We are trying to organize a VLAN (say VLAN 1) for guests who must be assigned IP addresses from a DHCP server in a different VLAN (VLAN 2). This DHCP server is configured with two scopes - 172.16.0.0/24 (for VLAN 2) and 172.16.4.0/24 (for the Guests VLAN 1). The DHCP server successfully distributes addresses to clients in its VLAN (it has the IP address 172.16.0.2). For the clients in the other VLAN a DHCP Relay Agent has been setup on the router. It is DHCRELAY running on Linux (CentOS) which has been configured to accept the DHCPDISCOVER broadcasts coming on the VLAN1 interface of the router and forward these to the DHCP server. The IP address of the VLAN1 interface of the router is 172.16.4.254 and on the VLAN2 interface - 172.16.0.254
The problem is that the DHCP server won't respond with a DHCPOFFER message to the relay agent. I have traced the frames on the router and on the DHCP server. They arrive on the DHCP server with the correct GIADDR of the relay agent. According to all documentation,
if a scope has been configured on the DHCP server and it receives a unicast message with the GIADDR set by a relay agent that matches one of the configured scopes, the DHCP server must send a unicast DHCPOFFER to the relay agent. But it doesn't.
Here is what Wireshark reports (ignore the Destination port unreachable messages, the DHCP service was stopped at the time Wireshark was running)
When the service is running, there are just DHCPDISCOVERs - no OFFER. You can see that the server has the two scopes configured:
The relay agent seems to work normally - it forwards the DHCPDISCOVERs to the server continuously (tried many times with ipconfig /renew on the client).
I read many posts about this problem. Some users had other services running on the DHCP server that used the DHCP port, but I don't have such an issue (you see that when the service is stopped, an ICMP port unreachable is sent which is correct). Others however did not find a solution. Am I missing something? Is there something specific when using the DHCRELAY agent from DHCPD? Can I turn on some verbose logging to track this down? Thanks in advance.