Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Subscribers 5 subscribers
  • Views 10339 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCP service offering DHCP packets on other interface...

sratson

I have a network setup with the main LAN on interface eth2 with a DHCP server on the network, and a separate wireless LAN on eth3 with the UTM offering DHCP for that interface. The only thing attached to that IF is a Wireless AP (Not sophos). For some reason, the UTM is offering DHCP addresses on the eth2 IF conflicting with the main LAN DHCP server. This causes issues since the traffic in the WLAN subnet is not allowed to talk to the LAN subnet in the firewall rules, which is working, but people that should be on LAN are not getting LAN IPs all the time.

Any ideas? Thanks.



This thread was automatically locked due to age.
  • 0
    [deleted]

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sratson

    If rebooting didn't fix this behavior, please show log lines where the UTM DHCP server provided an IP to a user on eth2.  Also, insert a picture of the DHCP configuration for eth3.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    My first hunch is you have a loop in your network somewhere that is bridging eth2 and eth3 together in the same layer 2 domain.  This could be a physical issue with cabling, or more commonly a VLAN/trunking issue.  I seriously doubt you will find the issue is with the UTM DHCP process, but there is always a possibility I guess.

  • 0

    You do have different subnets on both interfaces do you?

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

    The two interfaces have separate subnets. The only thing on the interface that has the DHCP server from the firewall being used is a wifi access point for public use. So, there can't be any network loops between the interfaces and the subnets are separate on each interface.

  • 0 in reply to sratson

    Is the wifi access point "requesting" the "wrong" ip-address for the guest connected to it?

    If this is the case I think you should configure your guest wifi as a VLAN and make sure this VLAN is also configured on UTM. That way your wireless clients will be logically divided from the DHCP server and shouldn't be able to get an address from this server.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0

    DHCP server log:

    2016:10:08-13:43:39 grrs dhcpd: DHCPDISCOVER from 31:32:33:34:35:36 (ROGUE) via eth3
    2016:10:08-13:43:40 grrs dhcpd: DHCPOFFER on 192.168.10.20 to 31:32:33:34:35:36 (ROGUE) via eth3
    2016:10:08-13:43:49 grrs dhcpd: DHCPDISCOVER from 31:32:33:34:35:36 (ROGUE) via eth3
    2016:10:08-13:43:49 grrs dhcpd: DHCPOFFER on 192.168.10.20 to 31:32:33:34:35:36 (ROGUE) via eth3
    2016:10:08-13:43:57 grrs dhcpd: DHCPDISCOVER from 31:32:33:34:35:36 (ROGUE) via eth3
    2016:10:08-13:43:57 grrs dhcpd: DHCPOFFER on 192.168.10.20 to 31:32:33:34:35:36 (ROGUE) via eth3
    2016:10:08-13:44:22 grrs dhcpd: DHCPDISCOVER from 31:32:33:34:35:36 (ROGUE) via eth3
    2016:10:08-13:44:22 grrs dhcpd: DHCPOFFER on 192.168.10.20 to 31:32:33:34:35:36 (ROGUE) via eth3
    2016:10:08-13:44:26 grrs dhcpd: DHCPINFORM from 150.147.159.117 via eth3: unknown subnet for client address 150.147.159.117
    2016:10:08-13:45:41 grrs dhcpd: DHCPINFORM from 150.147.159.117 via eth3: unknown subnet for client address 150.147.159.117
    2016:10:08-13:46:23 grrs dhcpd: DHCPINFORM from 150.147.159.103 via eth3: unknown subnet for client address 150.147.159.103

    Eth3 is the wifi interface

    P:\Utils>dhcploc -p 150.147.159.204
    13:44:22    OFFER (IP)150.147.159.63  (S)150.147.159.204 ***
    13:44:22    OFFER (IP)192.168.10.20   (S)192.168.10.1    ***

    run from a server on the eth2 interface

    192.168.10.1 is the eth3 gateway address on the UTM. 150.147.159.204 is the DHCP server on the eth2 subnet.

  • 0 in reply to apijnappels

    wifi guests connecting to that AP get the correct addresses.

  • +1 in reply to sratson

    You definitely have an Ethernet segmentation problem.  Maybe someone has plugged a wireless home router into your network?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML