single dhcp server with multiple subnets

Simon Hobson dhcp1 at thehobsons.co.uk
Wed Jul 30 19:09:57 UTC 2014 

"Senko, Mike" <Mike.Senko at seattle.gov> wrote:

> It suggests the dhcp relay agent is not passing on the vlan/subnet information from the client. I don't know what else to think
> at the moment.

The network is not correctly segregated. If you look in the log you'll see :
Jul 29 10:36:01 TestLabPC dhcpd: DHCPDISCOVER from b4:b5:2f:29:d1:c9 (SCL2304L) via eth0
Jul 29 10:36:01 TestLabPC dhcpd: DHCPDISCOVER from b4:b5:2f:29:d1:c9 (SCL2304L) via 10.1.5.111
Jul 29 10:36:01 TestLabPC dhcpd: DHCPREQUEST for 192.168.1.201 (10.1.9.55) from b4:b5:2f:29:d1:c9 via eth0: wrong network.
Jul 29 10:36:01 TestLabPC dhcpd: DHCPNAK on 192.168.1.201 to b4:b5:2f:29:d1:c9 via eth0
Jul 29 10:36:01 TestLabPC dhcpd: DHCPREQUEST for 192.168.1.201 (10.1.9.55) from b4:b5:2f:29:d1:c9 via 10.1.6.2: wrong network.
Jul 29 10:36:01 TestLabPC dhcpd: DHCPNAK on 192.168.1.201 to b4:b5:2f:29:d1:c9 via 10.1.6.2
Jul 29 10:36:01 TestLabPC dhcpd: DHCPREQUEST for 192.168.1.201 (10.1.9.55) from b4:b5:2f:29:d1:c9 via 10.1.5.111: wrong network.
Jul 29 10:36:01 TestLabPC dhcpd: DHCPNAK on 192.168.1.201 to b4:b5:2f:29:d1:c9 via 10.1.5.111

So it looks like the same client is getting packets directly to the server (via eth0) as well as via two different relay agent ports (via 10.1.6.2 and via 10.1.5.111)

That suggest one of the following :
1) The switch is rubbish and doesn't do VLANs "well"
2) There's something, somewhere, on the network that's bridging the VLANs together.
3) Somehow you've screwed up and while you think the switch is setup for VLANs, it's not done properly. I've never heard of the switch you mention, but I have found some switches are "not very intuitive" to configure.

So every switch port must be explicitly either :
- A trunk, with all VLANs tagged except perhaps the management VLAN - which most people leave as VLAN 1 as that's the default on most devices.
- An access (device) port, permitting no tagged frames, and explicitly configured to be a member of only one VLAN.

And there must only be a level 3 router linking the VLANs together.

Until you fix this, the DHCP server (from any vendor) will never work right.

> This is my first time setting up a dhcp server, if anyone can critique the dhcpd.conf configuration

Looks fine to me, the only thing I'd suggest is a bit better formatting. Without any indentation, it's hard to see the blocks - ie this is hard to read when there's a bunch of subnets :

subnet 10.1.6.0 netmask 255.255.255.0 {
option routers 10.1.6.2;
range 10.1.6.200 10.1.6.254;
option subnet-mask 255.255.255.0;
}

On the other hand, a little indentation makes the blocks easier to see - especially if you end up with further constructs :
subnet 10.1.6.0 netmask 255.255.255.0 {
  option routers 10.1.6.2;
  range 10.1.6.200 10.1.6.254;
  option subnet-mask 255.255.255.0;
}

Eg, You might at some point use pools etc, so it ends up like :
subnet 10.1.6.0 netmask 255.255.255.0 {
  option routers 10.1.6.2;
  option subnet-mask 255.255.255.0;
  pool {
    range 10.1.6.200 10.1.6.254;
    permit ...
  }
}

It makes no difference to the server, but it makes the config file easier to scan visually - especially when trying to spot if you have the right number of closing braces !

More information about the dhcp-users mailing list