dhcpd failover server gives misleading error

Daniel Grandjean Daniel.Grandjean at epfl.ch
Tue Aug 12 14:44:44 UTC 2008 

Hello,

This is not a taking place on a shared network.
This is a single VLAN. The servers are serving many VLAN and receiving
request by cisco helpers

# Subnet 135 pour test VOIP
subnet 128.178.135.0 netmask 255.255.255.0 {
         authoritative;

         option routers 128.178.135.1;
         option broadcast-address 128.178.135.255;
         option subnet-mask 255.255.255.0;
         option time-servers 128.178.135.1;
         pool {
           failover peer "dhcp";
           deny dynamic bootp clients;
           deny members of "win2k-clients";
           range 128.178.135.151 128.178.135.160;
           default-lease-time 57600;
           max-lease-time 61200;
           min-lease-time 7200;
         }
}

log:
Aug 12 08:17:12 dhcp3 dhcpd: DHCPDISCOVER from 00:14:22:c4:cb:b6 via 
128.178.135.251: peer holds all free leases
Aug 12 08:30:54 dhcp3 dhcpd: DHCPDISCOVER from 00:11:43:47:6c:7a via 
128.178.135.252: peer holds all free leases
Aug 12 11:36:41 dhcp3 dhcpd: DHCPDISCOVER from 00:21:70:0d:86:55 via 
128.178.135.252: peer holds all free leases


Regards.
Daniel.

 >> I'm running the latest 3.1.1 in failover mode.
 >>
 >> DHCPDISCOVER from 00:1c:23:15:2e:c7 via aaa.bbb.ccc.252: peer holds all
 >> free leases
 >>
 >> After spending a lot of time watching the lease file content, the
 >> failover protocol and so on, (and found no problems)
 >>
 >> I appear that the 00:1c:23:15:2e:c7 client belongs to the denied class
 >> win2k-clients.
 >>
 >> So the logged message is misleading and scary for the admin and
 >> monitoring scripts   ;-)
 >>
 >> Is this a configuration issue?


 >That's strange.
 >
 >The new iterative allocate_lease() function, which 3.1.1 definitely
 >has, shouldn't have this issue.  It first seeks across pools by ACL,
 >and then digs into them for candidate leases.
 >
 >So a lease that isn't permitted by ACL shouldn't get deeper into the
 >loop to have the "peer_has_leases" boolean set true.
 >
 >I'd suspect there is another pool in that shared network the client
 >is allowed access to, and the server was unable to grant.
 >
 >--
 >David W. Hankins        "If you don't do it right the first time,
 >Software Engineer               you'll just have to do it again."
 >Internet Systems Consortium, Inc.       -- Jack T. Hankins

More information about the dhcp-users mailing list