue happen again

Hello.

I don't think this issue has been resolved yet.

A customer (running PAN-OS 5.0.1) called today saying their DHCP on wireless isn't working. I checked the leases and I could see a few but none were from last couple of hours. After checking configuration (and finding out everything is ok) I decided to disable and enable again DHCP service on the interface where it wasn't working. In total there were 2 interfaces with DHCP configured on them. After enabling DHCP again and committing policy I tried to list leases again. But DHCP wasn't working on either interface! I checked configuration again and everything was ok. I tried deleting and configuring DHCP again but it didn't help. I tried enable in disabling it again but nothing worked. Last entry in dhcpd.log was 6 days old so that was no help either. After a while (between 1 and 2 hours) DHCP appeared again on both interfaces and started working.

So there are some serious issues with DHCP service in PAN-OS version 5.0.1 as well. Is there a way to start/stop/status dhcpd service from CLI?

Best regards,

Simon

Additional fixes regarding DHCP have gone into PAN OS 5.0.2. Here is a release note entry from the "Addressed issues" section for 5.0.2:

46849, 46844, 46681, 46474 – The firewall was intermittently failing to respond to DHCP requests from hosts after upgrading to PAN-OS 5.0. Issue due to a problem that occurred after lease information was saved on the firewall every 12 hours after a restart, the issue was cleared, but would then occur again after 12 hours.

DHCPD needs to be restarted from root if needed.

How do I login as root? Is it possible and allowed by PA?

You would have to contact Palo Alto Networks Support if a process needs to be restarted from root.

  • 1 accepted solution
  • 5115 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!