I have client machines on a protected subnet behind a firewall, and a DHCP server on a separate protected subnet. I need to relay the DHCP client requests from one subnet to the other, and for security reasons I don't want a DHCP relay application running on the firewall. What is the easiest way to build a DHCP relay that would allow a configuration like:
client on subnet A dhcp relay on subnet A firewall dhcp relay on subnet B dhcp server
What software supports that configuration?
In our application I need to use a Microsoft Active Driectory domain controller for the DHCP server because it is integrated to Microsoft DNS and reverse lookups are automatically maintained. Unless there are very strong reasons for it, a DHCP relay is preferred to a DHCP server. Some additional features that would be really nice to have:
- Ability to scan for any DHCP request from an unrecognized Mac address, which would then trigger alerts to either/both syslog and e-mail.
- Ability to scan all ARP requests on the network looking for unrecognized Mac addresses, the presence of which would trigger alerts.
I want to make it very difficult for a rogue device to get installed on our network without our having immediate visibility on the fact.
If anyone has other ideas on features we should be looking for in either a DHCP relay or Mac Address scanner, please feel free to add those.
If the above is available as a commercial device, I would appreciate references to the vendor's product page as well.