DHCP Relay with VMWare DHCP Server

Wanted to expand on my configuration but dont seem to be able to edit my original post, hence the reply. Anyway:

DHCP Server (VM)

  1 Virtual NIC (10.0.0.1)

  3 Scopes for each VLAN:

    VLAN1 = 10.0.0.0/255.255.240.0

    VLAN2 = 192.168.1.0/255.255.255.0

    VLAN3 = 192.168.2.0/255.255.255.0

L3 Switch

  Ports 1,2 connects to the Host that has the DHCP VM

  Port 48 connects to L2 Switch

L2 Switch

  Port 1 connects to Wireless AP

  Port 24 connects to L3 Switch

Wireles AP

  Connects to L2 Switch

  2 WLAN created with 1 on VLAN2 and the other on VLAN3

Assuming the above what needs to be done to enable a computer on the WLAN to get an IP from the DHCP server in the appropriate scope?

Hi SCGSGAog,

Welcome to the community! 🙂 

I have not yet encountered to set a DHCP Relay using a VMware DHCP server with the L3 switch.  However, let me share this article below and this might help as reference guide:

How do I configure a DHCP L3 relay using the web interface on my managed switch?

Also, here below are the forum links I have found online and these might help as well:

DHCP Relay Netgear managed switches (The GUI method)

Netgear GSM7224v2: Help with DHCP Relay!

Also, what specific model of NETGEAR L3/L2 switch/es are you using?  Kindly indicate the current firmware version of the switch/es.

Regards,

DaneA

NETGEAR Community Team

Hi,

Thank you.

I've seen those sites before and have based my configuration on them however in regards to the Netgear Howto, the physical configuration is of a physical (from what I can see) dhcp server that is directly connected to the switch (on port 4 with an IP of 10.100.1.1). Our dhcp server is not directly connected as its a virtual server, that being the case there are other virtual servers that will be connecting to the sames port on the L3 switch. Additionally as the APs are connected indirectly via other switches I'm not exactly sure how I would assign IPs to ports.

I have enabled DHCP Relay, DHCP L2 Relay, UDP Relay and I've even configured VLAN Routing (i.e. assigned an IP to VLAN2). After configuring VLAN Routing, I noticed that under DHCP Relay>DHCP Status>Requests Relayed showed that there were requests relayed (previously none) but laptop still not getting IP.

At the moment I think that potentially requests are being relayed from VLAN2 to VLAN1 (to the DHCP server) but I'm not sure if the reverse is working i.e. VLAN1 to VLAN2 (reply from DHCP server).

Currently the VLAN setup on the switches are as follows:

L3 Switch

  Port 1 & 2 = VLAN1 Untagged, VLAN2 Tagged, VLAN3 Tagged

  Port 48 = VLAN1 Untagged, VLAN2 Tagged, VLAN3 Tagged

L2 Switch

  Port 1 = VLAN1 Untagged, VLAN2 Tagged, VLAN3 Tagged

  Port 24 = VLAN1 Untagged, VLAN2 Tagged, VLAN3 Tagged

The switches we have are: GSM7352S and GS724TP.

Please note that if i statically assign the laptop with a 192 IP, I can ping a VM that is on VLAN2 and vice versa.

I managed to get the DHCP Relay to work by setting the default gateway of the dhcp server to the switch.

This seems to be working as long as VLAN Routing is configured. Is there anyway to control access to this i.e. once the client is issued an ip, if the gateway is the switch then the client seems to have unrestricted access to the dhcp server. Is there anyway for the client to be issued with an ip address but have no access to the other subnet/DHCP server?

Hi SCGSGAog,

I'm glad that you were able to get it working. 🙂  

With regard to your questions, I think you will need to create an access rule that allows the device to contact the server on port 67 for DHCP and then deny all after.  Hope it helps. 

Regards,

DaneA

NETGEAR Community Team

Would you happen to have any documentation/guide on this? In particular, how do you enter wildcards? eg if you wanted a subnet or any protocol or any port or any ip address etc.

Hi SCGSGAog,

Let me share these articles below as reference guides:

How do I set up an IP Access Control List (ACL) with two rules using the web interface on my managed...

How do I set up an IP Access Control List (ACL) with two rules using CLI commands on my managed swit...

Regards,

DaneA

NETGEAR Community Team

This isnt clear in regards to defining a subnet, dont know how to set it for any protocol or port (L4 that is).

Hi SCGSGAog,

Kindly refer to pages 531 to 544 of the ProSAFE Managed Switch web management user manual here for more details.  

Regards,

DaneA

NETGEAR Community Team

Thank you for the manual but again it doesnt tell me how to specify 'any' or 'all' parameter. I'll rephrase my question, How do restrict all traffic except DHCP? please provide examples.

Hi SCGSGAog,

As per the ProSAFE Managed Switch web management user manual, there is a note: 

Also, from the article(s) I have provided, it shows where to enter the Protocol Type and the Port Number:

For further assistance, you may open an online case with NETGEAR Support at anytime.  The NETGEAR Support expert may opt to schedule for remote session in order to assist you in setting up the parameters needed.  

Regards,

DaneA

NETGEAR Community Team

Yes I was aware of the implicit deny all, I was just thinking ahead where I might need to define something with any/all parameter beit subnet, protocol or port but nevermind I'll just log a case with support.