DHCP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

DHCP

L2 Linker

We've used Palo alto as DHCP server for all our wireless infrastructure, we notice that after one hour the IP has to expire and be release, however it keep the expired session on the DHCP and we have to manually clear out this from cli.

 

Once the pool is full no dhcp ip is released.

 

Anyone does know the issue?

 

Secondly can we automate the commands to run at specific time on Palo alto. E.g show session run every 8 hours

 

Thanks

5 REPLIES 5

L2 Linker

Any hints please on how to troubleshoot this expired session

Cyber Elite
Cyber Elite

Hi Denis

 

1.

Could you elaborate on your DHCP configuration (and PAN-OS version, some old version may have a bug)?

The default setting is an unlimited lease, this could cause your problem as leases will not be released

 

A lease may remain visible after the client has gone offline/off network, but the lease should be reused once the lease period has expired and a client requests an IP (unless the lease is unlimited)

 

2.

you can automate an API call to fetch the info you like whenever you want:

/api/?type=op&cmd=<show><session><all></all></session></show>

here's a few helpful articles on the API:

Tips & Tricks: API configuration

Getting Started with the API

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hello,

 

Answers are below

 

(1) We currently have a lease time of 1 hr and no Reserve IP.  We are running PAN OS 7.1.0.

 

(2) Can you please explain to me how can I schedule the task of clearing DHCP from the API.

 

Thanks.

I'd recommend upgrading your PAN-OS to a more recent version, 7.1.7 and 7.1.8 are currently recommended releases , in case the .0 release has a bug that locks the leases somehow. if that doesn't fix the issue you may need to get in touch with support.

 

for a scheduled API call you could use this command:

/api/?type=op&cmd=<clear><dhcp><lease><all></all></lease></dhcp></clear>

there's an API browser that allows you to explore all available commands:

https://<IP of your firewall>/API
Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

 

1) Update away from 7.1.0 and install the latest supported 7.1.*. The version you are currently running was very early in the 7.1 life cycle and has some bugs you may be running into. 

 

The api call would look something like https://firewall/api/?type=op&cmd=<clear><dhcp><lease><all><expired-only></expired-only></all></lease></dhcp></clear>&key=apikey 

Replace firewall and apikey with whatever your local values should be. 

If you were looking to schedule it you could easily do this with a powershell script. Keep in mind that the api call I have listed is only looking for expired leases across all interfaces, which sounds like what you need but you may need to modify to meet your needs. 

  • 3071 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!