DHCP Server Relay
Dynamic Host Configuration Protocol (DHCP) is the most popular method used to assign IP addresses and other IP configuration options across a LAN. While DHCP may be used by the VPN Gateway to obtain an IP address for the WAN Interface, DHCP can also be used to distribute IP addresses to IP devices on any of the LAN ports.
The VPN Gateway supports several ways to service DHCP requests received on its LAN interfaces. The VPN Gateway can be configured with a DHCP server that runs locally on the VPN Gateway to service client requests, or it can be configured to forward the client DHCP requests to a DHCP server on the customer network through an already established VPN tunnel (DHCP Relay).
If DHCP or DHCP Relay is not required it can be disabled by an administrator in the VPN Gateway Device Profile stored on the AT&T Administration Server.
DHCP Configuration
VPN Gateway DHCP configuration information must be configured through the VPN Gateway Device Profile stored on the AT&T Administration Server. If VLANs have been enabled, the DHCP information is configured at a VLAN level. Otherwise the DHCP information is configured on the VPN Gateway base profile. The user can view the current DHCP assignments and configuration via the VPN Gateway web interface. The user does not have the ability to modify any LAN DHCP configuration through the web interface.
DHCP Server
When configuring the DHCP server in AT&T Administration Server you must specify the range of addresses that the DHCP server hands out. The starting and ending addresses must fall within the subnet range defined for the local LAN interface or VLAN that is servicing the requests. The VPN Gateway can be configured as an authoritative server. This is necessary to support DHCP INFORM messages which are used for example to configure proxy servers via WPAD in Internet Explorer via DHCP Option 252.
DHCP Options Support
If the VPN Gateway is configured as the DHCP server, the administrator can configure specific DHCP options to be passed back to the local IP devices within the DHCP response. An option value will only be passed to the requesting device if it is specifically requested by the device within the DHCP request. These options are configured within AT&T Administration Server and can be the same for all DHCP pools managed by the VPN Gateway, or the options can be configured to be specific to each DHCP pool. Multiple entries for the same DHCP option can be configured in AT&T Administration Server. The VPN Gateway will concatenate the entries together to make a single entry in the DHCP configuration file. Up to 256 bytes can be configured for any one item.
In addition to the specific DHCP options that are configured within the AT&T Administration Server the VPN Gateway will dynamically add the DNS server, WINS server, and domain name options to the DHCP responses. These server values are determined dynamically based on the specific tunnel connected and other configuration values within the AT&T Administration Server. The VPN Gateway default behavior is to add its local LAN interface as the router. This option can be overridden.
DHCP options are frequently used in a variety of cases – for example to provide DNS server information when the VPN Gateway is not providing DNS proxy functionality, and to define a SIP Phone configuration server in VoIP scenarios.
DHCP Subpool Support
If the VPN Gateway is configured as the DHCP server, the administrator can configure specific DHCP subpools. This provides the customer with the ability to assign subsets of the DHCP pool to unique device classes. For example, device with a MAC address starting with XX:YY:ZZ would always be assigned an IP address from a sub pool that contains IP address that are in the range of xx.xx.xx.50 through xx.xx.xx.55. This allows for easier firewall management inside of the customer’s network.
DHCP Relay
DHCP Relay can only be used in specific circumstances, and there are certain prerequisites to consider. Firstly, this is only an option in No-NAT Remote Office configurations. Secondly, the tunnel should be up at the time the IP devices on the local LAN side issue DHCP requests, or there is no connectivity to the DHCP server. This means that a persistent or traffic initiated tunnel is required. When configuring DHCP relay, the IP address of the enterprise network-based DHCP server must be detailed in the VPN Gateway Device Profile stored on the AT&T Administration Server. The Primary and an optional backup DHCP Relay server can be configured per VLAN. These servers must be accessible through a VPN tunnel.