SD-WAN

 View Only
last person joined: 6 days ago 

Ask questions and share experiences with SD-WAN and Session Smart Router (formerly 128T).
Expand all | Collapse all

Looking for a guide or examples for setting up DHCP Relay in 128T routers

  • 1.  Looking for a guide or examples for setting up DHCP Relay in 128T routers

    Posted 01-25-2019 10:34
    Good morning,
    I've been setting up a Guest LAN to use for Guest WiFi. I have it setup at our HQ and it's working well. So far I've added a Network Interface(Guest-LAN) to the device interface connected to the LAN and assigned it to VLAN 7. I have VMs running DNS and DHCP servers also assigned to VLAN 7. These are all on a separate subnet(192.168.11.0/24) from our Corporate LAN. Finally I have a wireless network assigned to our access points with a new SSID that puts wireless clients on VLAN 7. All of this is configured and working at our HQ location, now I would like to start testing it out at our satellite locations. I'll be able to do the same VLAN 7 configuration for the Network interfaces and wireless network at those locations, but I would like to use DHCP Relay so that I can assign IPs to guests on other guest network subnets, from the DHCP server at the HQ location, rather than configuring a DHCP server for each Guest LAN subnet.

    I've seen some release notes mentioning 128T adding DHCP Relay functionality, but I have not seen any guides or configurations using it. I'd appreciate it if anyone would be able to share what their DHCP Relay configs look like.
    Thanks,

    ------------------------------
    Austin Stoffel
    Systems Administrator
    BARD Materials
    ------------------------------


  • 2.  RE: Looking for a guide or examples for setting up DHCP Relay in 128T routers

    Posted 01-25-2019 10:45
    Hey @Austin. I can tell you there is some DHCP information in the works. For now, @Evan Carson may be able to answer some of your questions.​​
    #DHCP
    ------------------------------
    Victoria Smiley
    Interchange Community Manager
    Burlington MA
    ------------------------------



  • 3.  RE: Looking for a guide or examples for setting up DHCP Relay in 128T routers

    Posted 01-25-2019 11:35
    Hi Austin,

    You are correct, DHCP relay is available on our recent software releases. If I understand your config correctly you have a subnet 192.168.11.0/24 on an interface on vlan 7 and would like to relay this to a DHCP server. If you are using a router managed by a conductor the following configuration steps should work.

    Start by configuring a special type of service for the DHCP relay setting the "application-type" to "dhcp-relay":
    config authority <authority> service <relay service name>
    enabled true
    application-type dhcp-relay
    access-policy <tenant>
    source <tenant>
    permission allow
    top​

    The "<relay service name>" can be a name of your choosing, otherwise substitute <authority> and <tenant> with your authority name and the name of the tenant associated with your relay network-interface (in your case this would be on VLAN7).

    The access-policy is used to indicate which tenants are eligible for the relay service. In terms of tenancy, DHCP is a little unusual because the initial client transactions are broadcast and the client has no IP address the tenant must be associated directly at the network-interface level. If you don't have the tenant already set on the interface you can set it like so:

    config authority <authority> router <router> node <node> device-interface <device interface name> network-interface <network interface name> tenant <tenant>

    Now the only thing remaining to do is create a service route with a nat-target to indicate the path to the DHCP server. This should be on the router that is the exit point to the DHCP server, ie: if you are using SVR to get from a branch to a data center router then the data center router would be the place to add the service-route. Configuration would look something like this:

    config authority <authority> router <router> service-route <service route name>
    service-name <relay service name>
    nat-target <dhcp server address>

    In the above case <service route name> is an arbitrary name you specify and <relay service name> is the service name you defined earlier. The nat-target points to the IP address of the DHCP server. If you have a redundant DHCP server on another IP address you can add a second service-route with a nat-target to that server.

    The above config steps should work with a router managed by a conductor which will generate all the intermediate configuration for SVR routing to work. If you have an unmanaged router it is still possible to do this manually but it is a little more complex, let me know if you don't have a conductor and I can write up some more steps for this case.

    The only other thing to note is that the DHCP relay packets being relayed will use the network-interface/address/ip-address of your interface as the gateway address (giaddr). The dhcp server will use this address in order to figure out which address-pool to assign addresses from. Not sure which server you are using but in the linux dhcpd application you might use a subnet designation like this in your dhcpd.conf:

    subnet 192.168.11.0 netmask 255.255.255.0 {
       // ... your dhcp config here
    }​

    Let me know if you have any questions or run into any issues getting this working.

    There's also another post earlier from Gene that discusses a similar setup that might be helpful too: https://community.128technology.com/communities/community-home/digestviewer/viewthread?GroupId=43&MID=125&CommunityKey=1cca2e49-ba26-471a-9522-f5ccd96c86fe&tab=digestviewer&ReturnUrl=%2fcommunities%2fcommunity-home%2fdigestviewer%3fcommunitykey%3d1cca2e49-ba26-471a-9522-f5ccd96c86fe%26tab%3ddigestviewer

    #DHCP #configuration

    Evan

    ------------------------------
    Evan Carson
    Software Engineer
    MA
    ------------------------------



  • 4.  RE: Looking for a guide or examples for setting up DHCP Relay in 128T routers

    Posted 02-01-2019 18:31
    Sorry I haven't replied, I'm finally getting around to trying this out.

    "If I understand your config correctly you have a subnet 192.168.11.0/24 on an interface on vlan 7 and would like to relay this to a DHCP server." Slight correction: The subnet 192.168.11.0/24 is the first Guest subnet that I've built, it is on an interface on VLAN 7, but this will be where the DHCP server for all of the guest networks will live, at 192.168.11.252. The first satellite guest network that I'll want to Relay DHCP to that server will be 192.168.22.0/24 and it will be setup the same way as the first, on a network interface on VLAN 7.

    I've run through the config, and I think I have everything setup properly. I'll have to reboot one of the routers over the weekend, for the VLAN to update on the guest lan interface. The only thing I'm unsure of at this point is the DHCP config, as I'm setting up ISC DHCP for the first time. I'll let you know how testing goes on Monday!

    Thanks for the in depth Tutorial Evan!

    ------------------------------
    Austin Stoffel
    Systems Administrator
    ------------------------------



  • 5.  RE: Looking for a guide or examples for setting up DHCP Relay in 128T routers

    Posted 02-13-2019 15:37
    @Evan Carson, I had some time the last couple mornings to go to the remote site that we are testing the DHCP Relay at first and test and troubleshoot. I haven't been able to get anywhere with the DHCP relay and DNS(hosted on the same subnet as the DHCP server). I'm able to set a static IP on that location's guest subnet, and if I set a public DNS server, I'm able to ping stuff externally. But I couldn't get an IP via DHCP nor get DNS through the DNS server I have setup for the guest networks.

    After rereading over your, and @Gene's DHCP Relay posts, I noticed that show fib was returning on of the public IPs for the Data Center router, and not a gateway. Which helped me realize that the Next hop for the service route may have been missed. I've just added the next hop to the service route I created on the Data Center router, but I'm not sure if that will update the auto generated routes or not. So far, I'm getting the same public IP address when doing a show fib and not the gateway address I'd expect to see.

    Thanks,
    Austin


    ------------------------------
    Austin Stoffel
    Systems Administrator
    ------------------------------