Quick Links

Have you ever faced the problem where you only want to have one DHCP server on the network for central management of your scopes, but you have multiple Vlans? HTG explains how to use a DHCP relay agent.

Overview

The DHCP protocol was created so that clients could obtain their IP address automatically and without human intervention (yes that used to be an actual part of IT-ing, back in the day). The way this works is that when a client connects to the network, it sends out a "broadcast" packet asking to find the DHCP server. That used to be "ok" until Vlans came along. Vlans create boundaries  and segment your physical network into several virtually isolated ones (hence the name V-LAN). One of the downsides to Vlans is that now the DHCP server and the clients can't directly communicate, because "brodcast" packets cannot "jump" networks. So, how do you avoid having a DHCP server per-Vlan, and deliver the DHCP requests from the clients in a Vlan, back to the central server?

DHCP relays were invented to over come this exact problem by essentially "routing" or "proxy-ing" the client's requests. The requests are broadcasted by the clients on their local network, the relay-agent catches them and forwards them to the DHCP server using unicast. The returned DHCP answer gets to the relay agent using unicast as well, and the relay agent sends the answer on the client's network.

DHCP relays can come in many shapes and forms: there is the Microsoft's "relay-agent", Cisco's "IP helper" and Juniper's "helpers bootp" to mention a few. They all do the same thing, and in this guide we will go over how to configure it on a JunOS device.

Image by Thomas Thomas

The GUI way

It is my firm belief, that there shouldn't be a need to go under the hood for simple configurations such as this, so I've worked with Juniper's support to find the GUI way to this configuration.

You will need to have:

  • From the layer3 switch, the "l3-interface" notation for the Vlan you want to enable the forwarding for.
  • The IP of the DHCP server that will serve the requests.

Obtain the Vlan-ID

To obtain the "interface" notation of the Vlan, open the device's WebGUI, and go to "Configure".

Under "Switching", click on "VLAN" and select the Vlan you need from the list.

RVI1

In the details pane, the value of "Multilayer switching(RVI)" is the required "interface" name. Make a note of the value.

Configure forwarding

In the device's WebGUI, go to "Configure" -> "CLI Tools" -> "Point and Click CLI".

Click on "Forwarding options" -> "Configure".

Note: If you already have a configuration in any of the below categories, you will have an "Edit" button instead.

DHCP-relay1

Click on "Helpers" -> "Configure".

DHCP-relay2

Click on "Bootp" -> "Configure".

DHCP-relay3

Click on "Server" -> "Add new entry".

DHCP-relay4

Put in the IP of the DHCP server and click OK.

DHCP-relay5a

Click on "Interface" -> "Add new entry".

DHCP-relay5b

Enter the name of the "interface" or "Multilayer switching(RVI)" value of the Vlan you want to forward for as noted from the segment above.

DHCP-relay5c

When you're done, your configuration should look something like the below picture.

DHCP-relay5

Commit your changes.

The CLI way

As stated above, I am not a fan of the CLI way. With that said, you may not have a choice in the matter, or you may need this procedure to be scriptable. What ever the case may be, the documentation explains that these two lines do the trick (assuming you have everything else set up):

        set forwarding-options helpers bootp server 192.168.190.7
set forwarding-options helpers bootp interface vlan.2

Where the above IP and Vlan name should be changed to reflect your setup.

On the DHCP server's side

I've done this configuration numerous times and have always connected back to Microsoft's DHCP server. At least in Microsoft's implementation  there is no need for any additional configuration on the server's side, other than to create the appropriate scope. That is, you need to have a scope that corresponds with the Vlan interface the request is coming from. In our example, the L3 switch's IP was 192.168.191.254 with a netmask of 255.255.255.0 (class C). The DHCP configuration to handle the relayed scope/s of our example looks like:

DHCP-relay6-lp-aviadr

That is it. You should be all set.


-I've just figured out where this part can do the most... -damage??