DHCP

TerryR

Hi

I have a T50, L2 switch - Old netgear, and unifiAP's.

4 V/LANS
1 wired (untagged)
3 Tagged (wifi zones)

I have the T50 configured for DHCP on each segment
switches have everything untagged, and the APs have the 3 tagged networks too

T50 has

• one interface for untagged
• one interface for vlans (the 3 tagged)
• DHCP on every segment

System works - Users on wired are good, users on the new APs are good 'MOST OF THE TIME'

HOWEVER
T50 is sending DHCP offers to the wireless clients for the WIRED NETWORK as well as the wireless zone - I dont understand how.
Never mixes the zones, but it mixes a single zone and the wired network.

How is this possible? How is the T50 sending two responses? Why is it sending 2 responses?

What do I need to do to prove that the config across multiple devices is good?
Regards
Terry

Bruce_Briggs

My best guess is that that there is a wired & VLAN common port someplace, most likely on the switch.

. you can turn on Diagnostic Logging for DHCP which may show something to help
In WSM Policy Manager: Setup -> Logging -> Diagnostic Log Level -> Networking -> DHCP Server
In the Web UI: System -> Diagnostic Log
Set the slider to Information or higher

. you can use TCP DUMP to do packet captures
- Firebox System Manager -> Diagnostic tasks
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/fsm/log_message_learn_more_wsm.html

• Web UI - System Status -> Diagnostic -> Network
• https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/system_status/stats_diagnostics_tasks_web.html

. you can plug a laptop into a problem switch port and do packet captures. You should see the MAC addr of the DHCP packets being sent by the firewall. If they are different for each subnet, then look at your VLAN port settings.

If you have a current LiveSecurity license, you can open a support incident and get help from a WG rep in resolving this.