Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Johannes_Schoen
Collaborator
Jump to solution

Faulty DHCP Relay (dropped)

Hello Community,

I got a Check Point 5800 VRRP Cluster and need to define a DHCP relay for one ip-network.
I configured the DHCP-Relay according to the admin-guide on both gaias and the firewall policies are established as well (stealth-rule any,any,accpept anyway). As primary address I configured the VRRP VIP.

It doesn't work.

If I have a look on the monitoring-tab, I can see:

Dropped -
No bootp relay on in interface: 4510

Does anybody experienced similar problems?
I have no idea how to troubleshoot this and the error-message cannot be found in the check point support area.

I use Gaia R77.30 Take 302

I'm looking forward for any ideas/hints

Best Regards

Johannes

0 Kudos
1 Solution

Accepted Solutions
Johannes_Schoen
Collaborator

Okay, issue solved - there was a routing issue and so the servers were not reachable from a specific virtual router inside the core switch.

I thought the error-messages in the dhcp-relay monitor where targeting to something else, but that is clear now.

Thanks for your suggestions.

View solution in original post

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

Have you tried some of the troubleshooting steps here?

Troubleshooting DHCP Relay Issues 

Maarten_Sjouw
Champion
Champion

Can you share the output of: show configuration bootp

Also did you add a rule allowing traffic from any to 255.255.255.255 with service dhcp_req ?

There are some changes in the way GAIA since R77.20 is handling DHCP-Relay. check sk104114 Configuration of IPv4 BOOTP/DHCP Relay using new services and sk98839 Configuration of IPv4 BOOTP/DHCP Relay using legacy services to see the differences.

Regards, Maarten
0 Kudos
Johannes_Schoen
Collaborator

Dear Maarten,

there are rules to allow DHCP from any to the broadcast address and from the bond1.x network to the dhcp server as well.

Check Point> show configuration bootp
set bootp interface bond1.x relay-to <dhcp-server> on
set bootp interface bond1.x primary <vrrp-vip of bond1.x> wait-time default on
set bootp interface bond1.x maxhopcount 15

When I enable the bootp traces, I can see, that the discover-request arrive at the bond1.x interface and are forwarded to the dhcp-server.

On the outgoing interface, I cannot see any dhcp requests.

Best Regards

Chacko

0 Kudos
Johannes_Schoen
Collaborator

Little update:

"No bootp relay on in interface" warning means, there are dhcp recoverys reaching the Check Point interface, but there is nothing configured.

0 Kudos
Johannes_Schoen
Collaborator

Okay, issue solved - there was a routing issue and so the servers were not reachable from a specific virtual router inside the core switch.

I thought the error-messages in the dhcp-relay monitor where targeting to something else, but that is clear now.

Thanks for your suggestions.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events