mbox can function as a DHCP server to issue IP addresses from its local pools, for both CMG and HSG, and it also supports DHCP relay to upstream DHCP server to issue IP addresses to users/clients.
For configuring local DHCP pool, refer to this guide on issuing DHCP from local interface, or from hotspot instance. For configuration DHCP relay to upstream DHCP server, refer to this guide on relaying from local interface, or from hotspot instance.
But sometimes, when mbox is configured as a DHCP relay, we experience problems of not being able to get DHCP addresses from upstream DHCP server.
In this guide, we focus on troubleshooting on relaying DHCP from HSG hotspot instance (similar concept for interface relay).
In this topology,
- we used a Linux DHCP server and HSG.
- HSG is a captive portal gateway, vlan1 assigns AP management address, and vlan500 is for user data.
- HSG vlan500 hotspot server (192.168.100.1) will receive clients’ DHCP requests and relay to upstream DHCP server (192.168.7.224)
- DHCP server is expected to issue addresses for vlan500, range from 192.168.100.0/24, and user default gateway (router) is 192.168.100.10
“tcpdump interface vlan500 detail” to check incoming DHCP request, and
“tcpdump interface eth0 detail” to check if HSG relays requests to upstream DHCP server and/or if any replies from DHCP server.
A common problem is – we don’t see replies from DHCP server! There are a few key points to check.
- Configure the necessary network/IP settings on both HSG and DHCP server. Make sure HSG can ping to DHCP server, and DHCP server opens firewall rules (if any) for UDP/67/68
On DHCP server
- Configure a local interface with an IP address in the same subnet as the address pool for vlan500, but different IP from the relay agent IP, which is the client router IP. eg.
- local interface ip 192.168.100.2/24
- address pool router ip 192.168.100.1 (this is vlan500 client default gateway IP, also HSG relay-agent IP or hotspot server IP)
- Configure DHCP address pools to include both networks/pools
- for the interface that’s communicating with the HSG WAN (where the relayed DHCP requests coming in), so that DHCP server will respond DHCP requests from HSG
- for the local interface configured in step #2 above, so that DHCP server will respond the DHCP requests from its local pool
- Add a host route for 192.168.100.1/32 back to the HSG WAN. eg. Ip route add 192.168.100.1/32 via 192.168.7.66. Because HSG will relay client DHCP requests using source IP 192.168.100.1 (relay-agent IP) to the DHCP server, and the server must have a route for the relay-agent IP, so that the reply can be returned to back to HSG.
On HSG (DHCP relay gateway)
- If there’s “firewall-snat” on WAN/eth0, exempt SNAT for connection to DHCP server, otherwise the DHCP server will see requests mis-match (the relayed packet will SNAT to HSG WAN IP (192.168.7.66, but the relay-agent IP is 192.168.100.1). It will not respond too.