This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Inter-VLAN/Subnet DHCP Relay not working, getting Violation / Local_ACL

XG210, SFOS 19.5.2 MR-2-Build624

So, I have two VLANs, VLAN 70 - 192.168.70.0/28 and VLAN 100 - 10.0.0.0/24. DHCP server is on VLAN100, I want to relay DHCP requests from VLAN70 to VLAN100 for service. I have a relay set up like so:

Name
IP version
IPv4
Interface LAN70 - IoT - 192.168.70.1
DHCP server IP
    • 10.0.0.110
    • 10.0.0.111
Relay through IPsec  OFF


The Sophos IP for VLAN 70 is 192.168.70.1, which is the gateway.

However, devices on VLAN70 are not getting DHCP via the XG relay, and I am seeing entries like this in the PCAP:

Time
In interface
Out interface
Ethernet type
Source IP
Destination IP
Packet type
Ports [src,dst]
NAT ID
Rule ID
Status
Reason
2023-05-23 18:16:45
Port8.70
IPv4
0.0.0.0
255.255.255.255
UDP
68,67
0
0
Violation
Local_ACL
2023-05-23 18:16:45
Port8.70
IPv4
0.0.0.0
255.255.255.255
UDP
68,67
0
0
Incoming
2023-05-23 18:16:45
Port8.70
IPv4
0.0.0.0
255.255.255.255
UDP
68,67
0
0
Violation
Local_ACL
2023-05-23 18:16:45
Port8.70
IPv4
0.0.0.0
255.255.255.255
UDP
68,67
0
0
Incoming


I saw nothing saying firewall rules needed to be created to allow internal traffic between the VLANs on the DHCP service, but I created some - just in case - but that hasn't made any difference.

Anyone have any insight here? I have seen some similar threads, but they all seem to be trying to do DHCP over VPN/RED and/or had a relay setup on the VLAN with the DHCP server, neither of which is true in my case. If I set a device to a static IP within the subnet, things work fine, it's just the DHCP relay that isn't working.

Thanks in advance.



This thread was automatically locked due to age.
Parents Reply Children