cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1011
Views
0
Helpful
3
Replies

Why does AIR-CAP3702I keep releasing the DHCP lease every 5-7 seconds

AimeeP
Level 1
Level 1

We are trying to move our DHCP server from windows servers to our PA-820 firewalls. There is no issue for any devices getting DHCP addresses except the Cisco AIR-CAP3702I. It requires DHCP option 43 which I have configured with an IP, ASCII, and hex. No matter what option I select, the AP gets a DHCP address and within a few seconds releases it and requests a new one. I was unable to find any documentation on other people having this issue.
The AP has no trouble getting an IP from the DHCP server and connecting back to the controller, when I use the DHCP relay on the firewall to send the requests to the Windows server.

The other devices connecting to the firewall for DHCP that don't require option 43, but do require other options are not having any issues.
I have a ticket opened with Palo support, but since the device is getting and IP and is the same device that is releasing the IP to get a new one, they aren't being much help.

I don't currently have access to console connection on the AP, but should tomorrow, but if anyone has any ideas on what could be causing this I'd appreciate it.

3 Replies 3

Hi

 Option 43 is problematic as every vendor deploy differently. But, called my attention when you said "IP, ASCII, and hex". Usually is one or other.

In the Windows DHCP server, we use f1040a010101 and it works just fine. Because that configuration wasn't working in the firewall, I tried using different variations in an attempt to get it to work. I see the same behavior no matter how I configured it. So whether I used the option for IP, ASCII, or hex and their appropriate values in the firewall's DHCP options (at different times, not all configured at once), the AP will still get an IP and then release it 5-8 seconds later and request a new one. The lease is set for 8 days.

Rich R
VIP
VIP

Get a packet capture of the DHCP packets to/from the PA firewall and compare to the packet capture of DHCP from the Windows server - share here if you want us to look.  The PA might be sending additional parameters which the 3700 doesn't support.

Very important to get the complete console log from the AP to see what that shows.  If it's staying on the same IP can't you SSH into the AP to check the log?

Review Cisco Networking for a $25 gift card