cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Faulty DHCP Relay (dropped)

Jump to solution

Hello Community,

I got a Check Point 5800 VRRP Cluster and need to define a DHCP relay for one ip-network.
I configured the DHCP-Relay according to the admin-guide on both gaias and the firewall policies are established as well (stealth-rule any,any,accpept anyway). As primary address I configured the VRRP VIP.

It doesn't work.

If I have a look on the monitoring-tab, I can see:

Dropped -
No bootp relay on in interface: 4510

Does anybody experienced similar problems?
I have no idea how to troubleshoot this and the error-message cannot be found in the check point support area.

I use Gaia R77.30 Take 302

I'm looking forward for any ideas/hints

Best Regards

Johannes

Tags (1)
0 Kudos
1 Solution

Accepted Solutions

Re: Faulty DHCP Relay (dropped)

Jump to solution

Okay, issue solved - there was a routing issue and so the servers were not reachable from a specific virtual router inside the core switch.

I thought the error-messages in the dhcp-relay monitor where targeting to something else, but that is clear now.

Thanks for your suggestions.

0 Kudos
5 Replies
Admin
Admin

Re: Faulty DHCP Relay (dropped)

Jump to solution

Have you tried some of the troubleshooting steps here?

Troubleshooting DHCP Relay Issues 

Re: Faulty DHCP Relay (dropped)

Jump to solution

Can you share the output of: show configuration bootp

Also did you add a rule allowing traffic from any to 255.255.255.255 with service dhcp_req ?

There are some changes in the way GAIA since R77.20 is handling DHCP-Relay. check sk104114 Configuration of IPv4 BOOTP/DHCP Relay using new services and sk98839 Configuration of IPv4 BOOTP/DHCP Relay using legacy services to see the differences.

Regards, Maarten
0 Kudos

Re: Faulty DHCP Relay (dropped)

Jump to solution

Dear Maarten,

there are rules to allow DHCP from any to the broadcast address and from the bond1.x network to the dhcp server as well.

Check Point> show configuration bootp
set bootp interface bond1.x relay-to <dhcp-server> on
set bootp interface bond1.x primary <vrrp-vip of bond1.x> wait-time default on
set bootp interface bond1.x maxhopcount 15

When I enable the bootp traces, I can see, that the discover-request arrive at the bond1.x interface and are forwarded to the dhcp-server.

On the outgoing interface, I cannot see any dhcp requests.

Best Regards

Chacko

0 Kudos

Re: Faulty DHCP Relay (dropped)

Jump to solution

Little update:

"No bootp relay on in interface" warning means, there are dhcp recoverys reaching the Check Point interface, but there is nothing configured.

0 Kudos

Re: Faulty DHCP Relay (dropped)

Jump to solution

Okay, issue solved - there was a routing issue and so the servers were not reachable from a specific virtual router inside the core switch.

I thought the error-messages in the dhcp-relay monitor where targeting to something else, but that is clear now.

Thanks for your suggestions.

0 Kudos