Frame Tagging
George S.
georges at mhsoftware.com
Mon Aug 12 15:53:27 UTC 2013
So, what I finally ended up doing was:
Disable the secondary VLAN virtual interface on the server's eth0 interface.
Enabled a 2nd physical interface on the DHCP server and configured it
for 172.22.0.0/16.
Configured a layer 3 switch to send VLAN tagged packets to the server's
2nd interface and NOT send vlan tagged packets to the eth0 primary
interface.
By adding a 2nd physical interface, and using the layer 3 switch to
filter packets, I was able to eliminate the internal crosstalk that was
happening in dhcpd.
I did try the suggestion of using the DHCP Helper address option on a
procurve switch, and it made no difference. Looking at the server log,
what I was seeing was that dhcp on eth0 was seeing the reponses on
eth0.2, and then sending out wrong network/ NACK packets about them.
Kind of crazy.
On 8/1/13 8:24 AM, George S. wrote:
> I'm using DHCP 4.2.5 on a linux machine running kernel version 3.7.10
>
> I've got the eth0 interface setup using Frame Tagging. I've got a
> secondary interface eth0.2 running the network 172.22.0.0. There is
> only one physical network. The frame tagging is getting done by a wifi
> access point. Anything coming over the open wifi network should be
> coming in with the frame tagged for id 2. The problem is that DHCP
> seems to be doing things wrong. It's looking to me like it's ignoring
> the frame tagging and it's processing the DHCP request on both
> interfaces. So, I'm getting people from the public wifi on the wrong
> network.
>
> I've searched and looked through old messages on this topic, but I've
> never found anything that looked like either a solution or a
> definitive pronouncement that it just can't work.
>
> I've looked through the docs and I saw the comment about frame tagging
> and vconfig. I implemented that but it makes no difference.
>
> Here are some messages in my log:
>
> 2013-07-22T13:17:29.121349-06:00 server dhcpd: DHCPOFFER on
> 172.22.13.223 to 84:29:99:7c:7e:fa (Karas-iPhone) via eth0.2
> 2013-07-22T13:17:29.121389-06:00 server dhcpd: DHCPOFFER on 10.1.10.95
> to 84:29:99:7c:7e:fa (Karas-iPhone) via eth0
> 2013-07-22T13:17:30.202147-06:00 server dhcpd: DHCPREQUEST for
> 172.22.13.223 (172.22.0.32) from 84:29:99:7c:7e:fa (Karas-iPhone) via
> eth0.2
> 2013-07-22T13:17:30.202381-06:00 server dhcpd: DHCPACK on
> 172.22.13.223 to 84:29:99:7c:7e:fa (Karas-iPhone) via eth0.2
> 2013-07-22T13:17:30.202594-06:00 server dhcpd: DHCPREQUEST for
> 172.22.13.223 (172.22.0.32) from 84:29:99:7c:7e:fa (Karas-iPhone) via
> eth0: wrong network.
> 2013-07-22T13:17:30.202753-06:00 server dhcpd: DHCPNAK on
> 172.22.13.223 to 84:29:99:7c:7e:fa via eth0
>
>
>
> Here's my dhcpd.conf
>
> authoritative;
> option domain-search "crossingchurch.org", "wcon.org",
> "private.wcon.org";
> ddns-update-style interim;
> deny client-updates;
>
> log-facility local7;
>
>
> key DHCP_UPDATER {
> algorithm hmac-md5;
> secret "1hamjDWV1PIwTdmwRfLjezhrxkTpm1RqRAXaecLJ548=";
> }
>
> zone private.wcon.org {
> primary 127.0.0.1;
> key DHCP_UPDATER;
> }
>
> zone 10.1.10.in-addr.arpa {
> primary 127.0.0.1;
> key DHCP_UPDATER;
> }
>
> host sign.private.wcon.org {
> hardware ethernet 00:20:4a:8e:e2:8c;
> fixed-address 10.1.10.40;
> }
>
> subnet 10.1.10.0 netmask 255.255.255.0 {
> option domain-name "private.wcon.org";
> ddns-updates on;
> option domain-name-servers 10.1.10.32;
> option routers 10.1.10.1;
> option ntp-servers 10.1.10.32;
> range 10.1.10.64 10.1.10.254 ;
> default-lease-time 252900;
> max-lease-time 252900;
> option netbios-name-servers 10.1.10.32;
> }
>
> subnet 172.22.0.0 netmask 255.255.0.0 {
> option domain-name "pubwifi.crossingchurch.org";
> ddns-updates off;
> option domain-name-servers 172.22.0.32;
> option routers 172.22.0.32;
> option ntp-servers 172.22.0.32;
> range 172.22.2.0 172.22.254.254 ;
> default-lease-time 43200;
> max-lease-time 43200;
> }
>
>
>
>
--
George Sexton
MH Software, Inc.
303 438-9585
http://www.mhsoftware.com/
More information about the dhcp-users
mailing list