Got it
Huawei Enterprise Support Community
Community Forums Security
USG6650 DHCPv6 relay prob...

USG6650 DHCPv6 relay problem

Created: Jul 6, 2018 16:14:15Latest reply: Jul 6, 2018 16:54:12 886 1 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#
Hi,

We have 2 USG6650 in hot-standby configuration at the network center.
We implemented a central DHCPv6 server (Linux VM) for serving all networks an each building have a switch/router acting as a dhcpv6 relay device but the firewall are blocking the dhcp server responses before applying the accept rules.

Using the firewall packet capture tool we get:
....
        FORWARD
            Layer 3 dispatch--------PASS: New packet arrived. 1212869108  interface:Vlanif2100 zone:SRVINT_REDE VRF:public -> public UDP 2001:690:2260:B000:0:0:0:5:(547) -> 2001:690:2260:F013:0:0:0:2:(547)
            Layer 3 process--------DROP: Packet drop reason: DHCP packet error packets discarded
...
Is there any there any way of solving this?

Server: 2001:690:2260:B000:0:0:0:5
Relay device: 2001:690:2260:F013:0:0:0:2

Best regards
Fernando Reis
IPCB http://www.ipcb.pt

Like (0) Dislike (0) Favorite(0) Share Report
Previous: Customer feedback the url filter is not working correct
Next: How to deploy virtual system on USG6000
Featured Answers

Best answer

(0) (0)
Fernandoizsa
Created Jul 6, 2018 16:54:12

Hi, suggest capture capture more speficic using the next command "display firewall session table verbose source inside ip x.x.x. destination global ip x.x.x.x .... in order to see with which policy is doing match the DHCP packets, perhaps the ports number 67 & 68 UDP are being blocked. You can create a specific policy at top to open these ports with the action "permit" or on the other hand I suggest perform a debugging DHCP in order to see the DHCP Packets interaction.
View more
  • x
  • convention:
All Answers
(0) (0)
2#
Fernandoizsa
Fernandoizsa Created Jul 6, 2018 16:54:12

Hi, suggest capture capture more speficic using the next command "display firewall session table verbose source inside ip x.x.x. destination global ip x.x.x.x .... in order to see with which policy is doing match the DHCP packets, perhaps the ports number 67 & 68 UDP are being blocked. You can create a specific policy at top to open these ports with the action "permit" or on the other hand I suggest perform a debugging DHCP in order to see the DHCP Packets interaction.
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.