Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 10199 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG DHCP Server - Multiple Subnets (Not local interface subnets)

Colbey Elliott

Hi,

I've got a slightly complex network setup, but essentially 1 port on an XG is connected into a larger network which runs VRF's for various functions, ultimately we have a VRF on the remote end which has multiple VLANs that are connected with IP Helper's on each VLAN & subsequently routed back to us on the single port, however, we need to provide DHCP services for the 3x subnets.

Typically you would think, no problem, I'll setup a DHCP Server on the interface, with 3x scopes for the 3x different subnets.

However, when trying to do this, you get errors about not being able to because the subnets don't match the subnet that the interface is in.

Because we don't have the VLANs individually, and we can't use DHCP relay ourselves (as we don't have anything else to relay it too) how do we get around this in the land of Sophos XG?

Regards,

 

Colbey



This thread was automatically locked due to age.
  • 0

    Hi Colbey, 

    Could you share the Snaps of the error and the configuration of the DHCP along with Network diagram .

  • 0

    Just try adding DHCP scope, and not bind them to an interface. (In "network" - "DHCP" - Add under Server)

  • 0 in reply to Aditya Patel

    Hi,

    Here is the error we get, also this shows how I was trying to initially set it up:

    If I don't attach an interface, it also complains because then the gateway isn't in the same subnet as the leases (even as in this example if there was only 1 scope):

    Network Diagram wise, I don't have a redacted version currently, but essentially as I originally mentioned, there is a link from another network into Port3 (which has BGP enabled and working), it's a point-to-point network on that. the on the rest of the ports, Port1 is WAN, Port 2 is LAN. pretty simple setup really.

    Regards,

    Colbey

  • 0 in reply to sixteen again

    Hi,

    So it's let me do this, so long as I put the gateway address within the subnet of the DHCP server, ie.

    What I'd like to know now though, is where is this DHCP server listening, considering it's not assigned to a physical interface, and i cannot assign to a physical interface without it coming up with an error and ultimately not working.

    Essentially, i need to know where to point the IP Helper on the outside to, should it still be an interface, or do i need to create some kind of virtual interface (i tried Aliases, but i can't actually assign a DHCP server to an alias)

    Thanks,

    Colbey

  • 0 in reply to Colbey Elliott

    Hi Colbey ,

    You may need to consider the Subnets, Logically the DHCP would provide host address ,subnet, Gateway and DNS. The DNS is the only factor that does not require a Subnet. But the host address and the Gateway may need to be in the same Subnet. If you have multiple networks then you would need to create a DHCP server with the host address in that range. Remember the DHCP request is a Broadcast message, it does not target particular subnet.  The Subnet will be given randomly.