Unable to get IP from DHCP using NSX segment
Article ID: 406485
Updated On:
Products
VMware vDefend Firewall with Advanced Threat Prevention
VMware vDefend Firewall
VMware NSX
Issue/Introduction
You are unable to obtain an IP from DHCP while your VM is connect to an NSX Segment. Once you move the VM to a Distributed Portgroup, DHCP works.
Example from a Windows Client VM:
"An error occurred while renewing interface <Interface ID>: unable to contact your DHCP server. Request has timed out"
Environment
VMware NSX
Cause
Either the segment profile or the Distributed Firewall (DFW) are blocking the DHCP traffic.
Resolution
- Ensure you have configured the segment security profile to allow DHCP server traffic.
- The default segment security profile blocks DHCP server traffic. See http://knowledge.broadcom.com/external/article?articleNumber=371005
- Ensure your DFW rules are configured to allow DHCP traffic.
- A DHCP request is sent using a source IP of 0.0.0.0, so the source group in your rule needs to be set to ANY, or include 0.0.0.0.
- A DHCP request is sent using a source IP of 0.0.0.0, so the source group in your rule needs to be set to ANY, or include 0.0.0.0.
Feedback
Yes
No
Powered by
