I'm coming asking for help with configuring multiple DHCP scopes (vLANs) behind a RED that we want to operate in Standard/Split mode.
We have a 'branch office' and want to be able to take advantage of the local internet speeds for WWW resources rather than sending them through the RED to the central firewall.
Devices involved: SD-RED60
Sophos Firewall running: (SFOS 19.0.0 GA-Build317)
I have the RED configured as Standard/Split mode and for the sake of proof of concept I've only got one additional vLAN in the local site I want to provide DHCP for
The RED is configured with an ip address of 192.168.1.20/24 with DHCP enabled
I have a VLAN (50) configured with 192.168.50.20/24 and a DHCP scope setup attached to that vLAN.
Connected to the LAN interface of the RED is a managed switch operating with "vlan 1" untagged.
Connected to the switch is a client computer plugged into a different port.
If I leave the client port also in vlan 1 untagged. I'm able to get a DHCP address and all's "good" from the RED's default DHCP scope
If I put the client port in vlan 50 and assign it a DHCP helper address (on the switch) of 192.168.1.20 I see entries like mentioned here:
I have not figured out how to make the correct configuration for getting a DHCP address from VLAN 50.
I've tried to setup relays (enabling it on the DHCP scope), but I'm unsure of what to configure for the DHCP relay server.
If I try to assign the LAN interface on the Firewall it won't take it as a valid. I get the message "Interface IP address could not be configured as DHCP server IP"
This article seemed close, but it's between two Firewalls, not a RED device.
I had previously been able to get multiple DHCP scopes working for a location on the RED only by ensuring that the VLAN's I was trying to offer DHCP on were tagged as acceptable VLAN ID's for a trunked port. This forces the constraint of a Standard/Unified tunnel and routes all traffic back to the firewall which is undesirable for us.
This thread was automatically locked due to age.
