Overview
This document explains why the Palo Alto Network firewall, acting as a DHCP server, sends a DHCP NAK message to the DHCP client.
Details
An interface on the Palo Alto Networks firewall, acting as a DHCP server, is unable to allocate an IP to the requesting DHCP client and sends a DHCP NAK message to the client. In the following Wireshark PCAP snippet, taken on the DHCP client, 192.168.96.1 is the DHCP server sending a DHCP NAK message for every DHCP discover message received from the client:
No. Time Source Destination Protocol Length Info
1700 2015-01-15 04:31:57.664754000 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x86a86df9
No. Time Source Destination Protocol Length Info
1701 2015-01-15 04:31:57.665832000 192.168.96.1 255.255.255.255 DHCP 342 DHCP NAK - Transaction ID 0x86a86df9
Frame 1701: 342 bytes on wire (2736 bits), 342 bytes captured (2736 bits) on interface 0
Ethernet II, Src: PaloAlto_f8:a8:13 (00:1b:17:f8:a8:13), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 192.168.96.1 (192.168.96.1), Dst: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68)
Bootstrap Protocol
Message type: Boot Reply (2)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x86a86df9
Seconds elapsed: 42
Bootp flags: 0x0000 (Unicast)
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: Apple_12:50:06 (80:49:71:12:50:06)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type
Length: 1
DHCP: NAK (6)
Option: (54) DHCP Server Identifier
Length: 4
DHCP Server Identifier: 192.168.96.1 (192.168.96.1)
Option: (255) End
Option End: 255
Padding
This event occurs when the DHCP server has ran out of IP pool and a corresponding system log entry is generated, as shown below:
Users can either clear the DHCP lease by using the following CLI command, or increase the IP pool range:
> clear dhcp lease interface ethernet1/4
> expired-only clear expired leases
> ip clear lease for IP address
> mac clear lease for mac address (format xx:xx:xx:xx:xx:xx)
<Enter> Finish input
owner: gchandrasekaran