DHCP and 2 subnets

Simon Hobson dhcp1 at thehobsons.co.uk
Sun Apr 6 22:42:51 UTC 2008 

Chris Arnold wrote:

>OK , so does my below config look right:
>option domain-name "domain-here";
>option domain-name-servers 192.168.123.x;
>option ntp-servers 192.168.123.x;
>ddns-update-style none;
>subnet 192.168.124.0 netmask 255.255.255.0 {
>range 192.168.124.10 192.168.124.253;
>option routers 192.168.124.x;
>default-lease-time 14400;
>max-lease-time 172800;
>}
>subnet 192.168.123.0 netmask 255.255.255.0 {
>range 192.168.123.20 192.168.123.253;
>option routers 192.168.123.x;
>default-lease-time 14400;
>max-lease-time 172800;
>}

Yes, that looks OK, but you can make life easier for yourself with 
some formatting ;-) Also, you can move common options (like the lease 
times) to the global scope. So you could end up with :

option domain-name "domain-here";
option domain-name-servers 192.168.123.x;
option ntp-servers 192.168.123.x;
ddns-update-style none;
default-lease-time 14400;
max-lease-time 172800;

subnet 192.168.124.0 netmask 255.255.255.0 {
   range 192.168.124.10 192.168.124.253;
   option routers 192.168.124.x;
}

subnet 192.168.123.0 netmask 255.255.255.0 {
   range 192.168.123.20 192.168.123.253;
   option routers 192.168.123.x;
}


>  > The trick is that you need to configure your router (or actually ANY
>>  device on the 'remote' network (192.168.123.x)) as a DHCP Relay (or
>>  BOOTP Relay). Note that this is NOT the same as forwarding broadcasts
>>  which will NOT work.
>
>I have configured our router for DHCP Relay Agent but a 192.168.123.x client
>still gets a 192.168.124.x address. I have the router config set to point to
>the gateway of the 192.168.123.x network. Here is the help on dhcp relay
>agent from the firewall:
>The NetScreen Device as a DHCP Relay Agent
>
>When acting as a Dynamic Host Configuration Protocol (DHCP) relay agent, the
>NetScreen device forwards DHCP requests and assignments between hosts in the
>Trust zone and a DHCP server in the Untrust zone (**all my action is between
>the trust zones**). The DHCP messages between the NetScreen device and the
>DHCP server can be transmitted in the open or through a VPN tunnel.
>
>You can configure up to three DHCP servers for the DHCP relay agent. The relay
>agent unicasts an address request from a DHCP client to all configured DHCP
>servers. The relay agent forwards to the client the first response from a
>server.
>
>You can configure the DHCP relay agent on any physical or VLAN interface.

That sounds pretty standard. What is logged when a 192.168.123.x 
client gets the wrong address ? Also, it may be worth using a sniffer 
(like wireshark) to see what packets are being passed on the networks 
concerned.

>  > Sounds like you have configured the router to forward broadcasts -
>>  this will NOT work as explained above.
>
>>From the reading of the router, it looks like it is forwarding 
>>broadcast which
>will not work?


I don't understand what you mean by : "I have the router config set 
to point to the gateway of the 192.168.123.x network"


But from the description, the Netscreen DHCP Relay agent sound normal.

More information about the dhcp-users mailing list