Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 18 replies
  • Answers 3 answers
  • Subscribers 37 subscribers
  • Views 33889 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCP Relay Not working

PowerOverwhelming

Hi. I have a XG330 setup to do routing for my Guest network 172.16.100.0/24. I have a relay pointing to my DHCP server however my clients aren't getting any ip addresses. The firewall is plugged into a HP switch and its a trunk port. the vlans are tagged.  If i let the switch do the routing the clients get ip addresses but it doesnt look like the firewall relay is working.

the guest network is setup as a subinterface on the xg330. any ideas?

thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hi Ahmed,

    Welcome to Sophos Community.

    It is not possible to configure a DHCP relay agent on an interface alias. I think the sub interface on XG330 is an alias?

    Thanks

  • 0 in reply to sachingurung

    Hi. I'm not sure what you mean the subinterface is an alias on XG330. Please see screenshot below. I created a subinteface under Port1 (Port1.100) then i created a DHCP relay pointing using Port1.100 as the interface is this not the correct setup?

  • 0 in reply to PowerOverwhelming

    Hi Ahmed,

    If an Alias is configured on an Interface then Relay is not supported. Considering your setup, you have a virtual LAN configured on Port1, which can do relay. In the DHCP relay configuration, you will need to select the Interface where the DHCP will be leased. Is Port1.100 is your listening interface?

    Thanks

  • 0 in reply to sachingurung

    Correct. I have DHCP Relay setup on Port1.100 however the relay is not working. I have had my switch vendor verify all the tagging is done correctly but my clients are still unable to receive IP addresses. 

  • 0 in reply to sachingurung

    Hello, I'm experiencing the same malfunctioning. The logic would be that one only has to configure the interface on which to listen for dhcp requests.

    Saying that the interface has to point to the network where the ip ditributing dhcp server exists, is nonsense seen that we do specify its ip address.

    Also I find firewll violation messages. How can it be? Traffic to and from the device shold not be influenced by the firewall rules.

  • 0 in reply to ClerpremSpa

    Hi,

    I edited my previous response on this thread, please check that and refer the KB article, Sophos Firewall: How to configure firewall as a DHCP Relay. Next, you will need to add a static route to send out the DHCP offer from the directly connected interface as in a DHCP relay scenario there will be an IP address(DHCP server) to which the request packets will be sent.

    If that doesn't help, please show me picture of configurations and tcpdump logs for port 67, 68.

    Thanks

  • 0 in reply to sachingurung

    Hi,

     

    I've a cluster of XG330 with the latest relase (SFOS 17.0.6 MR-6) and last week I've faced the same issuse. The DHCP relay was not able to relay. What appened:

     

    we were running with a Guest interface and a DHCP relay configured as following:

    Guest
    Port4.12
    10.x.x.z, 10.x.x.y
    IPv4

    Up to this everithing were working correctly..

    Then we just add a new Interface named Device and we configured the related DHCP Relay as following:

    Device
    Port4.17
    10.x.x.z, 10.x.x.y
    IPv4

    At the same time that we add this new relay, Guest relay stop work.

     

    To solve the issue we had to delete both Relay entry and then confiure again the only the Guest entry. Now for the Device interface we have no Relay.

    Is it a software issue or two relay on same port (different vlan) are not allowed? Do you have any bug opened about?

     

    Thank you

  • 0 in reply to Ste

    Hello,

     

    i have directly the same problem with an SG230 (SFOS 17.5.4 MR-4).

    Ich have changed the Firmware from UTM to XG, because the UTM can only handle one DHCP-Relay Server as target. But i have 2 DHCP Servers and more than 5 VLANs which should get an IP from these Servers.

    So long how i use only one Vlan with DHCP-Relay - it works, but with more than one, the Systems get no IP from DHCP!

    I also have Vlans with more than one IP-Subnet - there i need the DHCP-Relay too and nothing works!

    With my older Switch, which has done the routing til now, it works without any problem.

    In my opinion it must be a bug. How can we solve the problem?

     

    Thanks.

    By the way, i think it was the last Sophos Firewall for me. :-(

  • 0 in reply to Daniel Büchner

    You should start to debug this on a tcpdump level. 

    https://community.sophos.com/products/community-chat/f/knowledge-base-article-suggestions/105811/how-to-tcpdump-on-xg

    Create two tcpdump file. One of Port 68/67 from the interface coming and going.

    Open this file in wireshark and check, which request is send by XG and verify, if there is a response. 

  • 0 in reply to Ste

    I have the same problem.. Whenever I turn off the XG and relay, I need to apply the ralay configuration of a VLAN at least to start working.

  • 0 in reply to sachingurung

    Hello,

    How would this static route be?

Reply Children
No Data