Can anyone tell me how to accomplish the following. Or if it is even possible?
I have a DHCP server on Interface 1. It has an IP address of 192.168.10.100. I have multiple scopes setup on this server.
I have the DHCP relay option setup on the MFE (v8.3.0) with the DHCP server address.
I have a dumb switch that has several devices hooked into it. This switch is connected to Interface 7. Interface 7 has a primary IP of 220.127.116.11 and two alias IP's of 18.104.22.168 and 22.214.171.124. I want any DHCP request from any machine connected to the switch to be relayed to the DHCP server on Interface1. But I want that request to come from the alias IP of 126.96.36.199 so that the machines are assigned addresses from the proper subnet. How can I accomplish this?
I have got DHCP Relay working on other interfaces that have only one IP for the interface but cannot get it to work at all on interfaces that are assigned multiple IP's.
For a question of this nature you may be better off raising a service request with McAfee support so that they can deal with it directly.
However, in the only and only instance where any of my customers have needed to configure DHCP relay on MFE it has always used the primary IP address and I can't personally see any way how this can be changed.
If the switch being using was VLAN aware rather than being dumb I would have suggested that instead of using alias addresses on the Firewall you could create separate VLAN interfaces and because the traffic would be passing via a specific VLAN interface it would then use the IP address associated with it.
I'd not hold out much hope for this to work...
For DHCP to work there is a whole host of broadcasting going on and you appear to be using a single vlan - ie a single broadcast domain.
Normally in DHCP relaying the relay server "hears" the broadcast plea from the client for an IP address on the wire then forwards this to the machine thats on a different broadcast domain from the client (but is contactable by the firewall hence the multiple interfaces).
If you bind more than one IP address to the interface they are still all in the same broadcast domain. So how would the DHCP client know which scope it should be in an which alias should respond to it's pleas and forward to the DHCP server? Too many confusions to work reliably.
Whilst it would be an interesting excercise to capture the data on the wire I really would not expect this to work and it's not what DHCP relaying is designed for.
As PhilM says - if you have multiple vlans it might be possible to have the relay be "trunk" aware (I don't know if this is actually possible) but you would still need each access switch port (for the PC's) to be clearly set to a particular vlan for each end user device.
Hope this helps somewhat and apologies if I've missunderstood what you are attempting.
All the best.
on 14/03/13 16:54:25 CDT
I created a service request. The first response was that it might be able to be done using the NAT field in a rule. I have tried both that and redirect without success. It was worth a shot. I almost have the boss convinced to get some VLAN capable switches . Any recommendations on good ones for a reasonable price? I know I can't swing Cisco lol.