DHCP and 2 subnets

Simon Hobson dhcp1 at thehobsons.co.uk
Mon Apr 7 07:37:46 UTC 2008 

Chris Arnold wrote:

>  > That sounds pretty standard. What is logged when a 192.168.123.x
>>  client gets the wrong address ? Also, it may be worth using a sniffer
>>  (like wireshark) to see what packets are being passed on the networks
>>  concerned.
>
>This gets logged to the dhcp server:
>Apr  6 22:12:51 mail dhcpd: DHCPDISCOVER from 00:0b:db:c8:f1:71 (Izabella) via
>eth1
>Apr  6 22:12:51 mail dhcpd: DHCPDISCOVER from 00:0b:db:c8:f1:71 (Izabella) via
>192.168.123.2

Your networks are not separate - the above request from the same 
client was received twice, once via the relay agent, and again direct 
via the attached network. Go and check your setup because this 
shouldn't be the case - you don't have both subnets connected to one 
switch do you ?

>Apr  6 22:12:51 mail dhcpd: DHCPREQUEST for 192.168.124.144 (192.168.124.1)
>from 00:0b:db:c8:f1:71 (Izabella) via 192.168.123.2: ignored (not
>authoritative).

And this is your second problem, your server is not authoritative 
(add a simple "authoritative;" statement to the top of your config) - 
so it will not send a DHCP Nack message to a client that is asking 
for an address that isn't valid (such as when it moves from one 
subnet to another).

>Apr  6 22:12:51 mail dhcpd: ICMP Echo reply while lease 192.168.124.144 valid.
>Apr  6 22:12:51 mail dhcpd: Abandoning IP address 192.168.124.144: pinged
>before offer
>Apr  6 22:12:52 mail dhcpd: DHCPOFFER on 192.168.123.253 to 00:0b:db:c8:f1:71
>(Izabella) via 192.168.123.2

Right, and it DID make an offer for the right subnet.

>This seemed to me to "cached" somewhere so i restarted and this restart is the
>above log.

Leases are cached by the client, so provided it has persistent 
storage, it can continue using a lease even across restarts until it 
times out or a DHCP server says "Stop" (by sending a DHCP Nack in 
response to a request).



You need to fix your network, and make your server authoritative - 
making the server authoritative without fixing the network will 
simply result in a fight where the client is given an address in one 
subnet and immediately told to stop using it !

More information about the dhcp-users mailing list