HPE Community
Switches, Hubs, and Modems
1752700 Members
6204 Online
108789 Solutions
New Discussion юеВ

Re: IP Helper address overrides firewall ?

 
SOLVED
Go to solution
Pieter 't Hart
Honored Contributor

тАО10-07-2009 06:18 AM

тАО10-07-2009 06:18 AM

Solution

Re: IP Helper address overrides firewall ?

Hi Stephan,
>>>
I don't understand what you mean with:
The switches don't have ip routing enabled
=> so an ip-helper adress configured here has no function!
An ip-helper must be configured at the router! <<<

- in your original post you mention having configured an ip-helper.
- >>> The switches doesn't have "ip routing" enabled. This should be the task of the firewall <<<
- In the diagram you supplied, the text "ip-helper" stands next to one of the switches.
So I assumed you configured this at the switch.
please report if this assumption is wrong.

If the IP-helper is configured at the switch and routing is not enabled, it will do nothing.
The ip-helper function will be performed by the firewall as this also does the routing.
Pieter 't Hart
Honored Contributor

тАО10-07-2009 06:23 AM

тАО10-07-2009 06:23 AM

Re: IP Helper address overrides firewall ?

>>> And i thought without "ip routing" on the switch enabled every packet will pass the firewall.<<<

This should work as you intended.
if the switches don't route then they should only forward packets on layer-2 within the vlan.
And the firewall is the only device that should connect the vlan's.
0 Kudos
Stephan G
Regular Advisor

тАО10-08-2009 01:30 AM

тАО10-08-2009 01:30 AM

Re: IP Helper address overrides firewall ?

Hello Pieter,

i configured it on the vlan because i thought that the dhcp packets need to know where the dhcp servers are.

But you are right. I just deleted the ip helper entry in the vlan. And i also get an ip address in the right subnet.

And now :) the the firewall kicks in and blocks the requests to my dhcp servers.

Thanks a lot for the solution. Although it's still a security issue. For someone who don't know to configure it right ;)

Greets
Stephan
0 Kudos
Stephan G
Regular Advisor

тАО10-08-2009 01:50 AM

тАО10-08-2009 01:50 AM

Re: IP Helper address overrides firewall ?

And another positive feature: I don't need an ip address for the vlan on each switch anymore.
0 Kudos
Tijl van der Steeg
Valued Contributor

тАО10-08-2009 01:58 AM

тАО10-08-2009 01:58 AM

Re: IP Helper address overrides firewall ?

OK I got it wrong, and did not ask the right questions. Sorry about that.
Good you got it sorted :D
0 Kudos
Stephan G
Regular Advisor

тАО10-08-2009 02:05 AM

тАО10-08-2009 02:05 AM

Re: IP Helper address overrides firewall ?

No problem :)

And another thing i discovered now. I need to setup at least one switch with an ip address and ip helper.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.