Palo Alto Networks Knowledgebase: Firewall Assigns Incorrect Subnet Mask to DHCP Clients

Firewall Assigns Incorrect Subnet Mask to DHCP Clients

1730
Created On 02/07/19 23:42 PM - Last Updated 02/07/19 23:42 PM
Mobile Network Infrastructure
Resolution

Symptom

The firewall sometimes allocates a different subnet mask than the one configured in the DHCP server setting.

 

Cause

The firewall allocates the subnet mask of the primary IP address on the DHCP interface to the addresses it leases out.

For example, the firewall below has been configured with an interface IP of 10.100.200.32/32 while the DHCP server on that interface has been configured with a pool of 10.100.200.0/24.

DHCP-interface.PNG

DHCP-config.PNG

 

The wireshark capture below shows a DHCP offer with a mask of 0.0.0.0 instead of 255.255.255.0.

DHCP subnet mask.PNG

 

owner: tasonibare



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClzKCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language