Using PAN as a DHCP Server - MAC Addresses are Case Sensitive

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Using PAN as a DHCP Server - MAC Addresses are Case Sensitive

L2 Linker

Hi everyone,

 

I'm having an issue trying to tell our account representative that PAN should treat upper-case or lower-case (or even mixed) MAC addresses as one entry.  I say this because I had an entry in our PAN DHCP Server all in lower-case (entered manually); later, I copied a MAC address into the system was wondering why the device didn't pick up the reserved IP address.  I found out that one was in lower-case and the other in upper-case.  I submitted this as a bug.  However, the tech engineer came back with the following:

 

Comment: Hello Raul,RE CASE # 02750803About this case,After reviewing your report it looks like the issue was not threating the MAC address as different entries, the issue was actually that since the first entry that you created (MAC lower-case) was still there, is expected it takes the priority.It would be require as you discover it later to remove any existing entry in case you want to change it for a new IP address.Note:Also I found a case were customer reported that he configure a DHCP reservation with MAC address uppercase and they reported connectivity issues on the device with that IP address, the issue in that case was resolve after configuring the reservation with the MAC address all lowercase.Based on this I suggest the following:-delete any existing reservation if MAC is the same and you want to assigned a new IP for that device.-use always lowercase in MAC as best practice.Please let me know if this answer your questions, if everything is fine please confirm if we can proceed to close the case.I will be attentive to your reply, thank you!Best Regards,Marvin Fernandez | Palo Alto Networks Technical Support TeamTechnical Support Team

 

As you can see, they plan to leave it as is, but I still think it's not right.  I consider this a bug.  Does anyone agree?

7 REPLIES 7

Cyber Elite
Cyber Elite

@RaulTrujillo,

Off of the reply that you posted, it doesn't look like this went to engineering. This is a bug and actually should be considered a regression considering it was addressed all the way back in 5.0.4 under 47237. The firewall should be normalizing entries to lowercase format when you enter a reservation. 

Cyber Elite
Cyber Elite

Hi @RaulTrujillo ,

 

From reading the notes, it sounds like you had duplicate entries in your DHCP reservations.  The engineer then adds a note that says maybe the case is an issue, but that is not the original problem.  Try different reservations in upper and lower case, and let the community know how it works.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

Cyber Elite
Cyber Elite

Permitting both lower and upper seems to be bug on Palo side but RFC is pretty clear about the case to use.

 

https://datatracker.ietf.org/doc/html/rfc5952#section-4.3

"The characters "a", "b", "c", "d", "e", and "f" in an IPv6 address MUST be represented in lowercase."

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

L2 Linker

Thanks Raido.  Is there a similar entry for IPv4?  I haven't migrated to IPv6.

Now comes the next question. Why do some vendors, developers, manufacturers, etc. use "-" (dash) and others ":" (colon)?

 

 

Thanks BPry.  I'll let the engineer working on my case that this was already an issue and it re-surfaced.

 

Cyber Elite
Cyber Elite

Scrap my comment.

I missed the point that you have issue with MAC and not IP address.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

I've been in IT for many years and fell for it.  No problem.  I didn't think it through until I saw your comment.  My reply probably triggered you to think it over.  LOL.

 

  • 3252 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!