Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 26 subscribers
  • Views 16817 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCP Offer Wrong Interface

Skyboo

Hello,

I have a issue with DHCP Request/Offer.

My setup is One interface (LAN) the same interface have vlan for Wifi. When a device ask for dhcp request it com in to the good interface but the respond (out)is going on both interface.

My tcpdump in the firewall is that if i do a request.

It only happen when AP is doing that, my VM that is on another vlan seem to be good.

Note that i also try another AP from another provider and doing same thing at the reply dhcp.

10:39:01.610228 Port1.105, IN: IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:97:f6:7c:b5:fc, length 314
10:39:01.610331 Port1, OUT: IP 192.168.123.1.67 > 192.168.123.100.68: BOOTP/DHCP, Reply, length 300
10:39:01.616808 Port1.105, IN: IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:97:f6:7c:b5:fc, length 326
10:39:01.821469 Port1.105, OUT: IP 192.168.105.1.67 > 192.168.105.100.68: BOOTP/DHCP, Reply, length 300
10:39:01.926434 Port1, OUT: IP 192.168.123.1.67 > 192.168.123.100.68: BOOTP/DHCP, Reply, length 300
10:39:02.015611 Port1.105, OUT: IP 192.168.105.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300

All DHCP is inside Sophos XG.

Another things, if i do wireshark on my pc locate at subnet 123 i detect dhcp offer but not the request.

that mean the AP seem to send the request in the correct vlan.

Does someone have any idea? That is could be a bug inside the dhcp?

Thank you



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Skyboo

    Hi Skyboo,

    Go to Advance Console and send me a capture of the following command:

    tcpdump -nei any port 67 or port 68

    The packets should be tagged with ethertype 801.q as every VLAN is a separate broadcast domain, the packet arriving on the XG interface should be tagged which will tell the firewall to forward it on the respective VLAN interface. Here, I don't see the tagged packet in the dumps.

    Thanks

Children
  • 0 in reply to sachingurung

    Hi,

    i try you command but a something wrong with the parameter.

    i try with port only

    i just try one dhcp request at this time and i think i get good ip but when you see the output is clear that is something wrong.

    one thing that i not mention, event if i disable the dhcp in this vlan 106 i get the ip of the other vlan.

    I can try it if you need.

    Let me know if you need more details.

    I really try few things event activate the ip spoofing but does not help at all.

    Thanks

    console> tcpdump 'port 67 or port 68'
    tcpdump: Starting Packet Dump
    22:17:02.554047 Port1.106, IN: IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:97:f6:7c:b5:fc, length 314
    22:17:03.739452 Port1, OUT: IP 192.168.123.1.67 > 192.168.123.112.68: BOOTP/DHCP, Reply, length 300
    22:17:03.758607 Port1, IN:   B 34:97:f6:7c:b5:fc ethertype Unknown (0x006a), length 374:
            0x0000:  0000 0800 4510 0162 0000 4000 4011 397c  ....E..b..@.@.9|
            0x0010:  0000 0000 ffff ffff 0044 0043 014e e454  .........D.C.N.T
            0x0020:  0101 0600 22c1 4dd8 0008 0000 0000 0000  ....".M.........
            0x0030:  0000 0000 0000 0000 0000 0000 3497 f67c  ............4..|
            0x0040:  b5fc 0000 0000 0000 0000 0000 0000 0000  ................
    22:17:03.758607 Port1.106, IN: IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:97:f6:7c:b5:fc, length 326
    22:17:03.932516 Port1, OUT: IP 192.168.123.1.67 > 192.168.123.112.68: BOOTP/DHCP, Reply, length 300
    22:17:04.019939 Port1.106, OUT: IP 192.168.106.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    22:17:04.019945 Port1, OUT: Out 00:ae:2a:df:04:01 ethertype Unknown (0x006a), length 348:
            0x0000:  0000 0800 4510 0148 0000 0000 8011 0eec  ....E..H........
            0x0010:  c0a8 6a01 ffff ffff 0043 0044 0134 92dd  ..j......C.D.4..
            0x0020:  0201 0600 22c1 4dd8 0008 8000 0000 0000  ....".M.........
            0x0030:  0000 0000 c0a8 6a01 0000 0000 3497 f67c  ......j.....4..|
            0x0040:  b5fc 0000 0000 0000 0000 0000 0000 0000  ................
    22:17:04.019980 Port1.106, OUT: IP 192.168.106.1.67 > 192.168.106.101.68: BOOTP/DHCP, Reply, length 300
    22:17:04.019981 Port1, OUT: Out 00:ae:2a:df:04:01 ethertype Unknown (0x006a), length 348:
            0x0000:  0000 0800 4510 0148 0000 0000 8011 e3dd  ....E..H........
            0x0010:  c0a8 6a01 c0a8 6a65 0043 0044 0134 9e5d  ..j...je.C.D.4.]
            0x0020:  0201 0600 22c1 4dd8 0007 0000 0000 0000  ....".M.........
            0x0030:  c0a8 6a65 0000 0000 0000 0000 3497 f67c  ..je........4..|
            0x0040:  b5fc 0000 0000 0000 0000 0000 0000 0000  ................

  • 0 in reply to Skyboo

    Skyboo,

    the command must be launched from advanced shell. Connect to XG console, option 5 and then 3.

    Regards

  • 0 in reply to lferrara

    Hi,

    Sorry my mistake

    I verify and i get 192.168.123.112 that is the wrong IP for this wifi.

    My AP is a tplink eap225, before i have the 901 version.

    I also test in the past week a Mikrotik device and it seem to doing that with all ap.

    Thanks

    19:10:26.406404 Port1, IN:   B 34:97:f6:7c:b5:fc ethertype Unknown (0x006a), length 362:
            0x0000:  0000 0800 4510 0156 0000 4000 4011 3988  ....E..V..@.@.9.
            0x0010:  0000 0000 ffff ffff 0044 0043 0142 94db  .........D.C.B..
            0x0020:  0101 0600 aa3e f7bf 0000 0000 0000 0000  .....>..........
            0x0030:  0000 0000 0000 0000 0000 0000 3497 f67c  ............4..|
            0x0040:  b5fc 0000 0000 0000 0000 0000 0000 0000  ................
    19:10:26.406404 Port1.106, IN:   B 34:97:f6:7c:b5:fc ethertype IPv4 (0x0800), length 358: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:97:f6:7c:b5:fc, length 314
    19:10:27.595455 Port1, OUT: Out 00:ae:2a:df:04:01 ethertype IPv4 (0x0800), length 344: 192.168.123.1.67 > 192.168.123.112.68: BOOTP/DHCP, Reply, length 300
    19:10:27.610620 Port1, IN:   B 34:97:f6:7c:b5:fc ethertype Unknown (0x006a), length 374:
            0x0000:  0000 0800 4510 0162 0000 4000 4011 397c  ....E..b..@.@.9|
            0x0010:  0000 0000 ffff ffff 0044 0043 014e b2f6  .........D.C.N..
            0x0020:  0101 0600 aa3e f7bf 0001 0000 0000 0000  .....>..........
            0x0030:  0000 0000 0000 0000 0000 0000 3497 f67c  ............4..|
            0x0040:  b5fc 0000 0000 0000 0000 0000 0000 0000  ................
    19:10:27.610620 Port1.106, IN:   B 34:97:f6:7c:b5:fc ethertype IPv4 (0x0800), length 370: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 34:97:f6:7c:b5:fc, length 326
    19:10:27.789391 Port1, OUT: Out 00:ae:2a:df:04:01 ethertype IPv4 (0x0800), length 344: 192.168.123.1.67 > 192.168.123.112.68: BOOTP/DHCP, Reply, length 300
    19:10:27.878116 Port1.106, OUT: Out 00:ae:2a:df:04:01 ethertype IPv4 (0x0800), length 344: 192.168.106.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    19:10:27.878121 Port1, OUT: Out 00:ae:2a:df:04:01 ethertype Unknown (0x006a), length 348:
            0x0000:  0000 0800 4510 0148 0000 0000 8011 0eec  ....E..H........
            0x0010:  c0a8 6a01 ffff ffff 0043 0044 0134 617f  ..j......C.D.4a.
            0x0020:  0201 0600 aa3e f7bf 0001 8000 0000 0000  .....>..........
            0x0030:  0000 0000 c0a8 6a01 0000 0000 3497 f67c  ......j.....4..|
            0x0040:  b5fc 0000 0000 0000 0000 0000 0000 0000  ................
    19:10:27.878155 Port1.106, OUT: Out 00:ae:2a:df:04:01 ethertype IPv4 (0x0800), length 344: 192.168.106.1.67 > 192.168.106.101.68: BOOTP/DHCP, Reply, length 300
    19:10:27.878157 Port1, OUT: Out 00:ae:2a:df:04:01 ethertype Unknown (0x006a), length 348:
            0x0000:  0000 0800 4510 0148 0000 0000 8011 e3dd  ....E..H........
            0x0010:  c0a8 6a01 c0a8 6a65 0043 0044 0134 6cff  ..j...je.C.D.4l.
            0x0020:  0201 0600 aa3e f7bf 0000 0000 0000 0000  .....>..........
            0x0030:  c0a8 6a65 0000 0000 0000 0000 3497 f67c  ..je........4..|
            0x0040:  b5fc 0000 0000 0000 0000 0000 0000 0000  ................

  • 0 in reply to Skyboo

    Hi Skyboo,

    I will DM you to investigate this further.