Can the users get an IP address if the DHCP server is outside out network and our controller is doing the NAT?
Environment Information : This article applies to all Aruba controllers and OS versions.
User is able to get DHCP lease from the server when there is no NAT boundary b/w the server and the controller.However if there is a NAT device en route, he cannot get response from the DHCP server.
DHCP Offer packet goes to GIAddr and not to the Source IP of Discover packet.
Resolution : Keep the DHCP server inside the NAT boundary.
DHCP allows dynamic and automatic allocation of IP addresses on a network. One DHCP server can allocate addresses from multiple pools. Among other things, DHCP primarily provides the following to the client machine:1. IP address2. Subnet mask3. Default GatewayA DHCP Discover packet is a Broadcast packet. Since a broadcast cannot go across a router, this design would require us to put a DHCP server in each vlan. DHCP overcomes this by using multiple pools and a relay agents . A Relay Agent is configured using Ip helper address command in Aruba controller.When IP helper address is configured on a VLan interface. It will forward the DHCP broadcast from the LAN segment to the DHCP Server as a unicast. It adds the VLan interface ip address as GIAddr (Gateway IP Address) to the DHCP Discover packet.DHCP server compares the GIAddr to the pools configured and gives out leases from from the pools.
Problem.If the DHCP server is configured across a NAT device, then client machines never get the IP address leases.Interface vlan 1IP address 188.8.131.52 255.255.255.0Interface vlan 2Ip address 10.1.1.1. 255.255.255.0IP nat insideIp Helper Address 184.108.40.206IP route 220.127.116.11 255.255.255.0 18.104.22.168a. Vlan 1 is the controller IPb. Vlan 2 is the User IPc. DHCP server is 22.214.171.124 which is across the VLan 1.d. A static route to 126.96.36.199 /24 points to 188.8.131.52 which is next hop in VLan 1.e. Ip nat inside is configured which NATs all user traffic to the controller IPTest 1: ping to the DHCP server is successful. ICMP Echo Request Source IP =184.108.40.206 ( after NAT)ICMP Echo Request Destination IP =220.127.116.11ICMP Echo Reply Source IP =18.104.22.168ICMP Echo Reply Destination IP =22.214.171.124Test2: DHCP from client failsDHCP Discover Source IP =126.96.36.199( after NAT)DHCP Discover Destination IP =188.8.131.52DHCP GIAddr IP =10.1.1.1DHCP Offer Source IP =184.108.40.206DHCP Offer Destination IP =10.1.1.1DHCP GIAddr IP =10.1.1.1We see, the DHCP Offer packet goes to GIAddr and not to the Source IP of Discover packet. Since GIAddr is a private IP address which is natted to the Controller IP, neither the DHCP server or it's default gateway knows how to get to 10.1.1.1.Thus the DHCP Offer never reaches the client and DHCP process is never completed.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.