VLANS and DHCP

Tim Peiffer peiffer at umn.edu
Fri Aug 18 11:40:29 UTC 2006 

Steve,
The layer3 approach that Joseph Huang describes with helper-addresses is
preferred (by me). The use of routers to segment the network into
manageable pieces has been a long time favored approach for containing
broadcast traffic. The use of built-in relay agents (ip helper-address)
extends that manageability so that you don't need to be on the LAN in
order to serve up addresses. I have approximately 1,500 VLAN segments
that I am running on our campus, and one device cannot touch all of
those LAN's. The layer3 approach is what I chose.

I have one application that requires that I am on LAN to control
wireless traffic on approx 30 802.1Q vlans for approximately 1300 access
points. I used to do this with one box until the load of holding back so
many virus laden and p2p configured wireless PC's became too much, so I
had to split the load.

What follows is off-topic because it is not a dhcpd issue. Use a search
engine (google) to find specifics for your platform on 'how to'
http://www.google.com/search?q=linux+802.1q+howto

Under FreeBSD, the magic is in ifconfig in rc.conf using vlan and
vlandev references. FreeBSD5 no longer requires you to tune your kernel
to accept more than 16 interfaces. Dhcpd used to require patching to get
more than ~16 interfaces, but I think that has gone away too. These
days, a Gigabit capable NIC is almost a must.
ifconfig_fxp0="up"
ifconfig_vlan2="inet 1.2.3.4 netmask 255.255.255.128 vlan 2 vlandev fxp0"

Under Linux, the magic is in vconfig. I believe that your startup
scripts (ifup/ifdown) need to be patched in order to make this work.
/etc/sysconfig/network_scripts/ifcfg_vlan2:
# normal interface config stuff here
/sbin/ifup:

>   vlan=`echo $i | egrep -v '(lo|:)' | \
>        egrep -v 'ippp[0-9]+$' | \
>        egrep '[a-z0-9]+\.[0-9][0-9][0-9][0-9]$' | \
>        sed "s/^[a-z0-9]*\.//g;s/^0*//g"`
>   ifvlan=`echo $i | egrep -v '(lo|:)' | \
>        egrep -v 'ippp[0-9]+$' | \
>           egrep '[a-z0-9]+\.[0-9][0-9][0-9][0-9]$' | \
>        sed "s/\.[a-z0-9]*$//g"`

>   if [ -n "${vlan}" ]; then
>    action "Enable ${vlan} on {$ifvlan}: " vconfig add ${ifvlan} ${vlan}
>   fi


Regards,
Tim Peiffer

More information about the dhcp-users mailing list