Hi all,

We have a strange DHCP problem - Im hoping someone may be able to offer some suggestions. We inherited this slightly unusual network topology, so stick with me as I try to explain it.

Core LAN - 10.1.0.0 (255.255.255.0)

Windows 2008 DHCP server with scope configured on 10.1.0.0 - This works perfectly in isolation.

The problem:

We have 2 or 3 LAN network segments configured for a VOIP phone system, on 10.1.1.0 (255.255.255.0) and 10.1.2.0 (255.255.255.0) etc.etc.. We use a Draytek Vigor 2820 to route between the two networks - 10.1.0.0 being the WAN side on the draytek, and 10.1.1.0 being the LAN side. We use '2nd IP for IP routing'.

Our Win 2008 DHCP server in 10.1.0.0 also has the 10.1.1.0 and 10.1.2.0 subnets setup as scopes. The Drayteks are configured to use 'DHCP relay agent' on the second subnet, pointing to our Win2008 DHCP.

This overall setup used to work perfectly, until we upgraded our DHCP server from 2003 server to 2008. Since then we see intermitted problems with workstations in the 10.1.0.0 LAN obtaining an IP address. Workstation is receiving multiple DHCPNAK messages from the DHCP server.

The interesting think is, if we turn off all of the Drayteks, the problem goes away and DHCP works 100% rock solid in 10.1.0.0.

We did some packet sniffing on 10.1.0.0 (the WAN side of the Vigors), and noticed that the drayteks seem to be duplicating/'helping' by sending out DHCPDISCOVER/DHCPREQUEST broadcasts mirroring that of the original DHCPDISCOVER/REQUEST of the workstation.

Our thoughts were that this would not be normal behaviour? We would not expect the DHCP relay agent on the vigor to 'help' with DHCPDISCOVER broadcasts on the WAN side of the vigor? but this seems to be the case... We only want DHCP Relay Agent to response to broadcasts on the LAN side of the vigor.

Are there some WAN/LAN firewall settings to consider to prevent DHCP broadcast coming from the WAN side and triggering the LAN2 DHCP helper?

Thanks in advance

Jon