We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

How to Configure the DHCP Relay Agent

  • Last updated on

The DHCP relay service allows to pass DHCP broadcast messages to network segments a client computer is not directly attached to. DHCP relaying can be used to share a single DHCP server across logical network segments that are separated by a firewall. The DHCP relay service does not handle IP addresses. It sends unicast messages instead of broadcast messages.

In this article:


Figure 1. DHCP relay agent between two LANs.

dhcp_lan.jpg

Before You Begin

If you are using both a DHCP and a DHCP Relay service on the same Barracuda NG Firewall, verify that both services are not using the same interface.

Configure the DHCP Relay Agent for IPv4

  1. Open the DHCP-Relay Settings page (Config > Full Config > Box > Virtual Servers > your virtual server > Assigned Services > DHCP-Relay).
  2. Click Lock.
  3. Select Enable Relay for IPv4.
  4. Enter the UDP Port the relay agent is listening on (default: 67).
  5. In the Relay Interfaces section, click + and add the network interfaces that are used by the DHCP relay agent to connect to the DHCP server and client networks. To specify an explicit interface (e.g., a virtual interface), enter its name in the Other field.

    If you must configure multiple relay agents in a cascaded environment, do not specify the server-side interface of the cascaded ('border') relay agent. For more information, read the following section.

  6. In the DHCP Server IPs field, enter the IP addresses of the DHCP servers.
  7. Enable Add Agent ID (AID) if you want the DHCP relay agent to add an Agent ID (AID) to the transmitted packets. An AID indicates that the data has been relayed.
  8. Enter the maximum DHCP Packet Size in bytes (default: 1400).
  9. From the AID Relay Policy list, select how your DHCP relay agent handles DHCP packets that are already flagged by an AID from another agent:

    • Append (default) - Attaches your AID to the existing AID.
    • Replace - Replaces the existing AID with your AID.
    • Forward - Passes DHCP packets without any modification.
    • Discard - Discards DHCP packets that are already flagged by an AID.
  10. From the Reply AID Mismatch Policy list, select how your DHCP relay agent handles DHCP server replies that do not contain its AID:
    • Discard - Default. Discards the DHCP packet.
    • Forward - Forwards the DHCP packet to the DHCP client.

      The Reply AID Mismatch Policy setting is important when multiple relay agents serve the DHCP server.

  11. Specify the maximum Packet Hop Count to avoid infinite packet loops (default: 10).
  12. Select Forward unicast packets if Bootstrap/BOOTP unicast messages should be forwarded by the DHCP relay.
  13. Click OK.
  14. Click Send Changes and Activate.

Configure the DHCP Relay Agent for IPv6

  1. Open the DHCP-Relay Settings page (Config > Full Config > Box > Virtual Servers > your virtual server > Assigned Services > DHCP-Relay).
  2. Click Lock.
  3. Select Enable Relay for IPv6
  4. Enter the UDP Port the relay agent is listening on (default: 547).
  5. Specify the maximum Packet Hop Count to avoid infinite packet loops (default: 10).
  6. Select Interface ID to force use of the DHCPv6 Interface-ID option. This option is automatically sent when there are two or more downstream interfaces in use, to disambiguate between them.
  7. In the Lower Network Interfaces list, specify the network interface and link address on which queries will be received from clients or other relay agents. If no link address is specified, the first non-link-local address is used.
  8. In the Upper Network Interfaces list, specify the network interface and destination unicast or multicast address to which queries will be forwarded. If no destination address is specified, requests are forwarded to the FF02::1:2 multicast address (All_DHCP_Relay_Agents_and_Servers)
  9. Click OK.
  10. Click Send Changes and Activate.

Cascading DHCP Relay Agents

Only use cascading DHCP relay agents if a client subnet is connected to the server-side DHCP relay agent.

The DHCP Relay Agent is not designed for cascaded use. If you must configure multiple relay agents in a cascaded environment, do not specify the server-side interface of the cascaded ("border") relay agent in the configuration or this will lead to conflicts. In Figure 2, two client subnets are connected to DHCP relay agents 1 and 2. When you configure the relay agents, the interfaces listening to broadcast requests from the clients (eth1 and eth4) must be specified as relay interfaces. The server-side interface of relay agent 2 (eth5), which is connected to the DHCP server, must NOT be specified.

Figure 2. Cascading DHCP relay agents with interfaces to be configured.

casc_dhcp.jpg

Last updated on