PA-200 DHCP Server across Interfaces

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PA-200 DHCP Server across Interfaces

Cyber Elite
Cyber Elite

Is there a way on a PA-200 to setup port 1/2 and 1/3 with the same DHCP server access that is setup on port 1/4? Currently we have port 1/1 as Untrust, port 1/4 as Trust, and now we have a request to configure 1/2 and 1/3 as access ports for the Trust network. 

Getting Ports 1/2 and 1/3 access into the trust interface was easy but I can't figure out how I would have those ports feed out a DHCP address from the DHCP server that is configured on interface 1/4. I would like to prevent putting in more static routes across our VPN Tunnel so I don't really want to create two /32 DHCP pools for 1/2 and 1/3. 

Any help would be greatly appreciated; thanks!

1 accepted solution

Accepted Solutions

Have you tried setting the DHCP relay on e1/2 and e1/3 as the IP address of e1/4? 

View solution in original post

7 REPLIES 7

L2 Linker

I'd presume if you had said ports in layer 2 mode set with a sepcific vlan then they should all be within the same subnet, using the same DHCP pool?

L6 Presenter

Hi,

 

So do you have a separate DHCP server on the trust network or your port 1/4 acting as a DHCP server?

Port 1/4 is configured as the DHCP server

Supposibly this was tried and didn't work; I haven't tried it directly as I had configured it with the tunnel and basically called it ready to deploy. I didn't realize at the time that they had only purchased a 8 port POE switch and hadn't planned on the PA-200 using ANY of the ports on the switch...you know because magic 🙂

Have you tried setting the DHCP relay on e1/2 and e1/3 as the IP address of e1/4? 

I actually got hands on with it today because there was confussion about why something wouldn't commit. Turns out the guy who was working on it earlier had switched our trust interface to layer 2 while our untrust/IPSec Tunnel interface was for obvious reasons layer 3. Once I fixed that I also noticed that they had setup DHCP on the switch that was below it with the wrong gateway and a few other configuration mistakes. Switching the relay interface to the DHCP server on Port 4 along with some policy changes to allow the traffic worked great and wasn't a big issue getting everything sorted out; don't know why I wasn't getting all the info from the start.

Thanks for your input everyone. 

Well done mate

  • 1 accepted solution
  • 4527 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!