cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Dirk_Casomo
Nickel

I have a DHCP Server MS and I have created VLANs do i need to create policies for each VLAN so that DHCP will work on each VLAN?

my DHCP server is in 192.168.8.0 network, i also configure my switch for IP HELPER, my question is what policies i need to create in the firewall for the DHCP service applicable to all VLANs i have

7 Replies
Employee
Employee

Re: I have a DHCP Server MS and I have created VLANs do i need to create policies for each VLAN so that DHCP will work on each VLAN?

Since the GW is not the DHCP server you will need to configure DHCP Relay. Information on that can be found in sk104114. Please read all sections.

I noticed that you have an IP Address configured on both the physical interface eth1 and on the VLANs eth1.10 and eth1.20. According to sk88700 "it is mandatory to remove an IP address from a physical interface before creating any VLAN interfaces on that physical interface."

0 Kudos
Dirk_Casomo
Nickel

Re: I have a DHCP Server MS and I have created VLANs do i need to create policies for each VLAN so that DHCP will work on each VLAN?

thank you, say no more IP, what are those policies to be created?

0 Kudos
Admin
Admin

Re: I have a DHCP Server MS and I have created VLANs do i need to create policies for each VLAN so that DHCP will work on each VLAN?

The policies are described in the SK that Kyle linked to.

0 Kudos

Re: I have a DHCP Server MS and I have created VLANs do i need to create policies for each VLAN so that DHCP will work on each VLAN?

Hi Dirk,

As you are using IP-Helper on the SWITCH and not on the gateway, all you need to take care of in the rulebase is DHCP-Relay from switch to the DHCP server. This traffic will be sent by the switch on it's management interface to the DHCP server, so that is where you will need to see for the need of any rules.

If this is not passing through the Firewall, when the switch and DHCP server are in the same network, there is no need for any rules.

The SK is referring to the Firewall being the DHCP Relay server.

Regards, Maarten.

Regards, Maarten
0 Kudos

Re: I have a DHCP Server MS and I have created VLANs do i need to create policies for each VLAN so that DHCP will work on each VLAN?

Make sure to allow the DHCP relay trffic from switch to DHCP server but alos the return traffic needs to be allowed separately.

Regards, Maarten
0 Kudos

Re: I have a DHCP Server MS and I have created VLANs do i need to create policies for each VLAN so that DHCP will work on each VLAN?

Not to hi-jack this thread, but I had some similar questions about DHCP IP-Helper, but as it pertained to VSX. Some of these steps outline procedures in the WebUI. Does anyone know how this is configured in CLISH VSX?

Re: I have a DHCP Server MS and I have created VLANs do i need to create policies for each VLAN so that DHCP will work on each VLAN?

for ip/helper or dhcp relay, first make sure to work on the correct VS and then use the following commands±

set bootp interface eth2 on
set bootp interface eth2 relay-to <IP-DHCP-server> on
set bootp interface eth2 primary <Gateway-IP-eth2> wait-time default on
set bootp interface eth2 maxhopcount default

When you have more than 1 DHCP server just add another line with relay-to and the second IP

Regards, Maarten