ZD1100 - DHCP Relay doesn't give an IP

  • 1
  • Question
  • Updated 1 year ago
Hi everybody.

In my configuration i've a problem on a zone director 1100 with 12 AP - zf7372,

The setup is :

Vlans :

Vlan 20 - Corporate Vlan - DHCP server is in this Vlan
Vlan 590 - Guest Vlan
Vlan 600 - Mobile Phone Vlan
Vlan 700 - Management Vlan

All my VLANs are routed by a cluster of Barracuda NG Firewall.

For the network link of the ZD, the VLAN 20, 590, 600, 700 are tagged. The management interface of the ZD is tagged into the Vlan 700.

The AP are tagged into the Vlan 20, 590, 600, 700.

All this configuration is good.

The Vlan 20 - Corporate is Vlan authenticated by a server Radius into this Vlan.
The clients get their IP from the internal DHCP.

Into this DHCP, i've created some scope for the Guest Wlan and Mobile Phone Wlan.

On both of this Wlan the usage of a DHCP relay is enabled like this :

1) Create a DHCP relay with the IP from the Corporate DHCP server
2) On the Wlan enable the tunnel mode and select the DHCP relay in the select box.

When a client connects on the mobile Wlan for example, it doesn't get an IP address. If i configure manually the IP setting in the mobile phone for example, it has internet access.

In my firewall, the ports are open from the ZD in the management LAN to the DHCP server in the Corporate Lan on the DHCP Client Port - UDP 67.

Someone can help me please ?

Regards,
Photo of Nicolas Julien

Nicolas Julien

  • 2 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Marco Eichstetter

Marco Eichstetter

  • 148 Posts
  • 7 Reply Likes
Hi,

i guess your Barracuda is the Default Gateway of your DHCP Server. Right?
Did you see any DHCP Packets from ZD to your DHCP on your FW? If yes, are there also Packets vice versa?

Try to create a static IP Route on your DHCP Server and Route your VLANs 590 and 600 to your ZD. So your DHCP should return his DHCP Offer to your ZD.
Maybe you should also temporary create a Rule on your Barracuda to allow traffic with all Ports from ZD to DHCP and vice versa. If everything works you can change the Firewall Rule to allow only Port UDP 67.

Maybe it works.
In the past i always did DHCP Relaying on my Default Gateway. This is because i never ran into this issue by myself.

Kind Regards
Marco
Photo of Nicolas Julien

Nicolas Julien

  • 2 Posts
  • 0 Reply Likes
Hi Marco,

thank you for your answer. I will try ASAP to test with your suggestions.

I've forgotten to say that i've done another test.

I've put a DHCP server directly in the same VLAN (700 - Management) as the ZD to bypass the fact to pass through the firewall.

But the result is the same.

Regards,
Photo of Marco Eichstetter

Marco Eichstetter

  • 148 Posts
  • 7 Reply Likes
Hi,

unfotunatelly i don't know exaclty how DHCP Relay with ZD works.
Like i wrote i my Default Gatway (most of my Installations the L3 Core Switch) did this part. Maybe you should try this also.

On another Thread i found this:
"To make DHCP relay on ZD you must configure on ZD menu first. Login to your ruckus ZD, then choose menu configure-DHCP Relay then create new fill Name, fill Description, IP Addess DHCP-fill first IP Address DHCP server and second IP Address DHCP server. Then second you need to configure your ip dhcp helper on your switch L2/L3 to connected ZD and Access Point to mapping your DHCP server to your ZD, you also must check your routing that ZD must connected to your DHCP server, test by ping IP Address DHCP Server from ZD with tool ping. As my experience installation DHCP relay on ZD. I must add command at my switch L3 with ip dhcp helper ip address. After I add command ip dhcp helper then I test connect to AP Ruckus, my notebook client get IP Address from DHCP server."

Kind Regards
Marco
Photo of Marco Eichstetter

Marco Eichstetter

  • 148 Posts
  • 7 Reply Likes
Hi,

additional Info from ZD Help:
The traffic flow is as follows:
- Client sends DHCP discover broadcast.
- AP tunnels this DHCP discover frame to ZoneDirector.
- DHCP Relay Agent sends unicast DHCP discover packet to DHCP server.
- DHCP server sends DHCP offer to Relay Agent on ZoneDirector.
- ZoneDirector sends DHCP Offer back to the AP.
- AP sends this Offer to client.

So i think there is no need to create a DHCP Helper on your Switch/FW.

The big question (for me) is, how your DHCP Server should be able to know, from which Scope he should offer an IP. Maybe your ZD relay the DHCP Discover frame with his IP from your Management VLAN 700. Your DHCP gets the frame, looks "inside" and see the relaying IP from your ZD. Because your DHCP Server did not have a configured Scope for this Network (VLAN 700) he also can't offer an DHCP IP.

I don't know how else your DHCP should be able to know, from which Scope he should give you a DHCP IP.

Marco
Photo of Dominik Pyrka

Dominik Pyrka

  • 2 Posts
  • 0 Reply Likes
Hey Nicolas, have you managed to resolve the problem?
I am currently struggling with something like this myself.