Using Multiple DHCP Servers Behind SonicWall Firewall (UTM) Appliances
Description
Resolution
p { margin:0in;margin-bottom:.0001pt;} You generally should not set up multiple DHCP servers on the same network segment. The danger is that the two servers will conflict. By carefully following the two rules below, it is possible to run two DHCP servers (one being the DHCP server built into the SonicWall) on the same LAN segment for redundancy:
- There should never be any overlapping scopes for the two DHCP servers for any dynamic IP pool. (This prevents a lease for the same IP from being given to multiple machines)
- Overlapping scopes are permitted for the two DHCP servers only for IP addresses that are statically mapped by MAC address. Even if a lease is handed out by both of the servers for the client at that MAC address, it's a no harm, no foul event because only one client, at that MAC address, gets the lease for the IP. Eventually, the extra lease will expire, and the client will then request, and get, a renewed lease from only one of the servers.
If your LAN is divided by a router into multiple IP subnets, then you can have multiple DHCP servers, one for each segment, without concern for the rules listed above. Each segment should, normally, have no more than a single DHCP server. In such a configuration it is important that the router does not pass DHCP broadcasts. If you are supporting multiple subnets, consider using a single Linux or Windows based external DHCP server for all of them. The SonicWall's DHCP server cannot support this configuration.