End Users Fail to Automatically Obtain IP Addresses From the DHCP Server Through a Firewall in Transparent Mode
Publication Date: 2012-07-17Views: 87Downloads: 0
End users fail to automatically obtain IP addresses from the DHCP server through a firewall in transparent mode.
Sometimes, the firewall receives IP packets with unknown destination MAC addresses such as DHCP packets. Because the firewall does not know the destination MAC address, it does not know the egress. Therefore, the firewall probably discards these packets. You can run the unknown-mac flood command to rectify this problem. According to the configuration, the firewall processes such packets by using one of the following methods: discarding theses packets, broadcasting ARP request, or flooding these packets.
This case uses the USG5300 as an example.
To enable the USG5300 in transparent mode to broadcast multicast and broadcast packets with unknown MAC addresses, run the following commands:
[USG5300] firewall unknown-mac broadcast flood
[USG5300] firewall unknown-mac multicast flood