- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-02-2024 08:28 AM - edited 12-02-2024 08:32 AM
Hi,
just purchased a PA-3260 and trying to configure it to use DHCP with my ISP router.
The DHCP server works fine on the ISP router, tried it on my laptop.
I reset the PA-3260 than i removed the wired interface and select the first interface and set ip up as DHCP client with default router and untrust zone.
The zones are in Layer3 mode.
But it stucks on selecting state...
I tested it with another ISP modem, many others interfaces, others cable even fiber one.
Policys are the default one, even with a policy allowing dhcp on untrust zone doesn't work.
When i set it in static, there is no connectivity between the PA and ISP modem
Any help wil be greatly appreciated
Thanks
12-13-2024 07:13 AM
Hello @Ertu57 ,
You can do a factory reset from Maintenance Mode or from CLI.
Performing a factory reset will not change the running version of PAN-OS, but will erase all configurations, logs and admin account.
12-03-2024 04:55 AM
Have you tried release/renew (have you tried turning it off and on again, sorry have to ask)
Are you connecting the ISP router directly to the interface or via a switch?
- Could it be the ISP connection requires a VLAN tag to work?
- if you're not using a switch, can you try using a switch (in case the link speed is somehow not able to sync up)
- have you tried manually setting the link speed/duplex?
Have you tried setting up a pcap on the eth1/1 interface to see if it is sending/receiving DHCP packets ?
12-04-2024 01:00 AM
Hi,
Thanks for your reply.
- when i connect my laptop on the ISP modem, i got a ip, then i think there is no vlan tag.
- I already try with a switch and exact same trouble
- tried this too, no luck
Even in static IP mode i can't get anything, no ping, no traceroute, nothing.
If i issue the command show counter global, i have no error at all
I'am realy lost.
I have configured 2 zones, LAN and WAN on Layer3
One new Virtual router VR1
Only default Policy applied, Intrazone and deny all
PING set to Management profile under interface option
I follow step by step the intial configuration from Palo Alto guide and can't get it working 😕
12-04-2024 01:06 AM
If i release and renew the ip on the interface i'am stuck at INIT on release and then it stucks on SELECTING on renew
New zones
New virtual router
No policy added
all layer 3
Tested on RJ45 and fiber gbics.
DHCP only works on Management interface
What else can it try ?
12-04-2024 01:25 AM
Hi,
Maybe your ISP have configure the DHCP server not to release IP addresses for devices that are not sending also the hostname.
Windows clients will always send the hostname as part of the DHCP request.
Enable Send Hostname on your ethernet1/1 and try after.
12-04-2024 01:39 AM - edited 12-04-2024 01:39 AM
Just try with hostname and no luck still stuck on WAN and LAN side with DHCP and STATIC IP
12-04-2024 01:45 AM - edited 12-04-2024 01:49 AM
12-04-2024 04:07 AM - edited 12-04-2024 04:11 AM
Hi,
You can check DHCP log file pan_dhcpd.log to see if there are any errors.
The CLI command is:
less mp-log pan_dhcpd.log
or
tail follow yes mp-log pan_dhcpd.log ----> for real-time logs
For more DHCP troubleshooting info, please look here:
12-04-2024 04:32 AM
In real time for interface 1/3 to ISP modem
admin@PA3260-40G> tail follow yes mp-log pan_dhcpd.log
2024-12-04 02:44:51.145 -0800 Uninstalling old config...
2024-12-04 02:44:51.145 -0800 Installing new config
2024-12-04 02:44:51.145 -0800 Old config will be destructed after 1 seconds.
2024-12-04 02:44:51.145 -0800 Triggering CFG_INSTALL to worker thread in phase2
2024-12-04 02:44:51.145 -0800 Completed phase2 ---2---
2024-12-04 02:44:51.439 -0800 DHCP client triggered release on interface:ethernet1/19
2024-12-04 02:44:51.439 -0800 DHCP client cleared IP on interface: ethernet1/19
2024-12-04 02:44:51.439 -0800 DHCP client triggered release on interface:ethernet1/3
2024-12-04 02:44:51.439 -0800 DHCP client cleared IP on interface: ethernet1/3
2024-12-04 02:44:52.420 -0800 Delay Over. Destruct Old Config ...
2024-12-04 04:16:51.049 -0800 Triggered phase1 ---1---
2024-12-04 04:16:51.050 -0800 auto_mac_detect not configured, set to false, auto_mac_detect=0
2024-12-04 04:16:51.050 -0800 b_auto_mac_detect is set to 0
2024-12-04 04:16:51.050 -0800 auto-mac-detect is not forced, get configured value
2024-12-04 04:16:51.050 -0800 auto-mac-detect is disabled
2024-12-04 04:16:51.050 -0800 Completed phase1 ---1---
2024-12-04 04:17:03.374 -0800 sw.routed.runtime.interface.ethernet1/3 settings changed (update)
2024-12-04 04:17:03.374 -0800 Dhcpd received update for interface:ethernet1/3, if_index:66
2024-12-04 04:17:03.375 -0800 Error: pan_dhcpd_dyn_ip_if_cb(pan_dhcpd_sysd.c:1120): Error updating server interfaces with dyn info
2024-12-04 04:17:03.382 -0800 Triggered phase2 ---2---
2024-12-04 04:17:03.383 -0800 Installing new config
2024-12-04 04:17:03.383 -0800 Triggering CFG_INSTALL to worker thread in phase2
2024-12-04 04:17:03.383 -0800 Completed phase2 ---2---
2024-12-04 04:17:35.405 -0800 DHCP client triggered renew on interface:ethernet1/3
2024-12-04 04:19:18.405 -0800 DHCP client triggered renew on interface:ethernet1/3
admin@PA3260-40G> tail follow yes mp-log pan_dhcpd.logadmin@PA3260-40G> tail follow yes mp-log pan_dhcpd.log
2024-12-04 04:17:03.383 -0800 Triggering CFG_INSTALL to worker thread in phase2
2024-12-04 04:17:03.383 -0800 Completed phase2 ---2---
2024-12-04 04:17:35.405 -0800 DHCP client triggered renew on interface:ethernet1/3
2024-12-04 04:19:18.405 -0800 DHCP client triggered renew on interface:ethernet1/3
12-04-2024 04:34 AM
Do i have a faulty unit ?
2024-12-03 06:54:32.554 -0800 Warning: pan_dhcpd_setup_dp_conn(pan_dhcp_client_thread.c:172): Failed to connect to DP <----
2024-12-03 06:54:37.554 -0800 Error: pan_dhcpd_setup_socket(pan_dhcpd.c:707): bind failed:(errno: 99) Cannot assign requested address
12-04-2024 04:56 AM
Here is the PCAP, the mac 34:e5:ec:a8:69:42 is the interface for the WAN side :
admin@PA3260-40G> debug dhcpd pcap on
admin@PA3260-40G> debug dhcpd pcap off
sw.pancap.feature-dhcp.vr-0.off:
admin@PA3260-40G> debug dhcpd pcap view
04:37:18.389617 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:37:22.389862 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:37:30.390045 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:37:41.312506 IP 10.1.0.222.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:0d:84:3c, length 244
04:37:41.312996 IP 10.1.0.220.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
04:37:46.390271 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:42:18.393195 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:42:22.393362 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:42:29.376062 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:42:33.376283 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:42:41.376453 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:42:42.376073 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:42:44.725353 IP 10.1.0.222.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:0d:84:3c, length 244
04:42:44.726135 IP 10.1.0.220.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
04:42:47.376149 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
04:42:51.376315 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:e5:ec:a8:69:42, length 300
12-04-2024 05:15 AM
Assign a temp static IP on WAN interface same DHCP IP Series and verify connectivity and check it is working or not.
12-04-2024 05:35 AM
Assigned a temp IP on WAN side 192.168.1.11/24
I can ping from LAN Interface 1/19 to WAN interface 1/3 but nothing else
I dont have connectivity after the PA-3260, can't ping the LAN side either my ISP modem
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!