Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DHCP relay agent over NAT

Status
Not open for further replies.

vortmax

Technical User
Aug 1, 2006
46
US
I have a complicated network layout and I need some help getting it working. I have a local network that is connected to the internet via a NAT router. This public circuit only has a handfull of public IP's. On the local side of the network resides a CMTS, which is a layer 2 bridge, connecting cable modems and computers to the outside world.

Outside the network resides a DHCP/TOD/TFTP server that both the modems and the computers(CPE's) need to contact before service can be started.

The startup protocol involves the modem syncing with the CMTS, then getting an IP from the DHCP server which it uses to network boot from the tftp server. Once booted, the CPE can contact the DHCP server and obtain a (private) IP address and join the network. This is simple with the DHCP and TFTP servers on the local network, but not so easy on seperate networks.

The CMTS acts as a DHCP relay agent and can relay the DHCP requests separately for modem and cpe requests. Currently I have both relays set to forward DHCP requests to the DHCP server. Through packet tracing, I can see that the DHCP server is obtaining the request, but it is attempting to reply to the relay computer's private IP. Obviously this IP is not routable on the public side of the NAT router. The NAT router/gateway does have a DHCP relay function as well, and I configured the CMTS's relay to forward to the router, which then forwards to the DHCP server, but it still behaves the same.

Any ideas on how to set this up?
 
I've never tried to dhcp through NAT, and I don't see how it could work (I may be exposing my ignorance). Is there anything on the setup of the dhcp server that would make it aware that the requests are NATted?

Any chance you can place that dhcp server inside the network, thereby not NATting the requests?


"We must fall back upon the old axiom that when all other contingencies fail, whatever remains, however improbable, must be the truth." - Sherlock Holmes

 
Any chance you can place that dhcp server inside the network, thereby not NATting the requests?"

We are actually going to try it with a VPN. We are going to set up a network at the office for the CMTS, modems and management servers that we will extend to the sites with a VPN tunnel, then just use DHCP relay on the CMTS to forward the CPE DHCP requests over to the secured local network while keeping actual internet traffic on the public network.
 
Let us know how that works out. Your topology is more complex than what I usually deal with, and I'm curious to know how you get on.


"We must fall back upon the old axiom that when all other contingencies fail, whatever remains, however improbable, must be the truth." - Sherlock Holmes

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top