Hi,
I run a firewall cluster with several vlans configured on one physical
interface. On this vlans I have a carp interface. Same on a second
firewall node, so failover is fine.
To be able to install or boot servers from the network I set up an PXE
boot server. But it's a little bit annoying to configure the switch
port's vlan each time I want to use PXE boot. That's why I like to use
dhcrelay on the firewall.
But, there is a problem: dhcrelay can only be started on a numbered
interface - as expected. Here this is the carp-interface. But the dhcp/
bootp requests are send via the vlan interface, as I can see with
tcpdump. So dhcrelay won't forward any of these requests.
Actualy I can have failover between the firewalls with carp, or
dhcrelay without carp and only with vlans, but no redundandcy. What a
pity.
Is there a way to have both, failover and dhcrelay capabilities?
Regards,
Falk
