- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
07-28-2021 10:02 AM
I have a strange intermittent problem with DHCP relay. I have it setup on all our firewalls, PA-220, and they relay to servers in the data center (Windows 2016). At some point the relay stops sending offers. I can see the discovery packet and no offer after. The firewalls connect to a Cisco 2960 switch, nothing crazy on the config. It works then suddenly stops. I can resolve the issue two ways and neither help me isolate the problem.
1. I can reboot the switch
2. I can remove and reapply the DHCP relay settings to the firewall (PA-220 so that takes a bit)
Anyone seen a similar problem or suggests on the switch config I may be missing?
07-28-2021 10:14 AM
Can you do a doodle... not sure where the switch is in the equation or where the users and dhcp server sit...
Where are you seeing the discover... on th palo or windoze box... perhaps wireshark the server to see if it is replying....
is the switch layer 2 or are you using ip helper...
more info may be helpful here ...
07-28-2021 11:03 AM
Hi Mick, here is the diagram. The site uses SDWAN and connects to a PA-3220 at the data center. The PANOS Version is 10.0.2. Now the switch does not have IP helper on it, but it does not have routing services either. All of this worked fine until recently and does not seem to correlate to a PANOS version either. I am at a loss as to why rebooting the switch would work and removing the relay and re-adding works as well. It has worked fine for years, until the last couple months. The packet capture was from the workstation, but the plan next time is run it from the firewall as well.
07-28-2021 11:02 PM
Not sure what it could be, perhaps for some reason the traffic is getting NAT and server not recognising scope and perhaps interface change of state on relay palo is resetting policy...
it seems simple enough as switch on relay side is just layer 2. I would capture trusted int on relay palo when broken to see if cisco is doing something odd... if broadcast is seen for dhcp then do the same on server palo interface. Probably teaching you to suck eggs here..... good luck...
08-21-2024 02:28 PM
So honestly I am not sure I remember the solution, and it was many versions ago. But the bottom line of the problem was basically stale sessions, so I would clear the Dns sessions. What version of PANOS are you running? I will check my notes as well.
08-21-2024 02:34 PM
please try to remember , I have 11.0.2-h4 for the SD-Wan Branches , 10.2.7-h6 for the hub , and Cisco 9200 switches
08-21-2024 02:42 PM
I will. I know in the long run we moved away from dhcp servers and placed dhcp on the firewalls. It was part of longer term goals anyways.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!