DHCP relay for only one VLAN
-
We're in the process of retiring our old HP Procurve 5412zl. One of the functions of this beast was to act as a "dhcp-helper" and point the clients from one specific vlan to a Windows domain controller on our server vlan. We have 15 other vlans that all use pfsense for their DHCP server, and have no access to any of the client/server networks. We'd like to keep those vlans away from our client/server vlans. Can I set up a second virtual pfsense for only doing the DHCP relay for the client vlan? If so, what does that configuration look like?
Thanks,
Russ -
@russm said in DHCP relay for only one VLAN:
We have 15 other vlans that all use pfsense for their DHCP server, and have no access to any of the client/server networks. We'd like to keep those vlans away from our client/server vlans.
Why won't you allow only DHCP access and nothing else?
Can I set up a second virtual pfsense for only doing the DHCP relay for the client vlan?
Never tried that, but I think it should work, since the DHCP clients just broadcast the requests and then use the servers (relays) IP to communicate. This needs not to be the gateway.
So just give it a network interface with IPs in both subnets. -
@viragomann The security guys don't want non-client/server specific vlans accessing any part of the server vlan. I did find a ubuntu package that runs a dhcp agent that can re-point clients to the proper server. I'll be investigating that later today.
-
@russm
You would use the DHCP Relay function for that, you can enable "per inteface".
I use it to forward my Vlans to a Linux DHCP server.Note . DHCP Server & DHCP Relay are mutually exclusive.
So you'd need a "new pfsense instance" , as you mention ... Since you're already runníng DHCP server on your prod box.