Omada Switch DHCP Relay Configuration Guide
This article will introduce how to configure the DHCP (Dynamic Host Configuration Protocol) Relay function both in Standalone mode and Controller mode on the Omada switches that support this function.
Note: The CLI commands in this article are based on models with gigabit ports. Some commands may vary due to differences in port configurations. For details, please refer to the CLI guide.
Role of DHCP Relay
Background: DHCP is only applicable when the DHCP client and server are within the same network segment, and it cannot function across different segments. To dynamically assign IP addresses to devices in multiple network segments, network administrators would typically need to deploy a DHCP server in each segment, which is inefficient. The introduction of DHCP Relay addresses this issue. Clients can use the DHCP Relay to communicate with DHCP servers in other segments, ultimately obtaining legitimate IP addresses. As a result, DHCP clients in multiple segments can utilize a single DHCP server, saving costs and simplifying centralized management.
There are three types of DHCP Relays: DHCP Interface Relay, DHCP VLAN Relay, and DHCP L2 Relay. The most commonly used one is DHCP Interface Relay, which is designed to enable a single DHCP Server to assign IP addresses to DHCP Clients in multiple non-consecutive network segments. In addition to the basic relay functionality, Omada switches offer option for configuring the DHCP Option 82 in DHCP messages. This feature, when used in the relay scenario, allows the DHCP Server to perform more granular operations, such as address allocation, based on the Option 82 feature. Currently, Omada switches provide three actions for processing DHCP messages: Keep, Replace, and Drop.
Simply put, the three types of DHCP Relays serve the following purposes:
1) DHCP Interface Relay: This type of relay acts as a service between DHCP clients and servers in different network segments, forwarding DHCP protocol messages across segments to the target DHCP server. Ultimately, it enables DHCP clients on a network to share a single DHCP server. As illustrated in the figure below, there is only one DHCP address in the network, but multiple relay address pools can be configured. The switches in the intermediate links can then use DHCP Interface Relay to allow each segment to obtain IP addresses from the same DHCP Server while maintaining segmentation between the segments. Without DHCP Relay, DHCP requests from clients in different segments would not be able to reach the DHCP Server.
2) DHCP VLAN Relay: This type of relay serves a similar purpose as DHCP Interface Relay, with the key difference being that the DHCP clients connected to the relay are not through L3 interfaces but VLANs. In other words, the client and server are not interoperable at layer 3, nor are they connected to the L3 switch. Similar to Interface Relay, as shown in the following figure, clients in different VLANs can obtain IP addresses from the same DHCP server. The allocation of IP addresses to a specific network segment can be determined using Option 82, and the difference here is that the relay switch cannot communicate directly with the clients due to the lack of direct interfaces.
3) DHCP L2 Relay: The DHCP clients and servers of this type of relay is within the same local area network (LAN). DHCP L2 Relay enables some L3 relay functionality on L2 devices, only adding the Option 82 feature, which allows attaching Remote Agent ID and other information to the DHCP messages. DHCP Relay Agent typically has routing capabilities and is classified as L3 device. However, in certain network architectures, L2 devices need to be able to attach the Relay Agent Information option information, as terminal networks are often built with L2 devices and connected directly to hosts. These L2 devices do not even have IP addresses, so they cannot directly relay data packets to a DHCP server located in another network. As a result, they attach Option 82 to the DHCP message, allowing the DHCP Server to use this field for assigning IP addresses to different network segments.
Option 82, also known as the Relay Agent Information option, is used to include information about the relay device involved in the DHCP interaction. This information can be used in conjunction with other software to enforce restrictions on DHCP address allocation or implement billing functionalities. Omada switches currently offer three strategies for handling the Option82 field in DHCP messages. After enabling the Option82 feature on a port, the roles are as follows: By default, the Circuit ID in the Option82 value is a combination of the port number and VLAN ID from where the DHCP Request is received. The format is: 0004 + 4 bytes VLAN ID + 1 byte Unit ID + 1 byte Port Number. For example, if a DHCP message is received from Port 1 in standalone mode, the added Option82 Circuit ID would be: 0004000000010101. The Remote ID, on the other hand, defaults to the MAC address of the relay device that received the DHCP Request. It is formatted as: 0006 + 6 bytes DUT's MAC. For instance, if the DHCP message passes through an Omada switch with a MAC address of 00-00-00-00-00-01, the default Option82 RemoteID added would be: 0006000000000001.
a. Keep: Keep the original Option82 field in the message. If the original message does not have an Option82 field, add the device's default Option82 value or the user-configured value (with the user-configured value taking precedence).
b. Replace: Replace the Option82 field in the message with the device's default value or the user-configured value.
c. Drop: If the message contains an Option82 field, discard the message. If not, the message will be relayed normally.
In a DHCP Relay scenario, the DHCP Server needs to assign addresses to clients on different network segments and across network segments. Ordinarily, a DHCP Server can only assign IP addresses within its own network segment. However, it can be configured with multiple Relay Agent Pools to determine the IP subnet to be assigned based on fields like Option82. This requires the DHCP Server to support configuration as a DHCP relay address pool. A common DHCP Server that can perform such operations is Ubuntu's DHCP Server (by installing ISC-DHCP-Relay), etc.
DHCP Relay Message Exchange
In addition to DHCP L2 Relay, both Interface Relay and VLAN Relay require the switch to perform L3 network relay forwarding, which means that a L3 relay interface needs to be configured.
DHCP Relay Configuration Guide
1. Configuring DHCP Interface Relay
DHCP Interface Relay is designed for establishing a relay connection between DHCP Clients and DHCP Server in two different network segments. It needs to be configured based on two L3 interfaces in different network segments. Generally, the configuration can be approached as follows:
Step 1: Configure the VLAN and L3 interface connected to the DHCP client: This VLAN should be in the same network segment as the IP addresses the DHCP client will obtain, so as to ensure that the client can communicate with the switch after obtaining the address;
Step 2: Configure the VLAN and L3 interface connected to the DHCP server: This interface and the server should belong to the same network segment, so that the switch and the server can communicate with each other to complete the message relay.
Step 3: Enable DHCP Relay globally.
Step 4: Configure the DHCP Interface Relay interface and the connected DHCP server address.
Step 5: (Optional) Configure the Option82 feature.
Assuming the DHCP Client needs to obtain an IP address from the 192.168.2.x/24 subnet through a DHCP server with the IP address 192.168.100.100/24 (the DHCP address pool for the 192.168.100.x/24 subnet is configured on the DHCP Server, which is unrelated to the switch, and the configuration methods may vary among different DHCP servers, hence not detailed here), the detailed configuration steps on the switch are as follows:
1.1 In Standalone Mode
Step 1: Configure the VLAN and L3 interface connected to the DHCP Client (using a common VLAN interface as an example here). Create VLAN 2, and configure the port connected to the client as access port 1, For example, add ports 1-2 as Untagged to VLAN 2, and then create an L3 Interface based on VLAN 2.
Step 2: Configure the VLAN and L3 interface connected to the DHCP server (using a common VLAN Interface as an example here too). Create VLAN 100, set ports 9-10 as uplink ports, and add them to VLAN 100 as Tagged.
Step 3: Enable DHCP Relay globally
Step 4: Configure the DHCP Interface Relay interface and the connected DHCP Server address. Note that the Interface ID here should be the ID of the interface that needs to be relayed, not the interface connected to the DHCP server. For example, in this scenario, enter '2' as the Interface ID, and enter the IP address of the actual DHCP server in the Server Address field.
1.2 In Controller Mode
Step 1: Create VLAN 2 and VLAN 100, and configure the downlink port as access port.
Step 2: Create VLAN 2 and VLAN 100 interfaces
Step 3&4: Configure DHCP Interface Relay entries. Go to Private Configuration→Config→VLAN Interface, select the interface that needs to be relayed, and click "Edit" to enter editing.
2. Configuring DHCP VLAN Relay
The function of DHCP VLAN Relay is also to establish a relay connection between DHCP client and DHCP server in two different network segments. Generally speaking, it can be configured according to the following steps:
Step 1: Configure the VLAN connected to the DHCP client: Unlike Interface Relay, which connects the client via a L3 interface, the interface on the client side of the VLAN Relay is only a VLAN, which means the client and the switch are not directly interconnected;
Step 2: Configure the L3 interface connected to the DHCP server: the interface and the server should be in the same network segment, so that the switch and the server can communicate with each other to complete the message relay;
Step 3: Enable DHCP Relay globally;
Step 4: Configure the DHCP VLAN Relay interface and the connected DHCP server address
Step 5: (Optional) Configure Option82 feature
Currently, all three types of DHCP Relay configuration are supported in Standalone mode. In Controller mode, only DHCP L2 Relay and DHCP Interface Relay configurations are available, but DHCP VLAN Relay can be configured and deployed through CLI commands (requiring Omada Controller V5.9 and above)
2.1 In Standalone Mode
Step 1: Configure the VLAN connected to the DHCP client
Step 2: Configure the L 3 interface connected to the DHCP server
Step 3: Enable DHCP Relay globally;
Step 4: Configure the DHCP VLAN Relay interface and the connected DHCP server address
First, configure the Default Relay Agent Interface: Enter VLAN 100 directly. After applying the configuration, the corresponding L3 interface address will be automatically generated and used as the default relay interface.
Next, configure the DHCP VLAN Relay entry. Here the VLAN ID is the ID of the VLAN that needs to be relayed, which is VLAN 2 in this scenario.
Step 5: (Optional) Configure the Option82 feature: If there are no special requirements, keep the default value of Option82 for the enabled port.
2.2 In Controller Mode
Currently, the Controller does not support configuring DHCP VLAN Relay on the UI, but for V5.9 and above, this function can be configured through the CLI commands. To achieve the same effect as Standalone above, you can follow the steps bellow:
Step 1: Create VLAN 2 and VLAN 100, and configure the downlink port as the access port
Step 2 : Create VLAN 100 interface connected to the DHCP server
Step 3: Deploy DHCP VLAN Relay entry configuration through CLI commands
service dhcp relay
ip dhcp relay vlan 2 helper-address 192.168.100.100
interface vlan 100
ip dhcp relay default-interface
3. Configuring DHCP L2 Relay
Different from Interface Relay and VLAN Relay, which require relay based on L3 interfaces for message forwarding, L2 Relay operates within the same Layer 2 LAN for both the DHCP client and server. As a result, L2 Relay's primary function is to listen for the interaction messages between the client and server, and provide the capability to add or modify the Relay Agent Information option (Circuit ID Customization and Remote ID Customization). In simpler terms, L2 Relay enables operation of Option 82 in DHCP messages for L2 network interactions.
Step 1: Configure the VLAN connecting DHCP Client and Server;
Step 2: Enable DHCP L2 Relay globally, enable VLAN;
Step 3: (Optional) Configure the Option82 feature
3.1 In Standalone Mode
Step 1: Configure the VLAN connecting DHCP client and server;
For the communication between a client and a server within the same LAN, they only need to be planned in the same VLAN. Here we take their interaction in VLAN 2 as an example. The client is connected through an access port, while the server is connected through a trunk port.
Step 2: Enable DHCP L2 Relay globally, enable VLAN;
Step 3: (Optional) Configure the Option82 feature
3.2 In Controller Mode
Controller mode currently supports DHCP L2 Relay configuration. Follow the steps below:
Step 1: Enable the DHCP L2 Relay function of the corresponding VLAN;
Step 2: (Optional) Configure the Option82 feature of the port;
As shown in the figure below:
Step 1: Enable the DHCP L2 Relay function of the corresponding VLAN: Here we take enabling the DHCP L2 Relay of VLAN 2 as an example. Go to Site→Site Settings→Wired Networks→LAN where the device is located, create VLAN 2, and check DHCP L2 Relay;
Step 2: (Optional) Configure the Option82 feature of the port;
Enter the site where the device is located, click the device, select the device for which Option82 needs to be configured. Click Port, select the port for which Option82 needs to be enabled. Check Profile Overrides to unfold details, check Option82 to enable Option82 support, select the Format, Circuit ID and Remote ID as needed, and keep them as default if there are no special requirements.
Please follow the guide above for three types of DHCP Relay configuration in Standalone or Controller mode. To confirm whether the configuration takes effect normally, use a wired or wireless client to access the network to check whether the network segment of the obtained IP address meets the expectations.