This article explains a new DHCP allocation mode introduced in IAP OS version 6.2.1.0-3.3.0.0 called “Local, L3 mode". It also explains the configuration of Local, L3 mode on the IAP WebU and CLII.
When the DHCP allocation method is configured to use Local, L3 mode, the Virtual Controller (VC) acts as the DHCP server and the gateway for the clients. The client traffic is routed by the gateway (VC) rather than src-natted or tunneled. As a result, the client traffic intended for the corporate network would not go through any IPSec tunnel.
This kind of deployment is required when client’s IP needs to be exposed to uplink network.
Traffic Flow from Client to Server
- Client sends a packet to its default gateway (VC).
- VC routes the packet and sends it to the upstream router.
- Upstream Router routes the packet again to reach the destination.
Traffic Flow from Server to Client
- Server sends a packet back to the upstream router.
- Router has a return route to reach the client subnet through IAP (VC acting as the gateway).
- IAP routes back the traffic to client.
Environment : This article applies to all the IAP running a minimum OS version of 6.2.1.0-3.3.0.0.
WEBUI
- Navigate to “More” and click “DHCP server”.
2. Create a DHCP scope under “Other DHCP Scopes” and choose the type as Local, L3 along with other details.
3. Click OK.
CLI
d8:c7:c8:cb:d4:20 (config) # ip dhcp vlan40
d8:c7:c8:cb:d4:20 (DHCP Profile "vlan40") # server-type Local,L3
d8:c7:c8:cb:d4:20 (DHCP Profile "vlan40") # server-vlan 40
d8:c7:c8:cb:d4:20 (DHCP Profile "vlan40") # subnet 172.16.40.0
d8:c7:c8:cb:d4:20 (DHCP Profile "vlan40") # subnet-mask 255.255.255.0
d8:c7:c8:cb:d4:20 (DHCP Profile "vlan40") # exclude-address 172.16.40.1
d8:c7:c8:cb:d4:20 (DHCP Profile "vlan40") # lease-time 18000
d8:c7:c8:cb:d4:20 (DHCP Profile "vlan40") # dns-server 10.1.1.50
d8:c7:c8:cb:d4:20 (DHCP Profile "vlan40") # domain-name arubanetworks.com
d8:c7:c8:cb:d4:20 (DHCP Profile "vlan40") # end
d8:c7:c8:cb:d4:20# commit apply