SebastianGrugel
Hot Shot
Hot Shot

VMC / DHCP server on segment not working with DFW. I need correct rule

Hello.

I know how enable DHCP (Local and Gateway DHCP) on segments. And everything is working if DFW is ALLOW for ALL traffic.

SebastianGrugel_0-1647354787834.png

Unfortunately communication between workload VMs and DHCP server (running on segment) stop working when we configure REJECT on default layer3 rule.

SebastianGrugel_1-1647354972785.png

How should looks like rule which will open traffic only for this DHCP server and where should i put this ? I tried many combination for now without success.

 

Sebastian

 

vExpert VSAN/NSX/CLOUD | VCAP5-DCA | VCP6-DCV/CMA/NV ==> akademiadatacenter.pl
0 Kudos
3 Replies
SebastianGrugel
Hot Shot
Hot Shot

If this somehow help me with this issue ?

vExpert VSAN/NSX/CLOUD | VCAP5-DCA | VCP6-DCV/CMA/NV ==> akademiadatacenter.pl
0 Kudos
ebernard
Enthusiast
Enthusiast

Hello Sebastian

 

Can you please explain what are you looking to achieve? 
You have an on-premises DHCP server that will be leveraged by many segments on VMC with Relay DHCP, right?

thank you
Emmanuel

Emmanuel BERNARD
Lead Solution Engineer | VMware Cloud | EMEA

Please mark "Helpful" or "Correct Answer" if applies. Appreciate it.
0 Kudos
SebastianGrugel
Hot Shot
Hot Shot

In my specific case i prepared training class for our internal purpose. We don't have onpremise datacenter.

Haw can we reconstruct this issue:

1. Created 1 segment with enabled Local DHCP enabled (or can be also Gatewal DHCP nevermind)

SebastianGrugel_0-1647965761396.png

 

2. Deployed 1 Windows Machine inside this segment.

VM (inside VMC) can receive IP from DHCP (enabled on segment)  if default rule in Distributed Firewall Rule is configured to ALLOW. If this rule is configured to REJECT then VMs can't connect to DHCP. 

I tried different types of FW rule without success. Maybe some suggestion how use this VMC DHCP in this scenario  ? 🙂

 

SebastianGrugel_1-1647965823160.png

Sebastian

 

vExpert VSAN/NSX/CLOUD | VCAP5-DCA | VCP6-DCV/CMA/NV ==> akademiadatacenter.pl
0 Kudos