How to troubleshoot DHCP client interface IP address Clearance
907
Created On 07/10/24 16:33 PM - Last Modified 07/10/24 18:55 PM
Objective
- Check the physical cable of the interface and its connectivity to the DHCP server.
- Verify the configuration of the interface as a DHCP client.
- Troubleshoot the DHCP process and, if needed, restart the process during a maintenance window.
- Check the system log for error messages to apply the appropriate remediation steps.
Environment
- NGFW
- DHCP client
- Interface
Procedure
- Check the physical cable of the interface, review your network topology to ensure its connectivity to the DHCP server.
- Verify that the interface is correctly configured to be a DHCP client confirm that there are no misconfigurations or conflicts with other interfaces. Navigate to NETWORK > Interfaces > Ethernet the column IP Address should show Dynamic-DHCP Client.
- If the problem is affecting all the interfaces configured as DHCP clients then troubleshoot the DHCP process using CLI Commands to Troubleshoot DHCP and if needed restart the DHCP process during a maintenance window using the command:
> debug software restart process dhcp
then ensure that the dhcp process is running using the command:> show system software status | match dhcp
- Ensure that the firewall is running the current recommended version of PAN-OS, as updates may include fixes for DHCP-related issues.
- For more details on the type of the DHCP issue encountered, check the system logs. Navigate to MONITOR > System then use the search filter ( subtype eq 'dhcp' ). Here are some recommendations specific to each error message seen:
- Error message:
DHCP client cleared IP address on interface:ethernet1/2 due to: Configuration removed
Check the interface configuration. - Error message:
DHCP client cleared IP address on interface:ethernet1/2 due to: All Request retries exhausted.
Verify the communication between the firewall dataplane interface and the DHCP server to ensure that no device is blocking it.
In the Azure environment, for VM-series, if a hot-plug event occurs and the firewall is running a PAN-OS release prior to the versions containing the fix for PAN-187769, upgrade to a version 10.1.5, 10.2.1, or later - Error message:
DHCP client cleared IP address on interface:ethernet1/12 due to: NAK from server
Check if the DHCP server is receiving an invalid client ID. If so, clear the dhcp lease on the affected dataplane interface and manually request the renew of the lease as explained in How to Release DHCP-Assigned Addresses from a DHCP Server and ensure that the DHCP server is not running out of IP pool.
- Error message:
DHCP client cleared IP address on interface:ethernet1/2 due to: renew triggered in non-Bound state, clearing
Try disabling and then enabling the interface. If the issue persists, restart the DHCP process during a maintenance window.
If running PAN-OS version 10.2.x but less than 10.2.4-h4, check if the issue is related to a software problem fixed in version 10.2.4-h4 and later releases. - Error message:
DHCP client cleared IP address on interface:ethernet1/3 due to: Release initiated due to internal error. Please check for duplicate IPs or overlapping Subnets.
This issue commonly occurs in the virtual environment where multiple firewall dataplane interfaces are part of the same subnet and virtual router.
Ensure that each interface within a virtual router belongs to different network / subnet.
For more information refer to : AWS: Dataplane interface not getting IP via DHCP . In some cases, simply disabling the Ethernet interface, releasing the IP, and then renewing the IP address for that dataplane interface can resolve the issue if it occurs after a firewall reboot.
- Error message: