DHCP Client not able to get the IP Address from external DHCP Server with NSX DHCP Relay

search cancel

book

calendar_today

VMware NSX

DHCP Client not able to get dynamic IP address from external DHCP Server via NSX forwarder

The EDGE Transport Node is unable to forward DHCP offer packets from its uplink interface to the ESX host, causing disruptions in IP address assignment for client machines.
The network topology may include either a T0 or T1 Service Router with service interfaces connected to VLAN-backed segments with routes to the external DHCP server.
The external DHCP server is accessible.
The service interface is connected to the Layer 2 VLAN where client machines requested dynamic IP addresses.

NSX

The VLAN-backed segment connected to the EDGE Transport Node's uplink interface was configured with the default segment security profile.
The default segment security profile has the DHCP block feature enabled by default.
This configuration cause the uplink interface to drop DHCP offer packets.

Create a new custom segment security profile that has the DHCP block feature(s) disabled.
Attach this custom security segment to the VLAN backed segment on the Edge.
- This will allow DHCP offer packets to be properly forwarded to client machines.

See: Configure DHCP Relay on an NSX Segment
- DHCP Filter
  - Toggle the "Server Block" button and "Client Block" button to enable DHCP filtering. Both are disabled by default.
    - DHCP Server Block blocks traffic from a DHCP server to a DHCP client. Packets whose UDP destination port number is 68 are blocked. Note that it does not block traffic from a DHCP server to a DHCP relay agent and DHCP Server replying to a DHCP relay agent must have DHCP Client Block disabled.
    - DHCP Client Block prevents a VM from acquiring a DHCP IP address by blocking DHCP requests. Packets whose UDP destination port number is 67 are blocked.

References:

thumb_up Yes

thumb_down No