Dynamic Host Configuration Protocol (DHCP) allows a client device to automatically obtain the information for services and configuration necessary to operate on a given network. To initiate this protocol, the client first sends out a broadcast packet called a DHCP Discover, contextualized below:
DHCP Discovers are restricted to a broadcast domain and cannot be routed. However, it is unnecessary to have a DHCP server for each subnet. DHCP relay agents (aka. iphelper) can be used to send these DHCP Discover packets to an appropriate DHCP server in a different broadcast domain using unicast.
In the following example, there are two VLANs behind a Layer 3 networking device which limits the broadcast domain. Because the client resides on VLAN 20 and is configured for a 192.168.0.0/24 address space, its DHCP discover packets cannot traverse the routing hop to the DHCP server on VLAN 10, which is configured for a 10.0.0.0/24 address space:
However, the DHCP Discover from the client can reach the DHCP server if the routing device is configured to act as a DHCP relay between VLAN 10 and VLAN 20 in the above example.
The Cisco Meraki MX Security Appliance supports the ability to configure DHCP relay on a per-subnet basis. For example, an MX in this example network should have the following configuration:
Note: The MX must have VLANs enabled in order to relay DHCP to another server.
Note: The DHCP server configured must be in a subnet configured on the MX, including directly-connected VLANs, static routes, and subnets participating in AutoVPN. DHCP servers sitting behind a 3rd-party VPN peer are not supported.
Note: If multiple relay servers are configured, the MX will forward DHCP requests to them all simultaneously.
To enable DHCP relay:
See Configuring DHCP services on the MX Security Appliance and Using packet capture to troubleshoot client-side DHCP issues for more information about DHCP.