VLAN DHCP Relay on GS1920

NielsNL
NielsNL Posts: 3
edited August 2022 in Switch
Hi there,

I am trying to configure a DHCP relay on a VLAN to give workstations an IP address from a DHCP server in a different network.

I have configured the relay and option82, but it seems the DHCP discover does not get to the server. However, the discover is visible in the VLAN1 network.

The agent82 information checks out good i.m.o. it shows the switch, port and VLAN.

Situation:


Trace in VLAN1:

Relay settings:
I am wondering why the Domain controller/DHCP server does not receive the Discover, a trace on the server stays empty.

Looking forward to any replies,

Kind regards.

All Replies

  • Zyxel_Jason
    Zyxel_Jason Posts: 394  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @NielsNL,

    Welcome to Zyxel Community!

    May I know where you captured the VLAN1 packets? Because you mentioned that you didn't see the packets on your DHCP server but still have VLAN1 capturing.

    To identify if the packet is forwarded correctly, hope you may capture the packet on ATP500 and GS1920(VLAN1).
    For ATP500, you should be able to see the packet on VLAN71 and VLAN1 interface.
    The capture steps are below:
    Access ATP500 via WebGUI and go to Maintenance > Diagnostics > Packet Capture > Capture.
    1. Choose VLAN71 and VLAN1 as Capture Interfaces.
    2. Fill in 67 as Host Port.
    3. Click Capture to start capturing.
    4. Client starts sending DHCP discovery.
    5. Click Stop to stop capturing.
    6. Go to Files tab to download the capture file.

    For GS1920(VLAN1), you should be able to see the DHCP packets on the ports which one is connecting to ATP500 and the other is connecting to DHCP server.
    The capture steps are below:
    You may need to prepare a PC that connects to GS1920(VLAN1)
    1. Access GS1920 via WebGUI and go to Advanced Application> Mirroring.
    2. Check Active and fill in the port number which connects to the PC in Monitor Port.
    3. Check the Mirror port which connects to ATP500 and configure Direction with Both.
    4. Click Apply to apply the setting.
    5. Run the Wireshark on the PC and start capturing.
    6. Repeat 3~5, but change to choose the port which connects to DHCP server as Mirror port. 


    Hope it helps.
    Jason
  • NielsNL
    NielsNL Posts: 3
    Hi Jason thanks for your reply,

    I have captured the packets on the ATP500, VLAN1 interface. I did not feel the need to mirror since the Packets were visible on the remote network, but it seems the ATP500 captures packets before they hit the firewall. Thanks alot for your advice.

    I have discovered the DHCP discovery is entering the ATP500 but then the packets hit the default rule and gets dropped. However, any other traffice seems to go through fine.

    For test purpose I have removed any SP restrictions and did some tests.





    I have this situation on a client's location also, but with differents ports. It baffled me a little since I cannot determine why the packets hit the default rule, other (same) devices, in the same network work fine. (but let's keep out attention on the DHCP issue)

    Looking forward to your reply,

    Kind regards, Niels
  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,026  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited June 2021

    Hi @ NielsNL

    We would like to check the packet on ATP500.

    Could you provide the packet capture on ATP500 vlan interface for us?


  • NielsNL
    NielsNL Posts: 3
    Hi Jerry,

    Thanks for your reply.

    It seems the DHCP discover is not tagged by the relay. I looked up alot of articles to figure out what settings I am missing. I have tried to configure Subnet based VLAN settings in the hope this would force any 192.168.71.x traffic into VLAN71, this did not work for me.

    Are there any settings that I am missing on the switch?

    Looking forward to your reply.

    Kind regards, Niels
  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,026  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @NielsNL,

    Please check if you have already added vlan interfaces in the zone LAN and Werplaats.

    As the screenshot you provided,

    If the screenshot is from the vlan interface it means the packet has tagged and forward to the vlan interface on the ATP500
    We need to check why the default rule would block the traffic, please provide us the packet capture file on the vlan interface and the remote access to the device.

    If the screenshot is from the wan interface, it mean the packet do not tag the vlan correctly,
    That might be some settings need to check on switch.