Hi all,
Looking for some clarification on how this works. I always thought that the interface vlan that the helper was set on would be the forwarding address of the packet.
for example -
interface vlan 1
ip address 192.168.0.1 255.255.255.0
ip helper 10.0.0.1
interface vlan 2
ip address 192.168.1.1 255.255.255.0
ip helper 10.0.0.1
if a DHCP broadcast is seen on vlan 1, the packet to the dhcp server will have a source address of 192.168.0.1 and if a dhcp broadcast is seen on vlan 2 the source address will be 192.168.1.1.
The reason I ask is we use Meraki MX's with 3 interface vlans assigned 10,20,30 vlan 30 is a restricted vlan that has firewall rules applied to it with a default deny at the end of these rules. This caused DHCP to stop working as meraki send all DHCP unicasts from the highest VLAN/IP to the DHCP server.
Is this bad practice, just plain wrong or working as intended on Meraki's behalf? It seems crazy to me as I now can't fully lock down that VLAN. Do other vendors deal with DHCP in the same way? I had a look in the RFC but couldn't see anything about it.
No comments:
Post a Comment