How to troubleshoot DHCP client interface IPv4 address assignment failure

• Check the physical connection of the interface and its network connectivity to the DHCP server.
• Verify the configuration of the interface as a DHCP client.
• Troubleshoot the DHCP process and, if needed, restart the process during a maintenance window.
• Check the system log for error messages to apply the appropriate remediation steps.

• NGFW
• DHCP client
• Interface
• IPv4

1. Check the physical connection of the interface, review your network topology to ensure its connectivity to the DHCP server.
2. Verify that the interface is correctly configured to be a DHCP client confirm that there are no misconfigurations or conflicts with other interfaces. Navigate to NETWORK > Interfaces > Ethernet the column IP Address should show Dynamic-DHCP Client.
3. If the problem is affecting all the interfaces configured as DHCP clients then troubleshoot the DHCP process using CLI Commands to Troubleshoot DHCP and if needed restart the DHCP process during a maintenance window using the command:

   > debug software restart process dhcp

   then ensure that the dhcp process is running using the command:

   > show system software status | match dhcp

4. Ensure that the firewall is running the current recommended version of PAN-OS, as updates may include fixes for DHCP-related issues.
5. For more details on the type of the DHCP issue encountered, check the system logs. Navigate to MONITOR > System then use the search filter ( subtype eq 'dhcp' ). Here are some recommendations specific to each error message seen:
   1. Error message:

      DHCP client cleared IP address on interface:ethernet1/2 due to: All Request retries exhausted.

      Verify the communication between the firewall dataplane interface and the DHCP server to ensure that no device is blocking it.
      In the Azure environment, for VM-series, if a hot-plug event occurs and the firewall is running a PAN-OS release prior to the versions containing the fix for PAN-187769, upgrade to a version 10.1.5, 10.2.1, or later.
   2. Error message:

      DHCP client cleared IP address on interface:ethernet1/12 due to: NAK from server

      Check if the DHCP server is receiving an invalid client ID. If so, clear the dhcp lease on the affected dataplane interface and manually request the renew of the lease as explained in How to Release DHCP-Assigned Addresses from a DHCP Server and ensure that the DHCP server is not running out of IP pool.

   3. Error message:

      DHCP client cleared IP address on interface:ethernet1/3 due to: Release initiated due to internal error. Please check for duplicate IPs or overlapping Subnets.

      This issue commonly occurs in the virtual environment where multiple firewall dataplane interfaces are part of the same subnet and virtual router.
      Ensure that each interface within a virtual router belongs to different network / subnet.
      For more information refer to : AWS: Dataplane interface not getting IP via DHCP . In some cases, simply disabling the Ethernet interface, releasing the IP, and then renewing the IP address for that dataplane interface can resolve the issue if it occurs after a firewall reboot.
   4. Error message:

      DHCP client cleared IP address on interface:ethernet1/4 due to: Lease expiry

      After repeated DHCP client requests to renew or rebind the IP address, the DHCP server does not respond, causing the leased IP address to expire. The DHCP client then moves to the INIT state. Possible reasons for the lease expiry include:
      1. No response from the DHCP server.
      2. The DHCP server is unavailable.
      3. The DHCP server is in a dead state.
      4. Loss of connectivity to the DHCP server.
6. The below messages could be expected if:
   1. There was a configuration change to uncheck the DHCP client setting under the interface configuration, the following message is expected:

      DHCP client cleared IP address on interface:ethernet1/2 due to: Configuration removed

      Otherwise, check the interface configuration. If you want the interface to get an IPv4 address assigned by DHCP refer to configure an interface as a dhcp client for IPv4.
   2. There was a release of DHCP lease triggered from CLI or UI, the following message is expected:

      DHCP client cleared IP address on interface:ethernet1/1 due to: Release trigger

      Possible reasons for the release trigger:
      1. The admin no longer needs the address on the interface.
      2. The admin requires a different address because the interface has moved to a different subnet.
   3. The DHCP renewal is triggered via CLI or UI, but the interface is not bound to a DHCP server, the following message is expected:

      DHCP client cleared IP address on interface:ethernet1/2 due to: renew triggered in non-Bound state, clearing

      Possible reasons is:
      1. The interface is down and the DHCP lease has been released. Afterwards, The admin triggered a renew while the DHCP client was in the 'INIT' state, which moved it to the 'SELECTING' state. Then the renew button was triggered again while the DHCP client was still in the 'SELECTING' state and not yet bound to a DHCP server.

This document only covers IPV4 DHCP client.