dhcpd failover server gives misleading error
Daniel Grandjean
Daniel.Grandjean at epfl.ch
Tue Aug 12 14:44:44 UTC 2008
Hello,
This is not a taking place on a shared network.
This is a single VLAN. The servers are serving many VLAN and receiving
request by cisco helpers
# Subnet 135 pour test VOIP
subnet 128.178.135.0 netmask 255.255.255.0 {
authoritative;
option routers 128.178.135.1;
option broadcast-address 128.178.135.255;
option subnet-mask 255.255.255.0;
option time-servers 128.178.135.1;
pool {
failover peer "dhcp";
deny dynamic bootp clients;
deny members of "win2k-clients";
range 128.178.135.151 128.178.135.160;
default-lease-time 57600;
max-lease-time 61200;
min-lease-time 7200;
}
}
log:
Aug 12 08:17:12 dhcp3 dhcpd: DHCPDISCOVER from 00:14:22:c4:cb:b6 via
128.178.135.251: peer holds all free leases
Aug 12 08:30:54 dhcp3 dhcpd: DHCPDISCOVER from 00:11:43:47:6c:7a via
128.178.135.252: peer holds all free leases
Aug 12 11:36:41 dhcp3 dhcpd: DHCPDISCOVER from 00:21:70:0d:86:55 via
128.178.135.252: peer holds all free leases
Regards.
Daniel.
>> I'm running the latest 3.1.1 in failover mode.
>>
>> DHCPDISCOVER from 00:1c:23:15:2e:c7 via aaa.bbb.ccc.252: peer holds all
>> free leases
>>
>> After spending a lot of time watching the lease file content, the
>> failover protocol and so on, (and found no problems)
>>
>> I appear that the 00:1c:23:15:2e:c7 client belongs to the denied class
>> win2k-clients.
>>
>> So the logged message is misleading and scary for the admin and
>> monitoring scripts ;-)
>>
>> Is this a configuration issue?
>That's strange.
>
>The new iterative allocate_lease() function, which 3.1.1 definitely
>has, shouldn't have this issue. It first seeks across pools by ACL,
>and then digs into them for candidate leases.
>
>So a lease that isn't permitted by ACL shouldn't get deeper into the
>loop to have the "peer_has_leases" boolean set true.
>
>I'd suspect there is another pool in that shared network the client
>is allowed access to, and the server was unable to grant.
>
>--
>David W. Hankins "If you don't do it right the first time,
>Software Engineer you'll just have to do it again."
>Internet Systems Consortium, Inc. -- Jack T. Hankins
More information about the dhcp-users
mailing list