Sonicwall IP Helper

[NOLACop]

I am trying to setup my Sonicwall to pass VLAN traffic on to my domain controller/ DHCP server. I have the VLANs configured on the X0 interface and the switches configured for the VLANs as well. I am trying to setup the IP Helper on the Sonicwall NSA2600 and I have a bit confused. What do I set for the "to" and "from" to enable the DHCP server to hand out IP addresses to all of my VLANs? All of the DHCP scopes are set on the server. I keep running into errors setting the DHCP IP helper policy.

 

[S0ULphIRE]

IP Helper forwards DHCP requests originating *from* an interface *to* a centralized DHCP server.

So in the "to" field, you set the IP or subnet that your DHCP server is or is in.
In the "From" field, you set a source interface, in this case X0

 

[NOLACop]

IP Helper forwards DHCP requests originating *from* an interface *to* a centralized DHCP server.

So in the "to" field, you set the IP or subnet that your DHCP server is or is in.
In the "From" field, you set a source interface, in this case X0

Thanks, so if I made the DHCP server an address object host, would I set the server itself in the "to" field? Or would it be enough to set the "to" field as X0 subnet and the "from" would be X0:V10?

 

[S0ULphIRE]

I'd set the 'to' field to be the server IP directly and leave the 'from' field as the whole X0 interface if you want it applied to all VLANs. At least I think that'll work, can't recall specifics for sonicwalls at all

 

[NOLACop]

I have done everything that I can think of to get the VLANs working and still nothing. Here is a breakdown of what I did, can anyone tell me what I'm missing?

On DHCP server, configured DHCP scopes exactly the same as the default subnet.
On Firewall/ router- I configured the VLANS as LAN interfaces of X0 (X0:V10) I configured IP helper to forward DHCP and DNS from X0:V10 to DHCP server. I tried from X0 to DHCP server as well. I created an address object for the DHCP server of- (LAN-192.168.xx.xxx- HOST)

On the switch (Dell Powerconnect 2848) that provides WAN from router (SW1) I tagged port 46 to VLAN 10. On Switch 2, which VLAN client is connected, I tagged (T) port 46 and untagged (U) port 27 on VLAN 10, which client is connected to.

I can not pull a good IP from this client. If I undo the VLAN config on the switches, the client instantly gets a default IP.

What am I missing or doing wrong here?

 

[kmanmx]

I have done everything that I can think of to get the VLANs working and still nothing. Here is a breakdown of what I did, can anyone tell me what I'm missing?

On DHCP server, configured DHCP scopes exactly the same as the default subnet.
On Firewall/ router- I configured the VLANS as LAN interfaces of X0 (X0:V10) I configured IP helper to forward DHCP and DNS from X0:V10 to DHCP server. I tried from X0 to DHCP server as well. I created an address object for the DHCP server of- (LAN-192.168.xx.xxx- HOST)

On the switch (Dell Powerconnect 2848) that provides WAN from router (SW1) I tagged port 46 to VLAN 10. On Switch 2, which VLAN client is connected, I tagged (T) port 46 and untagged (U) port 27 on VLAN 10, which client is connected to.

I can not pull a good IP from this client. If I undo the VLAN config on the switches, the client instantly gets a default IP.

What am I missing or doing wrong here?

I'm not Cisco certified and dont have experience with Dell Powerconnect switches etc.

But, I have configed a bunch of Cisco stuff just using Google/Forums/Documentation. And 90% of the time when I can't figure out why something isn't working, it's because of one tiny, small mistake/typo or superfluous charachter.

So tripled quadruple check everything, because I have been adamant i've done everything correctly for days and days only to realise I hadn't, often just an extra space will be enough to make it not work. Dell kit may be less input sensitive, but it's certainly the case for Cisco kit.

What you've done seems like it would work, but again, I am no expert at all.

 

[NOLACop]

Yeah I know. I have checked everything countless times. Everything was done by GUI, no CLI, so I didn't need to input much data that could have had a typo. I am at a complete loss as to why this is not working.

 

[NOLACop]

Something has to be wrong with either the settings in my router or the tagging in the switch. In my router I have VLAN10 with an IP on the interface of 192.168.xx.254. In the IP Helper I have the DHCP setting enabled. IN IP Helper policies I have the following:

Protocol: DHCP
From: Interface X0:V10
to: DHCP Server (with an IP address of 192.168.yy.2 (Different Subnet than V10)

On the switches I have the client port marked with a U. On the link between the client switch, both ports are marked with a T.

The only NAT policies involving VLAN10 are the auto generated ones. I can't ping the VLAN10 interface from VLAN1. Do I need to create a NAT rule to allow the two to talk?

 

[S0ULphIRE]

Sounds like you might be a little confused with the VLAN setup? If you disable VLANs and it works then definitely sounds like something's misconfigured there.

I'd say to troubleshoot, first set some static IPs and make sure you can ping between the VLANs that you want to be connected (if you *do* want them connected that is). Are you using VLANs for additional security or just for management purposes?

Is VLAN1 where you've put your DHCP server? By the way, I'm a little hazy as my cisco days are long past, but I'm pretty sure it's considered bad practice to use VLAN1 'cause it's the default & untagged.

 

[NOLACop]

When I say it works without the VLANs, I mean I get a DHCP address using the Default LAN. I use the default for DHCP, DNS etc, because I have never had VLANs before, everything is on one subnet. I do have different switches running different parts of the complex and they are linked via fiber connections.

Prior to me starting this VLAN journey, my entire network was on one subnet. When I first took over the IT position, the network was not nearly as big, and only a third of the size it is now. Over the years, almost everything has migrated to computers. I now have 8 servers, a large city wide IP camera system, dash camera, and body camera storage, and several critical databases. As my network has grown I never considered VLANs until I started to run into problems. So now I am trying to segregate my network for management purposes and also to maximize my bandwidth.

So what I did this afternoon is configure the VLANs as described prior. I started in reverse order, turning off what I did to configure the VLANs. I never am able to get a DHCP address for the VLAN I am trying to configure. However I do get a default LAN DHCP address when I undo the port settings on the switch. Meaning, after the port is set to "U" and the trunk is set to "T", I go into port settings in the VLAN menu and set port g27 to PVID 10 and only allow tagged packets. This is where I lose connectivity. I'm not sure if my switch config is wrong or if there is a router issue. Obviously, the router is not passing DHCP requests to the VLAN on a different subnet but I am just now sure where the road block is.

Does this make sense ? I thank you for your help so far.