RE: DHCP Relay serving clients on the same network as a DHCP server‏

Miroslav Mzik mmzik at
Sun Feb 14 21:18:27 UTC 2010

I am running the dhcrelay on a Check Point FW (SecurePlatform 

NGX (R65) HFA_40, Hotfix 640 which uses ISC DHCP package dhcp-3.0pl2-6.17cp). DHCP clients are behind interfaces Lan1.6 and Lan1.2, the DHCP server is behind the Internal interface. My intension is to relay requests from clients (behind ifaces Lan1.6 and Lan1.2) to the DHCP server. It would be logical to enable DHCP relay just on the Lan1.6 and Lan1.2 interfaces and that is what I originaly expected. The problem is that if I enable DHCP relay on Lan1.6 and Lan1.2 only my clients do not get ip addresses. If I enable DHCP relay also on the Internal iface everything is ok - my clients get their addresses successfuly. However, the DHCP relay starts servicing DHCP clients on the Internal network too and this causes the DHCP server to receive duplicate packets. I was investigating this for a while and than I went across the information in the man pages ...


> Date: Mon, 15 Feb 2010 01:05:53 +1100
> From: glenn.satchell at
> To: dhcp-users at
> Subject: Re: DHCP Relay serving clients on the same network as a DHCP server‏
> Miroslav Mzik wrote:
> > Dear dhcp-users list members,
> > 
> > I am turning to you with a question regarding ISC DHCP Relay 
> > functionality. The man page for dhcrelay says:
> > 
> > ------------
> > In general, it must listen not only on those network interfaces to which 
> > clients are attached, but also on those network interfaces to which the 
> > server (or the router that reaches the server) is attached.
> > ------------
> > 
> > ------------
> > The relay agent should not relay packets received on a physical network 
> > to DHCP servers on the same physical network - if they do, the server 
> > will receive duplicate packets. In order to fix this, however, the relay 
> > agent needs to be able to learn about the network topology, which 
> > requires that it have a configuration file.
> > ------------
> > 
> > I am facing the above mentioned problem - the DHCP Relay processes 
> > packets coming from clients located on the same physical network as my 
> > DHCP server and thus the server receives duplicate packets. Is there a 
> > solution to this prob lem? I cannot find any documentation for 
> > /etc/sysconfig/dhcrelay file directives which might help solving this issue.
> > 
> > Thank you.
> > 
> > Miroslav Mzik
> There are no dhcrelay directives to fix this. If the clients are on the 
> same physical subnet as the server then they can talk to it directly and 
> do not need dhcrelay. dhcrelay is intended for remote subnets to forward 
> broadcasts on behalf of clients.
> So the man page is referring to a case where the router for a subnet 
> might be a Linux or Unix box with more than one network interface. It is 
> a common case to run dhcrelay -i eth0 to listen on eth0, but dhcrelay 
> needs to listen on, say, eth1 also if this is the network connection 
> that routes packets back to the dhcp server. In most other cases 
> dhcrelay runs on a box with a single interface.
> The only time that is dhcp and dhcrelay are run on the same subnet is 
> with a switch that has a relay agent within the switch to add variables 
> such as option 82 (agent.remote-id and agent.circuit-id) for the switch 
> ports. But then this is using the switch's relay agent not dhcrelay.
> Perhaps you could describe your network and how dhcp and dhcrelay are 
> deployed and what you are trying to achieve?
> regards,
> -glenn
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the dhcp-users mailing list