DHCP Relay

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

DHCP Relay

L2 Linker

I have a strange intermittent problem with DHCP relay.  I have it setup on all our firewalls, PA-220, and they relay to servers in the data center (Windows 2016).  At some point the relay stops sending offers.  I can see the discovery packet and no offer after.  The firewalls connect to a Cisco 2960 switch, nothing crazy on the config.  It works then suddenly stops.  I can resolve the issue two ways and neither help me isolate the problem.

 

1.  I can reboot the switch

2.  I can remove and reapply the DHCP relay settings to the firewall (PA-220 so that takes a bit)

 

Anyone seen a similar problem or suggests on the switch config I may be missing?

3 REPLIES 3

L7 Applicator

Can you do a doodle...  not sure where the switch is in the equation or where the users and dhcp server sit...

 

Where are you seeing the discover... on th palo or windoze box...  perhaps wireshark the server to see if it is replying....

 

is the switch layer 2 or are you using ip helper...

more info may be helpful here ...

Hi Mick, here is the diagram.  The site uses SDWAN and connects to a PA-3220 at the data center.  The PANOS Version is 10.0.2.  Now the switch does not have IP helper on it, but it does not have routing services either.  All of this worked fine until recently and does not seem to correlate to a PANOS version either.  I am at a loss as to why rebooting the switch would work and removing the relay and re-adding works as well.  It has worked fine for years, until the last couple months.  The packet capture was from the workstation, but the plan next time is run it from the firewall as well.

Drawing1.jpg

Not sure what it could be, perhaps for some reason the traffic is getting NAT and server not recognising scope and perhaps interface change of state on relay palo is resetting policy...

 

it seems simple enough as switch on relay side is just layer 2.  I would capture trusted int on relay palo when broken to see if cisco is doing something odd... if broadcast is seen for dhcp then do the same on server palo interface. Probably teaching you to suck eggs here..... good luck...

  • 3212 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!