This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCP - Configuration - UTM for one subnet and Relay for another

Model: SG210
Firmware Version: 9.351-3
Internal (main) subnet:  10.0.1.1/24
Proposed Phone Network subnet: 10.0.10.1/24
Windows Server 2012 DHCP address: 10.0.1.19

Subnets have been changed for the purposes of the explanation.  [:)]

Currently we have our UTM configured to provide DHCP service on the internal subnet (via the Network Services->DHCP->Servers tab) and it is working fine.  I would like to setup an additional interface using a different subnet that would utilize one of our Server 2012 boxes running a DHCP server instead of the UTM.  Though I would like to still use the UTM for DHCP for the main subnet.  (So using the UTM for one subnet, and the relay to forward the other subnet request to my windows server.)

The interface setup seems correct, but I am having an issue with a DHCPOFFER "unknown network segment" message when trying to obtain an client IP address according to the UTM DHCP server log.

Initial Interface Setup:
-New Interface under Interfaces & Routing->Interfaces->Interfaces tab (10.0.10.1/24)
-New Rule under Network Protection->Firewall->Rules tab that allows traffic from:

Phone Network (network) for any service to any network

-No masquerade rules were setup, since I don’t need this network to be able to go out through the external interface, and subsequently, the internet.  (If I understand that concept correctly…)

I plug in a laptop, and manually assign it the following information:

IP: 10.0.10.97
Mask:255.255.255.0
GW:10.0.10.1

The laptop can ping, browse, and connect to resources found on the internal subnet, and conversely, resources can ping/connect to it on the phone subnet.  This seems to indicate that I have connectivity between both interfaces setup successfully.  Great!

UTM DHCP Setup:

Configured a DHCP relay via the Network Services->DHCP->Relay tab with my internal DHCP server host* and the Phone Network interface.

*The network definition (host) interface is set to << Any >> in the advanced section and the DHCP Settings section for IPv4 DHCP is set to “No DHCP Server.” 

 

Windows Server DHCP Server Setup:

The server in on the internal subnet (10.0.1.19) and has a single scope setup for 10.0.10.120 through 10.0.10.125 with a subnet mask 255.255.255.0 (24).

Going back to my laptop, I remove the manually assigned IP information, set it to automatically obtain an IP and I start seeing this in my DHCP log on the UTM.

 

DHCPOFFER From [laptop MAC address] via 10.0.10.1 : unknown network segment.

 

Items of note:

-After I try to obtain the IP address , the statistics of the DHCP scope on the Windows server shows a single address 1 use, with 6 available, yet no actual address lease appears.  This seems to indicate that the address was assigned and the notification was passed back out to the UTM, which promptly decided it didn’t know what to do, threw it away, and gave the error seen in the log.
-The firewall does not show anything with an IP of either the laptop or windows server, so it doesn’t look to be filtered there.
-The application control and intrusion prevention logs are both blank and don’t have any entries.

 

I am sorry for the long read… but I feel like I’m missing something simple.  Does anyone have any thoughts?



This thread was automatically locked due to age.
Parents
  • "UTM DHCP Setup:

    Configured a DHCP relay via the Network Services->DHCP->Relay tab with my internal DHCP server host* and the Phone Network interface." When using relay, under Interfaces, you have to put both the interface that the clients are behind AND the interface the DHCP server is behind.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • Scott,
    Thank you for the quick response, I am going to give this a shot first thing when I get into the office!

    Edit: After arriving in the office, I attempted to put the internal interface in the DHCP relay configuration and was met with a message that states "Interface Internal already has a DHCP Server configured.  Continuing will disable that DHCP server." So, it seems like I won't be able to use both methods of providing addresses, if I have the UTM DHCP server already providing addresses on the given interface my windows server is sitting on.

    If that is the case, and I wanted to transition off the UTM DHCP server completely with the least amount of interruption for my users would I do something like:
    -Create a scope to match the UTM range on my Windows server
    -Create static IP reservations for the devices
    -Add the Internal interface to the DHCP Relay configuration (and subsequently, disabling the DHCP service on the Internal interface in the UTM)
    -Remove the static IP reservations for the devices after a few days

  • I am going to mark Scott's response as the answer to my question as the relay configuration needs to include both the client and the server interfaces in order to relay correctly. But, it appears that my original idea to use both the UTM DHCP and the windows DHCP service in tandem will not work since I can't have the interface setup in both the relay and UTM service.
Reply
  • I am going to mark Scott's response as the answer to my question as the relay configuration needs to include both the client and the server interfaces in order to relay correctly. But, it appears that my original idea to use both the UTM DHCP and the windows DHCP service in tandem will not work since I can't have the interface setup in both the relay and UTM service.
Children
No Data