Product and Software: This article applies to all Aruba controllers and ArubaOS versions.
In current networks, it is almost impossible to have DHCP server on every subnet. If no local DHCP server is present, a DHCP relay agent is required. The relay agent converts the broadcast DHCP request (which is not supposed to leave the local subnet) to a unicast request packet and forwards it to the DHCP server.
When the DHCP server receives the DHCP request, the server checks the 'giaddr' field in the DHCP discovery packet to decide which scope to assign the IP address from. (The server does not have to do this per RFC, but this is generally how the server works). After an IP address is picked, the server sends a DHCP offer packet with a destination IP address that equals the 'giaddr' field.
This process causes two issues:
- When an Aruba controller is the relay agent, the controller sends the DHCP discovery packet to the server and the source IP is set with the outgoing interface IP of the controller. This setting should work if no firewall is along the path. However, a firewall might cause problem because the DHCP offer destination IP is the 'giaddr' field, which is most likely different than the outgoing interface IP of the controller. If the firewall is not smart enough to dynamically open the connection, create a policy on the firewall to explicitly allow DHCP packets to pass from the server to the controller.
- The user subnet should be routable. Otherwise, the DHCP offer might never reach the controller, because the offer is sent to the 'giaddr', which is in the same subnet of the user.