Solved: dhcp helper across pubic from private addresses

ppalmerjr · ‎05-24-2019

Public DHCP server

|

Router (vlan 10 to outside - public ip space

vlan 20 to inside - private ip space)

|

clients on vlan 20 need to reach public DHCP server

____________________________

I'm aware you can put in an IP helper on VLAN 10 and then clients on this subnet will have no problems getting address.

Lets say you have a scenario where there are clients on VLAN 20 (internal IPs) need to reach the same DHCP server sitting in public space? If I put a helper on VLAN 20 then the source IP of the DHCP request will be VLANs 20 and the DHCP server will not be able to route back the request. Is there anyway to change the source address that the IP Helper uses? Maybe I could trick it and have VLAN 10's IP put in as the source so that DHCP response will make it back to me?

I was thinking there was some sort of trick I could do with a secondary address??

Thoughts?

Thanks!!!

Giuseppe Larosa · ‎05-24-2019

Hello,

the DHCP relay agent sets an internal field the gia address to give the DHCP server a hook to what DHCP scope to use.

The DHCP server does not use the source address of the DHCP relayed packet to choice the DHCP pool to pick the address for the answer.

This can allow DHCP relay to work over a NAT router if the NAT does not change the internal field.

Edit:

It looks like that the DHCP server tries to answer to the internal field address and with NAT in the middle the DHCP answer fails to be routed as you have noted.

see

https://www.tek-tips.com/viewthread.cfm?qid=1475203

At this point I would suggest to enable DHCP server on the router itself for the users in internal Vlan 10 as a workaround.

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎05-24-2019