No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

DHCP Option 61 issue on USG6300

Publication Date:  2017-03-24 Views:  349 Downloads:  0
Issue Description

Topology: 



 

 

Configuration SW-CORE-CONANP-EJERCITO: 

===================================================

  ===============display version===============

===================================================

Huawei Versatile Security Platform Software

Software Version: USG6300 V100R001C30SPC200  (VRP (R) Software, Version 5.30)

Copyright (C) 2014-2015 Huawei Technologies Co., Ltd..

=================================================================

  ===============display current-configuration===============

=================================================================

#

 dhcp server ping timeout 150

 dhcp server ping packets 3

 dhcp enable

#

 dns resolve

 dns server 8.8.8.8

 undo dns transparent-proxy enable

#

interface GigabitEthernet0/0/0

 description WAN

 dhcp client enable

 lldp enable

 lldp tlv-enable basic-tlv all

 service-manage http permit

 service-manage https permit

 service-manage ping permit

 service-manage ssh permit

 service-manage snmp permit

 service-manage telnet permit

#

security-policy

 rule name prueba_82529

  source-zone untrust

  destination-zone local

  service bootpc

  service bootps

  action permit

#

firewall zone local

 set priority 100

#

firewall zone trust

 set priority 85

 add interface GigabitEthernet0/0/1

 add interface GigabitEthernet0/0/2

 add interface GigabitEthernet0/0/3

 add interface GigabitEthernet0/0/4

 add interface GigabitEthernet0/0/5

 add interface GigabitEthernet0/0/6

 add interface GigabitEthernet0/0/7

#

firewall zone untrust

 set priority 5

 add interface GigabitEthernet0/0/0

#

firewall zone dmz

 set priority 50

#

 

 

ip route-static 0.0.0.0 0.0.0.0 172.30.36.1

#

Symptom:

Interface GE 0/0/0 cannot get IP dynamically from DHCP-Server (CISCO). So, It cannot connect to the Internet.

If a PC is replaced instead the USG, it can get IP dynamically.

 

 

<82529_EDOMEX_TEPOTZOTLAN>display ip interface brief

*down: administratively down

(s): spoofing

Interface                   IP Address      Physical Protocol Description

GigabitEthernet0/0/0        unassigned      up       down     WAN        

LoopBack1                   10.7.XXX.XXX    up       up(s)    loopback.gestion

 

=====================================================

  ===============display interface===============

=====================================================

22:13:02  2017/01/31

GigabitEthernet0/0/0 current state : UP  

Line protocol current state : DOWN

GigabitEthernet0/0/0 current firewall zone : untrust

Description : WAN, Route Port

The Maximum Transmit Unit is 1500 bytes, Hold timer is 10(sec)

Internet protocol processing : disabled

IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 7ca2-3ee1-6890

Media type is twisted pair, loopback not set, promiscuous mode not set

100Mb/s-speed mode, full-duplex mode, link type is auto negotiation

QoS max-bandwidth : 100000 Kbps

Output queue : (Urgent queue : Size/Length/Discards)  0/50/0

Output queue : (Frag queue : Size/Length/Discards)  0/1000/0

Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0

Output queue : (FIFO queue : Size/Length/Discards)  0/256/0

    Last 30 seconds input rate 486  bytes/sec, 1  packets/sec

    Last 30 seconds output rate 33  bytes/sec, 0  packets/sec

    Input: 345127 packets, 112320594 bytes

          9 unicasts, 249211 broadcasts, 95907 multicasts, 0 pauses

          0 overruns, 0 runts, * jumbos, 0 FCS errors

          * length errors,  0 code errors, * align errors

          0 fragment errors,  0 giants, 0 jabber errors

          * dribble condition detected,  0 other errors

    Output: 36628 packets, 12401549 bytes

          0 unicasts, 25281 broadcasts, 11347 multicasts, 0 pauses

          0 underruns, 0 runts, * jumbos, 0 FCS errors

          * fragment errors, 0 giants, * jabber errors

          0 collisions, 0 late collisions

          0 ex. collisions, 0 deferred, 0 other errors


Handling Process

 

  1. 1.  Device was upgraded to the latest version available V100R001C30SPC600 with the patch SPH606 getting the same behavior.
  2. 2. Collect the debugging from DHCP-Client (USG)

 

Debugging operation:

 

<81112_EDOMEX_TECAMAC>debugging dhcp client all

18:04:44  2017/02/16

<81112_EDOMEX_TECAMAC>t m

18:04:46  2017/02/16

Info: Current terminal monitor is on

 

<81112_EDOMEX_TECAMAC>t d

18:04:50  2017/02/16

                    Info: Current terminal debugging is on

 

<81112_EDOMEX_TECAMAC>

#2017-02-16 18:05:09 81112_EDOMEX_TECAMAC IFNET/2/IF_PVCUP:1.3.6.1.6.3.1.1.5.4 interface 513 turns into UP state.(AdminStatus=1,OperStatus=1,InterfaceName=GigabitEthernet0/0/0)

2017-02-16 18:05:09 81112_EDOMEX_TECAMAC %%01PHY/2/STATUSUP(l): GigabitEthernet0/0/0 changed status to up.

*0.724530 81112_EDOMEX_TECAMAC DHCPC/7/DHCPC_DEBUG_COMMON:

GigabitEthernet0/0/0: FSM state transfer(SELECTING-->INIT) successfully.

*0.724690 81112_EDOMEX_TECAMAC DHCPC/7/DHCPC_DEBUG_COMMON:

GigabitEthernet0/0/0: Send DHCPDISCOVER in 10 seconds.

*0.733340 81112_EDOMEX_TECAMAC DHCPC/7/DHCPC_DEBUG_COMMON:

GigabitEthernet0/0/0: Recv DHCP packet for other client(fce3-3ca5-aaba), ignore it.

*0.733520 81112_EDOMEX_TECAMAC DHCPC/7/DHCPC_DEBUG_COMMON:

GigabitEthernet0/0/0: Received a invalid DHCP packet.

*0.734180 81112_EDOMEX_TECAMAC DHCPC/7/DHCPC_DEBUG_COMMON:

GigabitEthernet0/0/0: Create DHCP packet successfully!

*0.734320 81112_EDOMEX_TECAMAC DHCPC/7/DHCPC_DEBUG_COMMON:

GigabitEthernet0/0/0: Send a packet...

  Head : op(BOOTREQUEST); htype(ETHERNET); hlen(6); xid(0x58a5e9d5);

    ciaddr(0.0.0.0); yiaddr(0.0.0.0); chaddr(244c-072c-6fb8);

  Options :

    63 82 53 63 35 01 01 37 07 01 03 06 0F 21 2C 2E

    39 02 04 80 3C 06 48 75 61 77 65 69 3D 2A 48 55

    41 57 45 49 2D 32 34 34 63 2D 30 37 32 63 2D 36

    66 62 38 2D 47 69 67 61 62 69 74 45 74 68 65 72

    6E 65 74 30 2F 30 2F 30 FF

 

*0.734940 81112_EDOMEX_TECAMAC DHCPC/7/DHCPC_DEBUG_COMMON:

GigabitEthernet0/0/0: Send DHCPDISCOVER successfully.

*0.735080 81112_EDOMEX_TECAMAC DHCPC/7/DHCPC_DEBUG_COMMON:

GigabitEthernet0/0/0: FSM state transfer(INIT-->SELECTING) successfully.

*0.735490 81112_EDOMEX_TECAMAC DHCPC/7/DHCPC_DEBUG_COMMON:

GigabitEthernet0/0/0: Resend DHCPDISCOVER for the 1st time....successfully.

*0.736430 81112_EDOMEX_TECAMAC DHCPC/7/DHCPC_DEBUG_COMMON:

GigabitEthernet0/0/0: Recv a packet...

  Head : op(BOOTPREPLY); htype(ETHERNET); hlen(6); xid(0x58a5e9d5);

    ciaddr(0.0.0.0); yiaddr(10.7.1.45); chaddr(244c-072c-6fb8);

  Options :

    63 82 53 63 35 01 02 3D 2A 48 55 41 57 45 49 2D

    32 34 34 63 2D 30 37 32 63 2D 36 66 62 38 2D 47

    69 67 61 62 69 74 45 74 68 65 72 6E 65 74 30 2F

    30 2F 30 36 04 0A 07 01 01 33 04 00 01 51 80 3A

    04 00 00 A8 C0 3B 04 00 01 27 50 01 04 FF FF FF

    00 03 04 0A 07 01 01 06 04 BB BE F1 02 FF

 

*0.737140 81112_EDOMEX_TECAMAC DHCPC/7/DHCPC_DEBUG_COMMON:

GigabitEthernet0/0/0: Option 61 is unnessary!

*0.737270 81112_EDOMEX_TECAMAC DHCPC/7/DHCPC_DEBUG_COMMON:

GigabitEthernet0/0/0: Received a invalid DHCP packet.

*0.738810 81112_EDOMEX_TECAMAC DHCPC/7/DHCPC_DEBUG_COMMON:

GigabitEthernet0/0/0: Resend DHCPDISCOVER for the 2nd time....successfully.

*0.738980 81112_EDOMEX_TECAMAC DHCPC/7/DHCPC_DEBUG_COMMON:

GigabitEthernet0/0/0: Recv a packet...

  Head : op(BOOTPREPLY); htype(ETHERNET); hlen(6); xid(0x58a5e9d5);

    ciaddr(0.0.0.0); yiaddr(10.7.1.45); chaddr(244c-072c-6fb8);

  Options :

    63 82 53 63 35 01 02 3D 2A 48 55 41 57 45 49 2D

    32 34 34 63 2D 30 37 32 63 2D 36 66 62 38 2D 47

    69 67 61 62 69 74 45 74 68 65 72 6E 65 74 30 2F

    30 2F 30 36 04 0A 07 01 01 33 04 00 01 51 80 3A

    04 00 00 A8 C0 3B 04 00 01 27 50 01 04 FF FF FF

    00 03 04 0A 07 01 01 06 04 BB BE F1 02 FF

 

*0.739690 81112_EDOMEX_TECAMAC DHCPC/7/DHCPC_DEBUG_COMMON:

GigabitEthernet0/0/0: Option 61 is unnessary!

*0.739820 81112_EDOMEX_TECAMAC DHCPC/7/DHCPC_DEBUG_COMMON:

GigabitEthernet0/0/0: Received a invalid DHCP packet.

*0.746130 81112_EDOMEX_TECAMAC DHCPC/7/DHCPC_DEBUG_COMMON:

                   GigabitEthernet0/0/0: Resend DHCPDISCOVER for the 3rd time....successfully.

Root Cause

Option 61 is the dhcp-client-identifier.

 

DHCP server considers that dhcp-client-identifier is a unique

Identifier for a dhcp client. If the client makes a request with

a particular client-identifier then it will be recognized as

the same host when it renews or makes any other request to the

Server.

 

However Huawei USG does not support the DHCP with Option 61

Solution

Do changes on DHCP-Server Cisco in order to don’t use Option 61

 

OR

 

Configure an static IP-Address to the Interface

Suggestions

Use the versino V500R001.

END