XG210, SFOS 19.5.2 MR-2-Build624
So, I have two VLANs, VLAN 70 - 192.168.70.0/28 and VLAN 100 - 10.0.0.0/24. DHCP server is on VLAN100, I want to relay DHCP requests from VLAN70 to VLAN100 for service. I have a relay set up like so:
| Name | ||
| IP version |
IPv4
|
|
| Interface | LAN70 - IoT - 192.168.70.1 | |
| DHCP server IP |
|
|
| Relay through IPsec | OFF |
The Sophos IP for VLAN 70 is 192.168.70.1, which is the gateway.
However, devices on VLAN70 are not getting DHCP via the XG relay, and I am seeing entries like this in the PCAP:
|
Time
|
In interface
|
Out interface
|
Ethernet type
|
Source IP
|
Destination IP
|
Packet type
|
Ports [src,dst]
|
NAT ID
|
Rule ID
|
Status
|
Reason
|
|---|---|---|---|---|---|---|---|---|---|---|---|
|
2023-05-23 18:16:45
|
Port8.70
|
IPv4
|
0.0.0.0
|
255.255.255.255
|
UDP
|
68,67
|
0
|
0
|
Violation
|
Local_ACL
|
|
|
2023-05-23 18:16:45
|
Port8.70
|
IPv4
|
0.0.0.0
|
255.255.255.255
|
UDP
|
68,67
|
0
|
0
|
Incoming
|
||
|
2023-05-23 18:16:45
|
Port8.70
|
IPv4
|
0.0.0.0
|
255.255.255.255
|
UDP
|
68,67
|
0
|
0
|
Violation
|
Local_ACL
|
|
|
2023-05-23 18:16:45
|
Port8.70
|
IPv4
|
0.0.0.0
|
255.255.255.255
|
UDP
|
68,67
|
0
|
0
|
Incoming
|
I saw nothing saying firewall rules needed to be created to allow internal traffic between the VLANs on the DHCP service, but I created some - just in case - but that hasn't made any difference.
Anyone have any insight here? I have seen some similar threads, but they all seem to be trying to do DHCP over VPN/RED and/or had a relay setup on the VLAN with the DHCP server, neither of which is true in my case. If I set a device to a static IP within the subnet, things work fine, it's just the DHCP relay that isn't working.
Thanks in advance.
Quote