Platform: ESXi 6.5
Security config on hypervisor:
- Promiscuous mode Accept
- MAC address changes Accept
- Forged transmits Accept
I'm doing some ZTP testing at the moment with Arista vEOS images (was working before) but it seems that the pnet2 interface is consuming/dropping the DHCP responses.
Looking at the setup:
Code: Select all
brctl show
bridge name bridge id STP enabled interfaces
pnet2 8000.000c2976c6ca no eth2
vunl0_1_0
vunl0_2_1
vunl0_3_0
vunl0_4_0
Code: Select all
tcpdump -i vunl0_2_1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vunl0_2_1, link-type EN10MB (Ethernet), capture size 262144 bytes
11:05:32.267298 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 50:00:00:cb:38:c2 (oui Unknown), length 300
11:05:32.267602 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 50:00:00:cb:38:c2 (oui Unknown), length 300
11:05:34.265517 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 50:00:00:01:00:00 (oui Unknown), length 300
11:05:34.265784 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 50:00:00:01:00:00 (oui Unknown), length 300
Code: Select all
tcpdump -i pnet2 port bootps -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pnet2, link-type EN10MB (Ethernet), capture size 262144 bytes
11:07:32.903789 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 50:00:00:cb:38:c2, length 300
11:07:32.904151 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 50:00:00:cb:38:c2, length 300
11:07:32.944639 IP 172.168.1.3.67 > 172.168.1.243.68: BOOTP/DHCP, Reply, length 308
11:07:32.944679 IP 172.168.1.3.67 > 172.168.1.243.68: BOOTP/DHCP, Reply, length 308
11:07:32.944695 IP 172.168.1.3.67 > 172.168.1.243.68: BOOTP/DHCP, Reply, length 308
11:07:32.944817 IP 172.168.1.3.67 > 172.168.1.243.68: BOOTP/DHCP, Reply, length 308
11:07:34.499852 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 50:00:00:01:00:00, length 300
11:07:34.500099 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 50:00:00:01:00:00, length 300
11:07:34.500326 IP 172.168.1.3.67 > 172.168.1.240.68: BOOTP/DHCP, Reply, length 308
11:07:34.500409 IP 172.168.1.3.67 > 172.168.1.240.68: BOOTP/DHCP, Reply, length 308
11:07:34.500434 IP 172.168.1.3.67 > 172.168.1.240.68: BOOTP/DHCP, Reply, length 308
11:07:34.500508 IP 172.168.1.3.67 > 172.168.1.240.68: BOOTP/DHCP, Reply, length 308
I never see the DHCP responses on the vunl interfaces, just the request, and response looks to be correct.
Code: Select all
11:08:03.136964 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 50:00:00:cb:38:c2, length 300, xid 0x9812090b, Flags [none] (0x0000)
Client-Ethernet-Address 50:00:00:cb:38:c2
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Parameter-Request Option 55, length 11:
MTU, Subnet-Mask, BR, Default-Gateway
Domain-Name, Domain-Name-Server, LOG, Hostname
TFTP, BF, Classless-Static-Route
Vendor-Class Option 60, length 11: "Arista;vEOS"
Client-ID Option 61, length 6: hardware-type 80, 00:00:cb:38:c2
END Option 255, length 0
PAD Option 0, length 0, occurs 22
11:08:03.137312 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 336)
172.168.1.3.67 > 172.168.1.243.68: [udp sum ok] BOOTP/DHCP, Reply, length 308, xid 0x9812090b, Flags [none] (0x0000)
Your-IP 172.168.1.243
Client-Ethernet-Address 50:00:00:cb:38:c2
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Offer
Server-ID Option 54, length 4: 172.168.1.3
Lease-Time Option 51, length 4: 43200
Subnet-Mask Option 1, length 4: 255.255.255.0
BR Option 28, length 4: 172.168.1.255
Default-Gateway Option 3, length 4: 172.168.1.1
BF Option 67, length 32: "http://172.168.1.3/ztp/bootstrap"
END Option 255, length 0
Any thoughts?
Thanks!