Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
643 Views 4 Replies Latest reply: Mar 14, 2013 5:38 PM by grinder RSS
grinder Apprentice 102 posts since
Feb 8, 2013
Currently Being Moderated

Mar 13, 2013 7:28 PM

Please Help DHCP Question

Can anyone tell me how to accomplish the following.  Or if it is even possible?

 

I have a DHCP server on Interface 1.  It has an IP address of 192.168.10.100.  I have multiple scopes setup on this server.

 

I have the DHCP relay option setup on the MFE (v8.3.0) with the DHCP server address.

 

I have a dumb switch that has several devices hooked into it.  This switch is connected to Interface 7.  Interface 7 has a primary IP of 200.200.200.1 and two alias IP's of 210.210.210.1 and 220.220.220.1.  I want any DHCP request from any machine connected to the switch to be relayed to the DHCP server on Interface1.  But I want that request to come from the alias IP of 210.210.210.1 so that the machines are assigned addresses from the proper subnet.  How can I accomplish this?

 

I have got DHCP Relay working on other interfaces that have only one IP for the interface but cannot get it to work at all on interfaces that are assigned multiple IP's.

 

Please Help.

  • PhilM Champion 528 posts since
    Jan 7, 2010
    Currently Being Moderated
    1. Mar 14, 2013 3:21 AM (in response to grinder)
    Re: Please Help DHCP Question

    For a question of this nature you may be better off raising a service request with McAfee support so that they can deal with it directly.

     

    However, in the only and only instance where any of my customers have needed to configure DHCP relay on MFE it has always used the primary IP address and I can't personally see any way how this can be changed.

     

    If the switch being using was VLAN aware rather than being dumb I would have suggested that instead of using alias addresses on the Firewall you could create separate VLAN interfaces and because the traffic would be passing via a specific VLAN interface it would then use the IP address associated with it.

     

    -Phil.

  • packetmonkey Newcomer 22 posts since
    Mar 1, 2013
    Currently Being Moderated
    3. Mar 14, 2013 4:54 PM (in response to grinder)
    Re: Please Help DHCP Question

    Hello,

     

    I'd not hold out much hope for this to work...

     

    For DHCP to work there is a whole host of broadcasting going on and you appear to be using a single vlan - ie a single broadcast domain.

     

    Normally in DHCP relaying the relay server "hears" the broadcast plea from the client for an IP address on the wire then forwards this to the machine thats on a different broadcast domain from the client (but is contactable by the firewall hence the multiple interfaces).

     

    If you bind more than one IP address to the interface they are still all in the same broadcast domain. So how would the DHCP client know which scope it should be in an which alias should respond to it's pleas and forward to the DHCP server? Too many confusions to work reliably.

     

    Whilst it would be an interesting excercise to capture the data on the wire I really would not expect this to work and it's not what DHCP relaying is designed for.

     

    As PhilM says - if you have multiple vlans it might be possible to have the relay be "trunk" aware (I don't know if this is actually possible) but you would still need each access switch port (for the PC's) to be clearly set to a particular vlan for each end user device.

     

    Hope this helps somewhat and apologies if I've missunderstood what you are attempting.

     

    All the best.

     

    on 14/03/13 16:54:25 CDT

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points