Model: SG210
Firmware Version: 9.351-3
Internal (main) subnet: 10.0.1.1/24
Proposed Phone Network subnet: 10.0.10.1/24
Windows Server 2012 DHCP address: 10.0.1.19
Subnets have been changed for the purposes of the explanation. [:)]
Currently we have our UTM configured to provide DHCP service on the internal subnet (via the Network Services->DHCP->Servers tab) and it is working fine. I would like to setup an additional interface using a different subnet that would utilize one of our Server 2012 boxes running a DHCP server instead of the UTM. Though I would like to still use the UTM for DHCP for the main subnet. (So using the UTM for one subnet, and the relay to forward the other subnet request to my windows server.)
The interface setup seems correct, but I am having an issue with a DHCPOFFER "unknown network segment" message when trying to obtain an client IP address according to the UTM DHCP server log.
Initial Interface Setup:
-New Interface under Interfaces & Routing->Interfaces->Interfaces tab (10.0.10.1/24)
-New Rule under Network Protection->Firewall->Rules tab that allows traffic from:
Phone Network (network) for any service to any network
-No masquerade rules were setup, since I don’t need this network to be able to go out through the external interface, and subsequently, the internet. (If I understand that concept correctly…)
I plug in a laptop, and manually assign it the following information:
IP: 10.0.10.97
Mask:255.255.255.0
GW:10.0.10.1
The laptop can ping, browse, and connect to resources found on the internal subnet, and conversely, resources can ping/connect to it on the phone subnet. This seems to indicate that I have connectivity between both interfaces setup successfully. Great!
UTM DHCP Setup:
Configured a DHCP relay via the Network Services->DHCP->Relay tab with my internal DHCP server host* and the Phone Network interface.
*The network definition (host) interface is set to << Any >> in the advanced section and the DHCP Settings section for IPv4 DHCP is set to “No DHCP Server.”
Windows Server DHCP Server Setup:
The server in on the internal subnet (10.0.1.19) and has a single scope setup for 10.0.10.120 through 10.0.10.125 with a subnet mask 255.255.255.0 (24).
Going back to my laptop, I remove the manually assigned IP information, set it to automatically obtain an IP and I start seeing this in my DHCP log on the UTM.
DHCPOFFER From [laptop MAC address] via 10.0.10.1 : unknown network segment.
Items of note:
-After I try to obtain the IP address , the statistics of the DHCP scope on the Windows server shows a single address 1 use, with 6 available, yet no actual address lease appears. This seems to indicate that the address was assigned and the notification was passed back out to the UTM, which promptly decided it didn’t know what to do, threw it away, and gave the error seen in the log.
-The firewall does not show anything with an IP of either the laptop or windows server, so it doesn’t look to be filtered there.
-The application control and intrusion prevention logs are both blank and don’t have any entries.
I am sorry for the long read… but I feel like I’m missing something simple. Does anyone have any thoughts?
This thread was automatically locked due to age.
