DHCP Relay is broken in ER8411(UN)_V1_1.2.2 Build 20240809 firmware
The DHCP Relay functionality is broken in the ER8411(UN)_V1_1.2.2 Build 20240809 firmware. The router forwards DHCP datagrams from configured VLANS to the DHCP server, but it does not forward DHCP replies to the client(s).
The only solution is to downgrade firmware to the ER8411(UN)_V1_1.2.1 Build 20240308.
P.S.
The router managed in the standalone mode.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @.AT
Thanks for posting in our business forum.
.AT wrote
Thank you @Clive_A.
Here are couple notes which may help you to reproduce the issue:
- All VLANs on the diagram are /23 subnets
- Gateway IP on each subnet is the highest unicast IP address
- DHCP Pools use lower part of subnet
For example:
- VLAN-server: network: 192.168.0.0/23; GW: 192,168.1.254; DHCP Server IP: 192.168.0.3
- VLAN-guest: network: 192.168.8.0/23; GW: 192.168.9.254; DHCP Pool: 192.168.8.1 - 192.168.8.253
- VLAN-client: network: 192.168.4.0/23; GW: 192.168.5.254; DHCP Pool: 192.168.4.32 - 192.168.4.253
We have located this issue and expect to fix this in the 1.2.3 firmware in the near future.
If you need a beta that addresses this, please let me know.
- Copy Link
- Report Inappropriate Content
Hi @.AT
Thanks for posting in our business forum.
Please provide the diagram of your network with IP marked and detailed settings for the DHCP relay.
- Copy Link
- Report Inappropriate Content
This is simplified network diagram:
Diagram description:
There are several 802.1Q VLANs configured on the router and switches including presented on the diagram above.
- DHCP Relay configured for the VLAN-guest and VLAN-client VLANs at the Router only (DHCP Mode: "DHCP Relay"; Enabled: "On"; Server: "IPv4 address of DHCP Server in the VLAN-server subnet"
- VLAN-quests handles only WiFi clients connected though EAP-670 where SSID configured as "Guest Network" for this VLAN.
- VLAN-client handles wired and wireless client.Wireless clients connected via EAP-670 with seoarate SSID attached to this VLAN.
- DHCP Server located in the VLAN-server VLAN.
- All servers on the diagram above are LXD containers run on top of the hosts directly connected to the Router's ports. DHCP Servers are the cluster of ISC DHCP.
This network topology worked well starting from original firmware and up to 1.2.1. Clients stopped receiving DHCP responses after upgrading router firmware to 1.2.2.
Capturing traffic at the host hosting DHCP server and Clients located in the VLAN-client and VLAN-guest segments displayed next picture:
- Router forwards DHCPREQUEST packet from the client to the DHCP server
- DHCP Server sends DHCPACK packet to the router with request to forward it to the client
- Router drops the packed (clients never receive DHCPACK packets)
Reverting router firmware to 1.2.1 resolved the issue.
- Copy Link
- Report Inappropriate Content
Hi @.AT
Thanks for posting in our business forum.
.AT wrote
This is simplified network diagram:
Diagram description:
There are several 802.1Q VLANs configured on the router and switches including presented on the diagram above.
- DHCP Relay configured for the VLAN-guest and VLAN-client VLANs at the Router only (DHCP Mode: "DHCP Relay"; Enabled: "On"; Server: "IPv4 address of DHCP Server in the VLAN-server subnet"
- VLAN-quests handles only WiFi clients connected though EAP-670 where SSID configured as "Guest Network" for this VLAN.
- VLAN-client handles wired and wireless client.Wireless clients connected via EAP-670 with seoarate SSID attached to this VLAN.
- DHCP Server located in the VLAN-server VLAN.
- All servers on the diagram above are LXD containers run on top of the hosts directly connected to the Router's ports. DHCP Servers are the cluster of ISC DHCP.
This network topology worked well starting from original firmware and up to 1.2.1. Clients stopped receiving DHCP responses after upgrading router firmware to 1.2.2.
Capturing traffic at the host hosting DHCP server and Clients located in the VLAN-client and VLAN-guest segments displayed next picture:
- Router forwards DHCPREQUEST packet from the client to the DHCP server
- DHCP Server sends DHCPACK packet to the router with request to forward it to the client
- Router drops the packed (clients never receive DHCPACK packets)
Reverting router firmware to 1.2.1 resolved the issue.
Will review this with the test team.
- Copy Link
- Report Inappropriate Content
Thank you @Clive_A.
Here are couple notes which may help you to reproduce the issue:
- All VLANs on the diagram are /23 subnets
- Gateway IP on each subnet is the highest unicast IP address
- DHCP Pools use lower part of subnet
For example:
- VLAN-server: network: 192.168.0.0/23; GW: 192,168.1.254; DHCP Server IP: 192.168.0.3
- VLAN-guest: network: 192.168.8.0/23; GW: 192.168.9.254; DHCP Pool: 192.168.8.1 - 192.168.8.253
- VLAN-client: network: 192.168.4.0/23; GW: 192.168.5.254; DHCP Pool: 192.168.4.32 - 192.168.4.253
- Copy Link
- Report Inappropriate Content
Hi @.AT
Thanks for posting in our business forum.
.AT wrote
Thank you @Clive_A.
Here are couple notes which may help you to reproduce the issue:
- All VLANs on the diagram are /23 subnets
- Gateway IP on each subnet is the highest unicast IP address
- DHCP Pools use lower part of subnet
For example:
- VLAN-server: network: 192.168.0.0/23; GW: 192,168.1.254; DHCP Server IP: 192.168.0.3
- VLAN-guest: network: 192.168.8.0/23; GW: 192.168.9.254; DHCP Pool: 192.168.8.1 - 192.168.8.253
- VLAN-client: network: 192.168.4.0/23; GW: 192.168.5.254; DHCP Pool: 192.168.4.32 - 192.168.4.253
We have located this issue and expect to fix this in the 1.2.3 firmware in the near future.
If you need a beta that addresses this, please let me know.
- Copy Link
- Report Inappropriate Content
Could you post that beta please with its changelog, i have a second site that is facing this issue with the ER8411 and also had to roll it back to 1.2.1
- Copy Link
- Report Inappropriate Content
Thank you @Clive_A
Please don't forget to request test team to update the test-plan and pipeline(s) .
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 219
Replies: 8
Voters 0
No one has voted for it yet.