Using DHCP Relay with VLAN and Univention

tacioandrade · December 24, 2016, 8:23pm

Hello everyone, I am putting together a project where I will need Univention to be the DHCP server of the entire infrastructure with several VLANs. I use pfSense as a firewall and I activated the DHCP Relay of the same one pointing the requests to Univention, but wanted to know how to make the VLAN 10 requests be answered with a VLAN10 range - 192.168.10.0/24.

I created several network segments in Univention within the multiti.local domain, however I do not know how to configure the sending to the correct VLAN, could anyone help me?

tacioandrade · December 24, 2016, 8:35pm

Hello all, I have already seen that it is possible to manage DNS, Users and Groups, GPOs, etc. by RSAT, but I tried to manage DHCP, but could not connect. Is there any way to make the connection to DHCP management also by RSAT?

thorp-hansen · December 27, 2016, 1:45pm

Via RSAT - Tools you manage only the Samba4/AD database, so you would not look at the UCS LDAP directory and everything you installed/configured there. UCS is able to manage 2 directories: LDAP and Samba4 - the Samba4 database is “feeded” from the LDAP via a connector (S4 Connector) and gets everything needed by windowsclients and servers. The DHCP is not synced (or not entirely) to the S4, I think (because it is not needed to to function), thats why you cannot see it with the RSAT Tools.

Since you can manage and connect to the UCS via webinterface (even from a windows server) it would be easier to manage the UCS this way (webinterface) instead of the RSAT Tools?

tacioandrade · December 27, 2016, 6:58pm

Yes in case if it is possible to create multiple IP pools and each service a different VLAN, it would use without any problems.
However looking at the PDF of the documentation does not explain how to do this, so much so that for the current project as I will not have time to homologate, I am thinking of using pfSense as DHCP Server and not Univention, since DNS is updated every login in the system (I really liked this idea of yours, congratulations).
However for future projects I will need to know how to make Univention work as a DHCP server for multiple VLANs receiving DHCP Relay requests.

Sincerely, Tácio Andrade.

Moritz_Bunkus · December 30, 2016, 8:30am

Hey,

you can easily define DHCP pools in the Univention Management Console. For simple setups you actually don’t need a pool, a subnet declaration often suffices, therefore the default installation doesn’t create a pool. But you can create them.

Go to “Domain” → “LDAP directory”, then navigate to your subnet declaration in the tree on the left. Click on that subnet declaration. Now you can add a new object of type “DHCP pool”. See this screenshot:

As far as I know a DHCP relay agent includes the IP subnet for which the DHCP/BOOTP request was received (meaning: the DHCP relay agent has an IP address on an interface on which the DHCP/BOOTP request was received, and that interface’s address/netmask will be sent to the DHCP server). Univention’s DHCP server should then answer as long as there’s a) a subnet object whose range includes the IP address and b) there’s a “DHCP host” object, too. Note that I’ve never used DHCP relaying with Univention myself, therefore this is conjecture on my part.

Regards,
mosu

tacioandrade · December 31, 2016, 3:51am

Many thanks for the reply. As soon as possible I’ll try to set up the IP pool lab to test. Thank you very much for your help and great year’s end for you.

Sincerely, Tácio Andrade