Have you ever faced the problem where you only want to have one DHCP server on the network for central management of your scopes, but you have multiple Vlans? HTG explains how to use a DHCP relay agent.
The DHCP protocol was created so that clients could obtain their IP address automatically and without human intervention (yes that used to be an actual part of IT-ing, back in the day). The way this works is that when a client connects to the network, it sends out a “broadcast” packet asking to find the DHCP server. That used to be “ok” until Vlans came along. Vlans create boundaries and segment your physical network into several virtually isolated ones (hence the name V-LAN). One of the downsides to Vlans is that now the DHCP server and the clients can’t directly communicate, because “brodcast” packets cannot “jump” networks. So, how do you avoid having a DHCP server per-Vlan, and deliver the DHCP requests from the clients in a Vlan, back to the central server?
DHCP relays were invented to over come this exact problem by essentially “routing” or “proxy-ing” the client’s requests. The requests are broadcasted by the clients on their local network, the relay-agent catches them and forwards them to the DHCP server using unicast. The returned DHCP answer gets to the relay agent using unicast as well, and the relay agent sends the answer on the client’s network.
DHCP relays can come in many shapes and forms: there is the Microsoft’s “relay-agent”, Cisco’s “IP helper” and Juniper’s “helpers bootp” to mention a few. They all do the same thing, and in this guide we will go over how to configure it on a JunOS device.
Image by Thomas Thomas
The GUI way
It is my firm belief, that there shouldn’t be a need to go under the hood for simple configurations such as this, so I’ve worked with Juniper’s support to find the GUI way to this configuration.
You will need to have:
- From the layer3 switch, the “l3-interface” notation for the Vlan you want to enable the forwarding for.
- The IP of the DHCP server that will serve the requests.
Obtain the Vlan-ID
To obtain the “interface” notation of the Vlan, open the device’s WebGUI, and go to “Configure”.
Under “Switching”, click on “VLAN” and select the Vlan you need from the list.
In the details pane, the value of “Multilayer switching(RVI)” is the required “interface” name. Make a note of the value.
In the device’s WebGUI, go to “Configure” -> “CLI Tools” -> “Point and Click CLI”.
Click on “Forwarding options” -> “Configure”.
Note: If you already have a configuration in any of the below categories, you will have an “Edit” button instead.
Click on “Helpers” -> “Configure”.
Click on “Bootp” -> “Configure”.
Click on “Server” -> “Add new entry”.
Put in the IP of the DHCP server and click OK.
Click on “Interface” -> “Add new entry”.
Enter the name of the “interface” or “Multilayer switching(RVI)” value of the Vlan you want to forward for as noted from the segment above.
When you’re done, your configuration should look something like the below picture.
Commit your changes.
The CLI way
As stated above, I am not a fan of the CLI way. With that said, you may not have a choice in the matter, or you may need this procedure to be scriptable. What ever the case may be, the documentation explains that these two lines do the trick (assuming you have everything else set up):
set forwarding-options helpers bootp server 192.168.190.7
set forwarding-options helpers bootp interface vlan.2
Where the above IP and Vlan name should be changed to reflect your setup.
On the DHCP server’s side
I’ve done this configuration numerous times and have always connected back to Microsoft’s DHCP server. At least in Microsoft’s implementation there is no need for any additional configuration on the server’s side, other than to create the appropriate scope. That is, you need to have a scope that corresponds with the Vlan interface the request is coming from. In our example, the L3 switch’s IP was 192.168.191.254 with a netmask of 255.255.255.0 (class C). The DHCP configuration to handle the relayed scope/s of our example looks like:
That is it. You should be all set.