The NetScreen-5/5XP/25/50/100/204/208 support DHCP relay agent, which receives DHCP information from a DHCP server and relays that information to hosts on the trusted network.
Example: PC ---NS-5XP_A(DHCP relay)------INTERNET------NS-5XP_B---DHCP server
- PC: DHCP enabled
- NS-5XP_A(DHCP relay)
Trust IP address: 20.1.1.1/24
Untrust IP address: 1.1.1.1/24
Untrust Gateway: 1.1.1.2
Trust IP address: 30.1.1.1/24
Untrust IP address: 1.1.1.2/24
Untrust Gateway: 1.1.1.1
IP range: 20.1.1.10 ~ 20.1.1.254
subnet mask: 255.255.255.0
Router(default gateway): 20.1.1.1
DNS: 164.124.101.2
Domain: YourDomain.com
Step 1) Make sure that Site-to-Site VPN works fine.
Step 2) Enable DHCP relay and configure DHCP relay options on NS-5XP_A
On the CLI:
set dhcp relay service (enable DHCP relay)
set dhcp relay server-name "30.1.1.2"
ns5xp-> get dhcp relay
DHCP relay agent is enabled
DHCP Server is: "30.1.1.2"
VPN encryption is disabled
On the WebUI:
Configure > DHCP tab > DHCP Relay Agent > Put DHCP server IP address (30.1.1.2)
Step 3) Enable DHCP relay debug
On the CLI:
debug dhcp relay 1
Step 4) Verify the contents of debug buffer
On the CLI:
ns5xp-> get dbuf stream
##2002-03-06 19:30:45 system-debugging: DHCP: read unrecognized option 251
##2002-03-06 19:30:45 system-debugging: (length 1)
##2002-03-06 19:30:45 system-debugging: DHCP: received discover msg from MAC 0004
e22ed291: request IP 0.0.0.0
##2002-03-06 19:30:45 system-debugging: Unbale to relay DHCP message: Set trust
interface to route mode
NOTE: To make DHCP relay through VPN, please use "Use Trust Interface as Source IP for VPN" option.
Step 5) To enable "Use Trust Interface as Source IP for VPN" option
On the CLI:
set dhcp relay vpn
ns5xp-> get dhcp relay
DHCP relay agent is enabled
DHCP Server is: "30.1.1.2"
VPN encryption is enabled
On the WebUI:
Configure > DHCP tab > DHCP Relay Agent > check "Use Trust Interface as Source IP for VPN"
Step 6) After that, verify the contents of debug buffer
ns5xp-> get db str
##2002-03-06 20:05:58 system-debugging: DHCP: read unrecognized option 251
##2002-03-06 20:05:58 system-debugging: (length 1)
##2002-03-06 20:05:58 system-debugging: DHCP: received discover msg from MAC 0004e22ed291: request IP 0.0.0.0
##2002-03-06 20:05:58 system-debugging: Send request to 30.1.1.2 by DHCP relay (VPN enable)
##2002-03-06 20:05:58 system-debugging: Receive response for DHCP relay
##2002-03-06 20:05:58 system-debugging: Relay response to DHCP client: 20.1.1.10 (0004e22ed291)
Step 7) Unset DHCP relay debug
On the CLI:
debug dhcp relay 0
NOTE: Currently "undebug dhcp relay 1" is NOT working, use "debug dhcp relay 0" to disable DHCP relay debug.
Step 8) Check IP configuration on PC
On the command prompt, type ipconfig /all
Ethernet adapter SMC:
Connection-specific DNS Suffix . : YourDomain.com
Description . . . . . . . . . . . : SMC EZ CardBus-
Physical Address. . . . . . . . . : 00-04-E2-2E-D2-
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 20.1.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 20.1.1.1
DHCP Server . . . . . . . . . . . : 30.1.1.2
DNS Servers . . . . . . . . . . . : 164.124.101.2
For more information, refer to the following articles: