Hi all,

When configuring a traffic policy, we need to pay attention to permit DHCP packets. Please refer to the following case.

Problem Description

Topology: PC---L2SW---S5700---DHCP Server(10.xx.xx.18) 

A customer uses a DHCP server to assign IP addresses to the terminals. The S5700 functions as a DHCP relay agent but the terminals cannot obtain IP addresses.

Handling Procedure

1. Check key configurations. It is found that a traffic policy is configured on the device. The traffic policy is used to limit the IPs that can access the devices.

acl number 3002

 rule 5 permit ip destination 10.xx.xx.18 0 //dhcp server

 rule 10 permit ip destination 10.xx.xx.17 0

 rule 15 permit ip destination 10.xx.xx.80 0

 rule 20 permit ip destination 10.xx.xx.81 0

 rule 25 permit ip destination 10.xx.xx.82 0

 rule 30 permit ip destination 10.xx.xx.19 0

 rule 35 permit ip destination 10.xx.xx.55 0

 rule 40 permit ip destination 10.xx.xx.34 0

 rule 45 permit ip destination 10.xx.xx.57 0

 rule 50 deny ip

#

traffic classifier c2 operator and

 if-match acl 3002

#

traffic behavior b2

 permit

#

traffic policy p2 match-order config

 classifier c2 behavior b2

#

vlan 2073

 traffic-policy p2 inbound

#

interface Vlanif2073

 ip address 10.xx.xx.1 255.255.255.0

 dhcp select relay

 dhcp relay server-select HW

 dhcp server group HW

 dhcp-server 10.xx.xx.18 0

2. It is confirmed that the traffic policy denies DHCP packets.

Root Cause

The DHCP Discover and Request packets are broadcast packets with the source address 0.0.0.0. The packets enter VLAN2073 and match rule 50 of ACL 3002, and are discarded.

Solution:

Add ip 0.0.0.0 to the ACL rule.

  rule 47 permit ip source 0.0.0.0 0