Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 26 subscribers
  • Views 16817 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCP Offer Wrong Interface

Skyboo

Hello,

I have a issue with DHCP Request/Offer.

My setup is One interface (LAN) the same interface have vlan for Wifi. When a device ask for dhcp request it com in to the good interface but the respond (out)is going on both interface.

My tcpdump in the firewall is that if i do a request.

It only happen when AP is doing that, my VM that is on another vlan seem to be good.

Note that i also try another AP from another provider and doing same thing at the reply dhcp.

10:39:01.610228 Port1.105, IN: IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:97:f6:7c:b5:fc, length 314
10:39:01.610331 Port1, OUT: IP 192.168.123.1.67 > 192.168.123.100.68: BOOTP/DHCP, Reply, length 300
10:39:01.616808 Port1.105, IN: IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:97:f6:7c:b5:fc, length 326
10:39:01.821469 Port1.105, OUT: IP 192.168.105.1.67 > 192.168.105.100.68: BOOTP/DHCP, Reply, length 300
10:39:01.926434 Port1, OUT: IP 192.168.123.1.67 > 192.168.123.100.68: BOOTP/DHCP, Reply, length 300
10:39:02.015611 Port1.105, OUT: IP 192.168.105.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300

All DHCP is inside Sophos XG.

Another things, if i do wireshark on my pc locate at subnet 123 i detect dhcp offer but not the request.

that mean the AP seem to send the request in the correct vlan.

Does someone have any idea? That is could be a bug inside the dhcp?

Thank you



This thread was automatically locked due to age.
Parents
  • 0

    Another Detail

    When i go in the ARP it's show incomplete.

     

    I did see what could be wrong in the switch event on AP.

    It's seem to point with sophos that does not send packet correctly.

    Help will be appreciated.

    thanks all

Reply
  • 0

    Another Detail

    When i go in the ARP it's show incomplete.

     

    I did see what could be wrong in the switch event on AP.

    It's seem to point with sophos that does not send packet correctly.

    Help will be appreciated.

    thanks all

Children
  • 0 in reply to Skyboo

    Skyboo,

    can you share the DHCP configuration from XG UI?

    Thanks

  • 0 in reply to lferrara

     

    I also test with relay option and same issue.

    My pc in LAN is receiving the dhcp (wireshark).

    I also have some reservation in the pool.

    I use the vlan 106 to test because the 105 is need to work correctly.

    the AP is also in vlan 1 for management and wifi is all tag.

  • 0 in reply to Skyboo

    Skyboo,

    both VLAN 1 and VLAN 106 have the same IP address. This is the issue. DHCP relay and DHCP server must act on different networks.

    Regards

  • 0 in reply to lferrara

    Forget about the relay.

    before i set the relay the 106 as internal in the sophos and i have the same issue.

    see bellow

  • 0 in reply to Skyboo

    Skyboo,

    please open a ticket with support.

    Let us know.

    can you investigate in LAB this behavior? It should be very easy to simulate it.

    Thanks

  • 0 in reply to Skyboo

    Hi Skyboo,

    Go to Advance Console and send me a capture of the following command:

    tcpdump -nei any port 67 or port 68

    The packets should be tagged with ethertype 801.q as every VLAN is a separate broadcast domain, the packet arriving on the XG interface should be tagged which will tell the firewall to forward it on the respective VLAN interface. Here, I don't see the tagged packet in the dumps.

    Thanks

  • 0 in reply to sachingurung

    Hi,

    i try you command but a something wrong with the parameter.

    i try with port only

    i just try one dhcp request at this time and i think i get good ip but when you see the output is clear that is something wrong.

    one thing that i not mention, event if i disable the dhcp in this vlan 106 i get the ip of the other vlan.

    I can try it if you need.

    Let me know if you need more details.

    I really try few things event activate the ip spoofing but does not help at all.

    Thanks

    console> tcpdump 'port 67 or port 68'
    tcpdump: Starting Packet Dump
    22:17:02.554047 Port1.106, IN: IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:97:f6:7c:b5:fc, length 314
    22:17:03.739452 Port1, OUT: IP 192.168.123.1.67 > 192.168.123.112.68: BOOTP/DHCP, Reply, length 300
    22:17:03.758607 Port1, IN:   B 34:97:f6:7c:b5:fc ethertype Unknown (0x006a), length 374:
            0x0000:  0000 0800 4510 0162 0000 4000 4011 397c  ....E..b..@.@.9|
            0x0010:  0000 0000 ffff ffff 0044 0043 014e e454  .........D.C.N.T
            0x0020:  0101 0600 22c1 4dd8 0008 0000 0000 0000  ....".M.........
            0x0030:  0000 0000 0000 0000 0000 0000 3497 f67c  ............4..|
            0x0040:  b5fc 0000 0000 0000 0000 0000 0000 0000  ................
    22:17:03.758607 Port1.106, IN: IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:97:f6:7c:b5:fc, length 326
    22:17:03.932516 Port1, OUT: IP 192.168.123.1.67 > 192.168.123.112.68: BOOTP/DHCP, Reply, length 300
    22:17:04.019939 Port1.106, OUT: IP 192.168.106.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    22:17:04.019945 Port1, OUT: Out 00:ae:2a:df:04:01 ethertype Unknown (0x006a), length 348:
            0x0000:  0000 0800 4510 0148 0000 0000 8011 0eec  ....E..H........
            0x0010:  c0a8 6a01 ffff ffff 0043 0044 0134 92dd  ..j......C.D.4..
            0x0020:  0201 0600 22c1 4dd8 0008 8000 0000 0000  ....".M.........
            0x0030:  0000 0000 c0a8 6a01 0000 0000 3497 f67c  ......j.....4..|
            0x0040:  b5fc 0000 0000 0000 0000 0000 0000 0000  ................
    22:17:04.019980 Port1.106, OUT: IP 192.168.106.1.67 > 192.168.106.101.68: BOOTP/DHCP, Reply, length 300
    22:17:04.019981 Port1, OUT: Out 00:ae:2a:df:04:01 ethertype Unknown (0x006a), length 348:
            0x0000:  0000 0800 4510 0148 0000 0000 8011 e3dd  ....E..H........
            0x0010:  c0a8 6a01 c0a8 6a65 0043 0044 0134 9e5d  ..j...je.C.D.4.]
            0x0020:  0201 0600 22c1 4dd8 0007 0000 0000 0000  ....".M.........
            0x0030:  c0a8 6a65 0000 0000 0000 0000 3497 f67c  ..je........4..|
            0x0040:  b5fc 0000 0000 0000 0000 0000 0000 0000  ................

  • 0 in reply to Skyboo

    Skyboo,

    the command must be launched from advanced shell. Connect to XG console, option 5 and then 3.

    Regards

  • 0 in reply to lferrara

    Hi,

    Sorry my mistake

    I verify and i get 192.168.123.112 that is the wrong IP for this wifi.

    My AP is a tplink eap225, before i have the 901 version.

    I also test in the past week a Mikrotik device and it seem to doing that with all ap.

    Thanks

    19:10:26.406404 Port1, IN:   B 34:97:f6:7c:b5:fc ethertype Unknown (0x006a), length 362:
            0x0000:  0000 0800 4510 0156 0000 4000 4011 3988  ....E..V..@.@.9.
            0x0010:  0000 0000 ffff ffff 0044 0043 0142 94db  .........D.C.B..
            0x0020:  0101 0600 aa3e f7bf 0000 0000 0000 0000  .....>..........
            0x0030:  0000 0000 0000 0000 0000 0000 3497 f67c  ............4..|
            0x0040:  b5fc 0000 0000 0000 0000 0000 0000 0000  ................
    19:10:26.406404 Port1.106, IN:   B 34:97:f6:7c:b5:fc ethertype IPv4 (0x0800), length 358: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:97:f6:7c:b5:fc, length 314
    19:10:27.595455 Port1, OUT: Out 00:ae:2a:df:04:01 ethertype IPv4 (0x0800), length 344: 192.168.123.1.67 > 192.168.123.112.68: BOOTP/DHCP, Reply, length 300
    19:10:27.610620 Port1, IN:   B 34:97:f6:7c:b5:fc ethertype Unknown (0x006a), length 374:
            0x0000:  0000 0800 4510 0162 0000 4000 4011 397c  ....E..b..@.@.9|
            0x0010:  0000 0000 ffff ffff 0044 0043 014e b2f6  .........D.C.N..
            0x0020:  0101 0600 aa3e f7bf 0001 0000 0000 0000  .....>..........
            0x0030:  0000 0000 0000 0000 0000 0000 3497 f67c  ............4..|
            0x0040:  b5fc 0000 0000 0000 0000 0000 0000 0000  ................
    19:10:27.610620 Port1.106, IN:   B 34:97:f6:7c:b5:fc ethertype IPv4 (0x0800), length 370: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:97:f6:7c:b5:fc, length 326
    19:10:27.789391 Port1, OUT: Out 00:ae:2a:df:04:01 ethertype IPv4 (0x0800), length 344: 192.168.123.1.67 > 192.168.123.112.68: BOOTP/DHCP, Reply, length 300
    19:10:27.878116 Port1.106, OUT: Out 00:ae:2a:df:04:01 ethertype IPv4 (0x0800), length 344: 192.168.106.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    19:10:27.878121 Port1, OUT: Out 00:ae:2a:df:04:01 ethertype Unknown (0x006a), length 348:
            0x0000:  0000 0800 4510 0148 0000 0000 8011 0eec  ....E..H........
            0x0010:  c0a8 6a01 ffff ffff 0043 0044 0134 617f  ..j......C.D.4a.
            0x0020:  0201 0600 aa3e f7bf 0001 8000 0000 0000  .....>..........
            0x0030:  0000 0000 c0a8 6a01 0000 0000 3497 f67c  ......j.....4..|
            0x0040:  b5fc 0000 0000 0000 0000 0000 0000 0000  ................
    19:10:27.878155 Port1.106, OUT: Out 00:ae:2a:df:04:01 ethertype IPv4 (0x0800), length 344: 192.168.106.1.67 > 192.168.106.101.68: BOOTP/DHCP, Reply, length 300
    19:10:27.878157 Port1, OUT: Out 00:ae:2a:df:04:01 ethertype Unknown (0x006a), length 348:
            0x0000:  0000 0800 4510 0148 0000 0000 8011 e3dd  ....E..H........
            0x0010:  c0a8 6a01 c0a8 6a65 0043 0044 0134 6cff  ..j...je.C.D.4l.
            0x0020:  0201 0600 aa3e f7bf 0000 0000 0000 0000  .....>..........
            0x0030:  c0a8 6a65 0000 0000 0000 0000 3497 f67c  ..je........4..|
            0x0040:  b5fc 0000 0000 0000 0000 0000 0000 0000  ................

  • 0 in reply to Skyboo

    Hi Skyboo,

    I will DM you to investigate this further.