07-13-2016 10:38 AM
Is there a way on a PA-200 to setup port 1/2 and 1/3 with the same DHCP server access that is setup on port 1/4? Currently we have port 1/1 as Untrust, port 1/4 as Trust, and now we have a request to configure 1/2 and 1/3 as access ports for the Trust network.
Getting Ports 1/2 and 1/3 access into the trust interface was easy but I can't figure out how I would have those ports feed out a DHCP address from the DHCP server that is configured on interface 1/4. I would like to prevent putting in more static routes across our VPN Tunnel so I don't really want to create two /32 DHCP pools for 1/2 and 1/3.
Any help would be greatly appreciated; thanks!
07-15-2016 11:36 AM
Have you tried setting the DHCP relay on e1/2 and e1/3 as the IP address of e1/4?
07-13-2016 11:31 AM
I'd presume if you had said ports in layer 2 mode set with a sepcific vlan then they should all be within the same subnet, using the same DHCP pool?
07-13-2016 12:00 PM
Hi,
So do you have a separate DHCP server on the trust network or your port 1/4 acting as a DHCP server?
07-14-2016 05:48 AM
Port 1/4 is configured as the DHCP server
07-14-2016 05:50 AM
Supposibly this was tried and didn't work; I haven't tried it directly as I had configured it with the tunnel and basically called it ready to deploy. I didn't realize at the time that they had only purchased a 8 port POE switch and hadn't planned on the PA-200 using ANY of the ports on the switch...you know because magic 🙂
07-15-2016 11:36 AM
Have you tried setting the DHCP relay on e1/2 and e1/3 as the IP address of e1/4?
07-15-2016 02:01 PM
I actually got hands on with it today because there was confussion about why something wouldn't commit. Turns out the guy who was working on it earlier had switched our trust interface to layer 2 while our untrust/IPSec Tunnel interface was for obvious reasons layer 3. Once I fixed that I also noticed that they had setup DHCP on the switch that was below it with the wrong gateway and a few other configuration mistakes. Switching the relay interface to the DHCP server on Port 4 along with some policy changes to allow the traffic worked great and wasn't a big issue getting everything sorted out; don't know why I wasn't getting all the info from the start.
Thanks for your input everyone.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
