single dhcp server with multiple subnets

Senko, Mike Mike.Senko at seattle.gov
Wed Jul 30 19:55:34 UTC 2014 

Thank you Simon!

I will check into your comments and see where this leads. If I can obtain a cisco switch, I will. I think they do vlans very well...LOL

I also want to break the network down to simple elements to solve. The 10.1.6.2 address was on the router connected to the trunk
port. I want to remove the router and just use the switch and its Relay Agent Config. I'll post the log entries when that is done.

Thanks again for your critique and for constructive criticism regarding my bad formatting technique with dhcpd.conf file.

Mike

-----Original Message-----
From: dhcp-users-bounces at lists.isc.org [mailto:dhcp-users-bounces at lists.isc.org] On Behalf Of Simon Hobson
Sent: Wednesday, July 30, 2014 12:10 PM
To: Users of ISC DHCP
Subject: Re: single dhcp server with multiple subnets

"Senko, Mike" <Mike.Senko at seattle.gov> wrote:

> It suggests the dhcp relay agent is not passing on the vlan/subnet 
> information from the client. I don't know what else to think at the moment.

The network is not correctly segregated. If you look in the log you'll see :
Jul 29 10:36:01 TestLabPC dhcpd: DHCPDISCOVER from b4:b5:2f:29:d1:c9 (SCL2304L) via eth0 Jul 29 10:36:01 TestLabPC dhcpd: DHCPDISCOVER from b4:b5:2f:29:d1:c9 (SCL2304L) via 10.1.5.111 Jul 29 10:36:01 TestLabPC dhcpd: DHCPREQUEST for 192.168.1.201 (10.1.9.55) from b4:b5:2f:29:d1:c9 via eth0: wrong network.
Jul 29 10:36:01 TestLabPC dhcpd: DHCPNAK on 192.168.1.201 to b4:b5:2f:29:d1:c9 via eth0 Jul 29 10:36:01 TestLabPC dhcpd: DHCPREQUEST for 192.168.1.201 (10.1.9.55) from b4:b5:2f:29:d1:c9 via 10.1.6.2: wrong network.
Jul 29 10:36:01 TestLabPC dhcpd: DHCPNAK on 192.168.1.201 to b4:b5:2f:29:d1:c9 via 10.1.6.2 Jul 29 10:36:01 TestLabPC dhcpd: DHCPREQUEST for 192.168.1.201 (10.1.9.55) from b4:b5:2f:29:d1:c9 via 10.1.5.111: wrong network.
Jul 29 10:36:01 TestLabPC dhcpd: DHCPNAK on 192.168.1.201 to b4:b5:2f:29:d1:c9 via 10.1.5.111

So it looks like the same client is getting packets directly to the server (via eth0) as well as via two different relay agent ports (via 10.1.6.2 and via 10.1.5.111)

That suggest one of the following :
1) The switch is rubbish and doesn't do VLANs "well"
2) There's something, somewhere, on the network that's bridging the VLANs together.
3) Somehow you've screwed up and while you think the switch is setup for VLANs, it's not done properly. I've never heard of the switch you mention, but I have found some switches are "not very intuitive" to configure.

So every switch port must be explicitly either :
- A trunk, with all VLANs tagged except perhaps the management VLAN - which most people leave as VLAN 1 as that's the default on most devices.
- An access (device) port, permitting no tagged frames, and explicitly configured to be a member of only one VLAN.

And there must only be a level 3 router linking the VLANs together.

Until you fix this, the DHCP server (from any vendor) will never work right.

> This is my first time setting up a dhcp server, if anyone can critique 
> the dhcpd.conf configuration

Looks fine to me, the only thing I'd suggest is a bit better formatting. Without any indentation, it's hard to see the blocks - ie this is hard to read when there's a bunch of subnets :

subnet 10.1.6.0 netmask 255.255.255.0 {
option routers 10.1.6.2;
range 10.1.6.200 10.1.6.254;
option subnet-mask 255.255.255.0;
}

On the other hand, a little indentation makes the blocks easier to see - especially if you end up with further constructs :
subnet 10.1.6.0 netmask 255.255.255.0 {
  option routers 10.1.6.2;
  range 10.1.6.200 10.1.6.254;
  option subnet-mask 255.255.255.0;
}

Eg, You might at some point use pools etc, so it ends up like :
subnet 10.1.6.0 netmask 255.255.255.0 {
  option routers 10.1.6.2;
  option subnet-mask 255.255.255.0;
  pool {
    range 10.1.6.200 10.1.6.254;
    permit ...
  }
}

It makes no difference to the server, but it makes the config file easier to scan visually - especially when trying to spot if you have the right number of closing braces !

_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users

More information about the dhcp-users mailing list