Forward DHCP requests without relay between VLANs

[cwt]

Howdy!

Is there a possibility to forward DHCP requests from one VLAN to another without using the OPNsense DHCP relay?

I have 3 different VLANs in OPNsense (VLAN 100, 200, 300) and want to forward each DHCP request to one server in VLAN 200 (Windows DHCP with scopes for each VLAN) which has only one NIC (tagged to VLAN 200).

How can I achieve that?

Thx in advance 

[Patrick M. Hausen]

That's precisely what the relay is for. Why don't you want to use it?

[cwt]

Because I want to use OPNsense' DHCP on other interfaces. Using both is not possible.

[Patrick M. Hausen]

A relay agent is necessary, you cannot achieve the same with e.g. firewall rules. This is due to the broadcast nature of the DHCP requests which are not forwarded by a firewall/router.

Why the DHCP server and relay agent cannot run at the same time as long as they serve different interfaces, I don't know. I'm a bit surprised, honestly.

[cwt]

Yep, I also don't understand why it's not possible to use both services on different interfaces.

What works is DHCP relaying on the switches or a simple ruleset on the VLAN interface:

(Note: virtual AD DHCP and DNS servers are in VLAN100, virtual Windows 11 in VLAN200)

- Protocol: IPv4 TCP/UDP | Source: VLAN200 | Port: * | Destination: <Alias_For_Virtual_AD_Servers> | Port: 53 (DNS)

- Protocol: IPv4 UDP | Source: VLAN200 | Port: * | Destination: <Alias_For_Virtual_AD_Servers> | Port: 67-68

Didn't test it with Windows 10 but I guess it will work also.