DHCP issue

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DHCP issue

L1 Bithead

Hi Team,

Customers have PA-220 running 10.0.0 and migrated to PA-1410 running 11.0.1-h2
from PA-1410 - 11.0.1-h2 unable to get DHCP ip from the firewall for Android and iPhone devices. The same devices are getting IP from PA-220 running 10.0.0 versions.

 

Following pan_dhcpd logs from PA-1410

DHCPD log

==========

2023-06-22 10:15:18.098 -0500 Error: pan_dhcpd_ha_msg_send(pan_dhcpd_ha.c:527): can't send msg, state is Unknown
2023-06-22 10:15:20.124 -0500 Error: pan_dhcpd_ha_msg_send(pan_dhcpd_ha.c:527): can't send msg, state is Unknown
2023-06-22 10:15:22.557 -0500 Error: pan_dhcpd_ha_msg_send(pan_dhcpd_ha.c:527): can't send msg, state is Unknown
2023-06-22 10:15:22.557 -0500 DHCP lease started2023-06-22 10:15:22.557 -0500 ip 10.95.10.5 --> mac 8e:29:d1:c0:50:8b - hostname Pixel-7, interface ethernet1/2.10
2023-06-22 10:15:46.213 -0500 Error: pan_dhcpd_ha_msg_send(pan_dhcpd_ha.c:527): can't send msg, state is Unknown
2023-06-22 10:16:28.949 -0500 Error: pan_dhcpd_ha_msg_send(pan_dhcpd_ha.c:527): can't send msg, state is Unknown
2023-06-22 10:16:28.949 -0500 DHCP lease started2023-06-22 10:16:28.949 -0500 ip 10.95.10.5 --> mac 8e:29:d1:c0:50:8b - hostname Pixel-7, interface ethernet1/2.10
2023-06-22 10:16:33.786 -0500 Error: pan_dhcpd_ha_msg_send(pan_dhcpd_ha.c:527): can't send msg, state is Unknown
2023-06-22 10:16:33.786 -0500 DHCP lease started2023-06-22 10:16:33.786 -0500 ip 10.95.10.5 --> mac 8e:29:d1:c0:50:8b - hostname Pixel-7, interface ethernet1/2.10

 

3 REPLIES 3

Community Team Member

Hi @vij ,

 

Have you tried restarting the DHCP service on the firewall ?

If it's not working I'd recommend getting PCAPs to confirm a couple of things.

 

Are you receiving the discover packet from the client, are you sending the offer packet out to the client, is the client receiving the offer packet ?

Grab all the debug level logs if possible to get more verbose logging.

 

I've seen the same error appear in bug-ID PAN-189196 but I can't confirm if you're hitting the same bug or if you're experiencing a different issue.  In that particular scenario there was a reserved address configured for the DHCP client and the client was sending DHCP requests from a different IP address from the reserved address... as a result the firewall did not send out the DHCP NAK packet.  But like I said, I can't confirm if you're hitting the same issue.

 

I suggest getting debug level logs and a tech support file for further analysis.

 

Kind regards,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

L3 Networker

Can you share configuration of both firewalls

Best Regards,
Suresh

L1 Bithead

I have attached PA-1410 TSF and PCAP logs, attached in this chat.

  • 1879 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!