DHCP with ISP router don't work :/

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

DHCP with ISP router don't work :/

L1 Bithead

Hi,

just purchased a PA-3260 and trying to configure it to use DHCP with my ISP router.

The DHCP server works fine on the ISP router, tried it on my laptop.

I reset the PA-3260 than i removed the wired interface and select the first interface and set ip up as DHCP client with default router and untrust zone.

The zones are in Layer3 mode.

 

But it stucks on selecting state...

I tested it with another ISP modem, many others interfaces, others cable even fiber one.

Policys are the default one, even with a policy allowing dhcp on untrust zone doesn't work.

 

When i set it in static, there is no connectivity between the PA and ISP modem

 

Any help wil be greatly appreciated

Thanks

 

1 accepted solution

Accepted Solutions

L4 Transporter

Hello @Ertu57 ,

You can do a factory reset from Maintenance Mode or from CLI.

Performing a factory reset will not change the running version of PAN-OS, but will erase all configurations, logs and admin account.

Cheers,
Cosmin

Don't forget to Like items if a post is helpful to you!
Please help out other users and “Accept as Solution” if a post helps solve your problem!

Read more about how and why to accept solutions.

Disclaimer: All messages are my personal ones and do not represent my company's view in any way.

View solution in original post

30 REPLIES 30

Cyber Elite
Cyber Elite

Have you tried release/renew (have you tried turning it off and on again, sorry have to ask)

Are you connecting the ISP router directly to the interface or via a switch?

- Could it be the ISP connection requires a VLAN tag to work?

- if you're not using a switch, can you try using a switch (in case the link speed is somehow not able to sync up)

- have you tried manually setting the link speed/duplex?

Have you tried setting up a pcap on the eth1/1 interface to see if it is sending/receiving DHCP packets ?

 

 

 

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

L1 Bithead

Hi,

Thanks for your reply.

- when i connect my laptop on the ISP modem, i got a ip, then i think there is no vlan tag.

- I already try with a switch and exact same trouble

- tried this too, no luck

Even in static IP mode i can't get anything, no ping, no traceroute, nothing.

If i issue the command show counter global, i have no error at all

 

I'am realy lost.

I have configured 2 zones, LAN and WAN on Layer3

One new Virtual router VR1

Only default Policy applied, Intrazone and deny all

PING set to Management profile  under interface option

 

I follow step by step the intial configuration from Palo Alto guide and can't get it working 😕

 

L1 Bithead

If i release and renew the ip on the interface i'am stuck at INIT on release and then it stucks on SELECTING on renew

New zones

New virtual router

No policy added

all layer 3

Tested on RJ45 and fiber gbics.

DHCP only works on Management interface

What else can it try ?

L4 Transporter

Hi,

Maybe your ISP have configure the DHCP server not to release IP addresses for devices that are not sending also the hostname.

Windows clients will always send the hostname as part of the DHCP request.

Enable Send Hostname on your ethernet1/1 and try after.

Cheers,
Cosmin

Don't forget to Like items if a post is helpful to you!
Please help out other users and “Accept as Solution” if a post helps solve your problem!

Read more about how and why to accept solutions.

Disclaimer: All messages are my personal ones and do not represent my company's view in any way.

L1 Bithead

Just try with hostname and no luck still stuck on WAN and LAN side with DHCP and STATIC IP

L1 Bithead

Here is my config

L1 Bithead

If i set staic ip on LAN and WAN interfaces i can ping from lan the wan interface without any issue but still not my isp router at 192.168.1.1

L4 Transporter

Hi,

You can check DHCP log file pan_dhcpd.log to see if there are any errors.

The CLI command is:

less mp-log pan_dhcpd.log

or

tail follow yes mp-log pan_dhcpd.log     ----> for real-time logs

For more DHCP troubleshooting info, please look here:

 

Cheers,
Cosmin

Don't forget to Like items if a post is helpful to you!
Please help out other users and “Accept as Solution” if a post helps solve your problem!

Read more about how and why to accept solutions.

Disclaimer: All messages are my personal ones and do not represent my company's view in any way.

L1 Bithead

So many errors 😞

Here is the log

L1 Bithead

In real time for interface 1/3 to ISP modem

admin@PA3260-40G> tail follow yes mp-log pan_dhcpd.log
2024-12-04 02:44:51.145 -0800 Uninstalling old config...
2024-12-04 02:44:51.145 -0800 Installing new config
2024-12-04 02:44:51.145 -0800 Old config will be destructed after 1 seconds.
2024-12-04 02:44:51.145 -0800 Triggering CFG_INSTALL to worker thread in phase2
2024-12-04 02:44:51.145 -0800 Completed phase2 ---2---
2024-12-04 02:44:51.439 -0800 DHCP client triggered release on interface:ethernet1/19
2024-12-04 02:44:51.439 -0800 DHCP client cleared IP on interface: ethernet1/19
2024-12-04 02:44:51.439 -0800 DHCP client triggered release on interface:ethernet1/3
2024-12-04 02:44:51.439 -0800 DHCP client cleared IP on interface: ethernet1/3
2024-12-04 02:44:52.420 -0800 Delay Over. Destruct Old Config ...
2024-12-04 04:16:51.049 -0800 Triggered phase1 ---1---
2024-12-04 04:16:51.050 -0800 auto_mac_detect not configured, set to false, auto_mac_detect=0
2024-12-04 04:16:51.050 -0800 b_auto_mac_detect is set to 0
2024-12-04 04:16:51.050 -0800 auto-mac-detect is not forced, get configured value
2024-12-04 04:16:51.050 -0800 auto-mac-detect is disabled
2024-12-04 04:16:51.050 -0800 Completed phase1 ---1---
2024-12-04 04:17:03.374 -0800 sw.routed.runtime.interface.ethernet1/3 settings changed (update)
2024-12-04 04:17:03.374 -0800 Dhcpd received update for interface:ethernet1/3, if_index:66
2024-12-04 04:17:03.375 -0800 Error: pan_dhcpd_dyn_ip_if_cb(pan_dhcpd_sysd.c:1120): Error updating server interfaces with dyn info
2024-12-04 04:17:03.382 -0800 Triggered phase2 ---2---
2024-12-04 04:17:03.383 -0800 Installing new config
2024-12-04 04:17:03.383 -0800 Triggering CFG_INSTALL to worker thread in phase2
2024-12-04 04:17:03.383 -0800 Completed phase2 ---2---
2024-12-04 04:17:35.405 -0800 DHCP client triggered renew on interface:ethernet1/3
2024-12-04 04:19:18.405 -0800 DHCP client triggered renew on interface:ethernet1/3
admin@PA3260-40G> tail follow yes mp-log pan_dhcpd.logadmin@PA3260-40G> tail follow yes mp-log pan_dhcpd.log
2024-12-04 04:17:03.383 -0800 Triggering CFG_INSTALL to worker thread in phase2
2024-12-04 04:17:03.383 -0800 Completed phase2 ---2---
2024-12-04 04:17:35.405 -0800 DHCP client triggered renew on interface:ethernet1/3
2024-12-04 04:19:18.405 -0800 DHCP client triggered renew on interface:ethernet1/3

L1 Bithead

Do i have a faulty unit ?

 

2024-12-03 06:54:32.554 -0800 Warning: pan_dhcpd_setup_dp_conn(pan_dhcp_client_thread.c:172): Failed to connect to DP  <----
2024-12-03 06:54:37.554 -0800 Error: pan_dhcpd_setup_socket(pan_dhcpd.c:707): bind failed:(errno: 99) Cannot assign requested address

L1 Bithead

Here is the PCAP, the mac 34:e5:ec:a8:69:42 is the interface for the WAN side :

 

admin@PA3260-40G> debug dhcpd pcap on

admin@PA3260-40G> debug dhcpd pcap off

sw.pancap.feature-dhcp.vr-0.off:

admin@PA3260-40G> debug dhcpd pcap view

04:37:18.389617 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:37:22.389862 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:37:30.390045 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:37:41.312506 IP 10.1.0.222.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:0d:84:3c, length 244
04:37:41.312996 IP 10.1.0.220.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
04:37:46.390271 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:42:18.393195 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:42:22.393362 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:42:29.376062 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:42:33.376283 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:42:41.376453 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:42:42.376073 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:42:44.725353 IP 10.1.0.222.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:0d:84:3c, length 244
04:42:44.726135 IP 10.1.0.220.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
04:42:47.376149 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:42:51.376315 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300

L1 Bithead

Assign a temp static IP on WAN interface same DHCP IP Series and verify connectivity and check it is working or not.


Regards,
Ashish KUSHWAHA

L1 Bithead

Assigned a temp IP on WAN side 192.168.1.11/24

I can ping from LAN Interface 1/19 to WAN interface 1/3 but nothing else

I dont have connectivity after the PA-3260, can't ping the LAN side either my ISP modem 

  • 1 accepted solution
  • 18127 Views
  • 30 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!