Results 1 to 9 of 9
  1. #1
    Newbie
    Join Date
    Aug 2021
    Posts
    7

    Default Dhcp (dc) - vlans

    Okay, everyone, I can't seem to find much on this issue, and hoping everyone can help me understand what I'm missing on this. I am trying to use my Domain Controllers for DHCP on my VLANS but when I set up the advance rules it drops everything.

    Current Setup

    Cable Modem -> HP G7 (ESXi, VM running Untangle 16) -> Juniper ex2300 -> Ubiquti 6 Lite

    HP G7 has an interface with Trunk All
    Juniper has a Trunk All
    AP has the VLAN

    The issue I have is I would like my domain controllers to set the DHCP, if I connect the SSID with the correct vlan I can only connect if I manually sign an IP in the range.

    I have a domain controller setup with 10.10.0.22 and the VLAN is 10.20.0.1/24 - Untangle is on a 192.168.4.1/22

    I tried the following below but then I lose my wireless, do I need to do the following for all vlans, sorry DHCP is still confusing me.

    --dhcp-relay=10.20.0.1,10.10.10.0.22

    If screenshots help let me know.

    Thanks in advance

  2. #2
    Master Untangler
    Join Date
    Oct 2013
    Posts
    260

    Default

    With your issue, I believe that Untangle is out of the loop to be a part of the problem. Instead, you will need to figure out how to properly configure DHCP relay on your L-3 Juniper switch.

    I don't do Juniper but on Cisco gear, it's as simple as typing the command "ip helper-address <IP_Address_of_DHCP_Server>" on each VLAN you want DHCP served.

    As an example in my case:
    !
    interface Vlan20
    description Main
    ip address 192.168.20.254 255.255.255.0
    ip helper-address 192.168.10.2
    !
    interface Vlan30
    description Wireless
    ip address 192.168.30.254 255.255.255.0
    ip helper-address 192.168.10.2
    !
    and so on...

    "192.168.10.2" being my DHCP server.

    This is of course assuming that your DC/DHCP server is configured correctly with the necessary pools/subnets and they're all activated.
    Last edited by oj88; 09-03-2021 at 07:47 PM.

  3. #3
    Newbie
    Join Date
    Aug 2021
    Posts
    7

    Default

    Thank! I will check this setting, I had some issues with the vlan tagging I had to resolve to even get the traffic to pass, and then I ran into this. Attached is the scope I have setup for the example.

    DC DHCP.PNG

  4. #4
    Newbie
    Join Date
    Aug 2021
    Posts
    7

    Default

    So I have added the following changes but every time I add --dhcp-relay=10.20.0.1,10.10.10.0.22 this breaks all wireless. I have an older eero mesh for wifi I'm trying to migrate to the new Ubiquiti but can't do this until I can get the DHCP working. When I apply that it kills both sets of wireless.

    Do I need to set --dhcp-relay=10.20.0.1,10.10.10.0.22 for each and every vlan? What is the best way to set it with a backup DHCP server?

    I added the following to the switch.

    VLAN 10.20.0.1/24

    set interfaces vlan unit 20 family inet address 10.20.0.1/24
    set vlans KIDS20 l3-interface vlan.20

    Ubiquiti Port

    set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk
    set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members all
    set interfaces ge-0/0/0 unit 0 family ethernet-switching native-vlan-id default

  5. #5
    Newbie
    Join Date
    Aug 2021
    Posts
    7

    Default

    Quote Originally Posted by oj88 View Post
    With your issue, I believe that Untangle is out of the loop to be a part of the problem. Instead, you will need to figure out how to properly configure DHCP relay on your L-3 Juniper switch.

    I don't do Juniper but on Cisco gear, it's as simple as typing the command "ip helper-address <IP_Address_of_DHCP_Server>" on each VLAN you want DHCP served.

    As an example in my case:
    !
    interface Vlan20
    description Main
    ip address 192.168.20.254 255.255.255.0
    ip helper-address 192.168.10.2
    !
    interface Vlan30
    description Wireless
    ip address 192.168.30.254 255.255.255.0
    ip helper-address 192.168.10.2
    !
    and so on...

    "192.168.10.2" being my DHCP server.

    This is of course assuming that your DC/DHCP server is configured correctly with the necessary pools/subnets and they're all activated.
    I think Untangle would be my l3

  6. #6
    Master Untangler
    Join Date
    Oct 2013
    Posts
    260

    Default

    Quote Originally Posted by Aciidsneaker View Post
    I think Untangle would be my l3
    Well, in the context of inter-VLAN routing, you're using the switch to do that, correct? If so, that is the L-3 device of interest.

    Yes, Untungle is also an L-3 device, but not in the way that is relevant to your problem, AFAIK.

    I am confused with this statement:

    I have a domain controller setup with 10.10.0.22 and the VLAN is 10.20.0.1/24 - Untangle is on a 192.168.4.1/22
    and this command:
    Code:
    set --dhcp-relay=10.20.0.1,10.10.10.0.22
    Typically, DHCP relay commands should only include the IP address of the DHCP server. In this case, "10.10.0.22". What is "10.10.10.0.22"?

    This is what I found on Juniper: https://stage.juniper.net/documentat...hcp-relay.html
    Last edited by oj88; 09-04-2021 at 06:27 PM.

  7. #7
    Newbie
    Join Date
    Aug 2021
    Posts
    7

    Default

    Thanks for the update, I'll have to take a look at what you've sent.

    I've attached a visio of my current layout that I hope helps clear things up, everything comes in from my modem to my G7 Server and then is sent out to the switch which then goes out to my AP's. Sorry still learning about DHCP and getting my domain controller setup.

    Again thanks for your support as I still dig into this.

    visio.PNGinterfaces.PNG

  8. #8
    Master Untangler
    Join Date
    Oct 2013
    Posts
    260

    Default

    So, both Untangle and the switch are doing inter-VLAN routing?

    DHCP relay must be configured on the device that is doing the routing (within VLANs and internal networks). Only your Juniper switch supports DHCP relay. Untangle does not.

    Unless a better recommendation comes along, my advice is to have the switch manage the VLANs/internal networks that needs to get an IP address from your DHCP server and make the port going to Untangle a routed port, not a trunk (unless you have VLANs that you want Untangle to own and which does not need to be managed by your DC/DHCP server).
    Aciidsneaker likes this.

  9. #9
    Newbie
    Join Date
    Aug 2021
    Posts
    7

    Default

    Have this working now, thanks again for the help.

    The following seemed to resolve my issue, my domain controller also had an issue that required me to create a DHCP Admin account.

    dhcp-relay=10.20.0.1,10.10.0.22
    dhcp-relay=10.15.0.1,10.10.0.22
    dhcp-relay=10.25.0.1,10.10.0.22
    dhcp-relay=10.30.0.1,10.10.0.22

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2