In reply to:<br><br>
Date: Tue, 11 Oct 2011 19:05:15 +0100<br>
From: Simon Hobson <<a href="mailto:dhcp1@thehobsons.co.uk">dhcp1@thehobsons.co.uk</a>><br>
Subject: Re: Diferent dhcp relay<br>
To: Users of ISC DHCP <<a href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a>><br>
<br><br>Hello,<br><br>I already had tryed making it all in one shared-network<br>but got the problem of a CPE from relay2 getting an IP<br> of the network in relay1.<br>To solve this issue I tryed using agent.circuit-id <br>
<br>class "c3" {<br>match if binary-to-ascii(10, 16, "", substring( option agent.circuit-id,2 ,2)) = "99";<br>spawn with hardware;<br>}<br><br>And in the pool of the subnets I specified before allow members of "online"; <br>
deny members of "c3";<br><br>But this didn't work I debuged and the circuit-id is 99 so that is correct.<br>only the network x.x.48.x has allow members of "c3";<br><br>I'm getting in the logs:<br>
dhcpd: DHCPDISCOVER from 00:1x:xa:xc:Xx:bc via <a href="http://10.2.0.1">10.2.0.1</a>: unknown client<br>agent.remote-id is also set in the dhcp request this agent.remote-id also belongs to "online" class<br><br>
Best regards,<br>FR<br><br><br>
Andr? wrote:<br>
<br>
> >> [ dhcpd ]--A.x.x.x/24---[ relay1 ]---B.x.x.x/24 --{ client }<br>
>>> |--A.x.x.x/24---[ relay 2]---C.x.x.x/24 --{ client }<br>
>>><br>
>>> does your setup look similar to this ^ ?<br>
>Yes, my setup is like that.<br>
><br>
>><br>
>> My relays are on the networks<br>
>> 10.1<br>
>> and 10.2<br>
>><br>
>> This is a cable network so cm's will be served from 10.1 and 10.2<br>
>> Due to equipment restrictions I require to use<br>
>>the dhcp giaddr of 10.1.x.1 and 10.2.x.2 for<br>
>>all the hosts<br>
>> requesting a IP address.<br>
><br>
><br>
>>> are these two subnets on the same physical<br>
>>>broadcast zone ? or are the on separate VLANS ?<br>
>Same physical broadcast zone no vlans.<br>
<br>
Hmm, these two answers are inconsistent !<br>
<br>
First answer says that the two networks (B.x.x.x<br>
and C.x.x.x above) are separate networks, then<br>
you say they are the same network. I'm guessing<br>
from your problem description that the latter is<br>
the truthful answer, and if that is the case then<br>
your config is wrong ...<br>
<br>
>shared-network share1<br>
>{<br>
> subnet x.x.35.0 netmask 255.255.255.0 {<br>
> }<br>
> }<br>
> subnet 10.1.0.0 netmask 255.255.0.0 {<br>
> }<br>
><br>
> subnet x.x.34.0 netmask 255.255.255.192 {<br>
> # CORE NETWORK DONT TOUCH<br>
> }<br>
><br>
> subnet 192.168.0.0 netmask 255.255.0.0 {<br>
> # CORE MANAGEMENT DONT TOUCH<br>
> }<br>
><br>
>}<br>
><br>
>shared-network share-c3<br>
>{<br>
> subnet x.x.48.0 netmask 255.255.255.0 {<br>
> }<br>
> subnet 10.2.0.0 netmask 255.255.0.0 {<br>
> }<br>
>}<br>
><br>
<br>
This will not and can not work because what you<br>
have told your DHCP server about your network<br>
topology is different to the actual topology.<br>
<br>
Remember that DHCP is a BROADCAST protocol - so<br>
BOTH relay agents will pick up ALL broadcasts<br>
from ALL clients because they are on the same<br>
network. Short of configuring each relay agent<br>
with a list of MAC addresses (or similar) that it<br>
will relay for, then you cannot have one set of<br>
clients using one relay and the other clients<br>
using a different relay. This is fundamental<br>
networking and it's disturbing that you didn't<br>
spot this yourself.<br>
<br>
Because the 10.1 and 10.2 networks share the same<br>
broadcast domain, they are themselves a shared<br>
network, and so the above should actually be :<br>
<br>
shared-network share1<br>
{<br>
subnet x.x.35.0 netmask 255.255.255.0 {<br>
}<br>
subnet 10.1.0.0 netmask 255.255.0.0 {<br>
}<br>
subnet x.x.34.0 netmask 255.255.255.192 {<br>
}<br>
subnet 192.168.0.0 netmask 255.255.0.0 {<br>
}<br>
subnet x.x.48.0 netmask 255.255.255.0 {<br>
}<br>
subnet 10.2.0.0 netmask 255.255.0.0 {<br>
}<br>
}<br>
<br>
Now you see that all these subnets are ONE shared<br>
network. If you require to split clients between<br>
the 10.1 and 10.2 networks in a specific way,<br>
then you will need to use classing to do so, eg :<br>
<br>
class "classdot1" {<br>
match on <something><br>
}<br>
class "classdot2" {<br>
match on <something else><br>
}<br>
subnet 10.1.0.0 netmask 255.255.0.0 {<br>
pool ....<br>
allow members of "classdot1" ;<br>
}<br>
subnet 10.2.0.0 netmask 255.255.0.0 {<br>
pool ....<br>
allow members of "classdot2" ;<br>
}<br>
<br>
--<br>
Simon Hobson<br>
<br><br><div class="gmail_quote">On Tue, Oct 11, 2011 at 5:50 PM, André <span dir="ltr"><<a href="mailto:netriver@gmail.com">netriver@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
In reply to<br>
<b>jeffrey j donovan</b>
<a href="mailto:dhcp-users%40lists.isc.org?Subject=Re%3A%20Diferent%20dhcp%20relay&In-Reply-To=%3C0383CF61-0699-42F5-A715-52DA844E9182%40beth.k12.pa.us%3E" title="Diferent dhcp relay" target="_blank">donovan at beth.k12.pa.us
</a><br>
<i>Tue Oct 11 15:12:20 UTC 2011<br><br></i><div class="im">><br>
> Hello,<br>
><br>
> I'm running a dhcp server and recently I needed to add a second relay that will connect to this server.<br></div>
>> When you talk about relays,.. are you talking about UDP helper relays ?<br>Yes<br>
<br>>> [ dhcpd ]--A.x.x.x/24---[ relay1 ]---B.x.x.x/24 --{ client }<br>>> |--A.x.x.x/24---[ relay 2]---C.x.x.x/24 --{ client }<br>>><br>>> does your setup look similar to this ^ ?<br>
Yes, my setup is like that.<div class="im"><br>
<br>
><br>
> My relays are on the networks<br>
> 10.1<br>
> and 10.2<br>
><br>
> This is a cable network so cm's will be served from 10.1 and 10.2<br>
> Due to equipment restrictions I require to use the dhcp giaddr of 10.1.x.1 and 10.2.x.2 for all the hosts<br>
> requesting a IP address.<br>
<br>
<br></div>>> are these two subnets on the same physical broadcast zone ? or are the on separate VLANS ?<br>Same physical broadcast zone no vlans.<div class="im"><br>
<br>
<br>
><br>
> To solve this I created to shared networks<br>
> The cpe hosts in share net 1 work well no issues the cm's get online ok<br>
><br>
> My problem is in the new equipment in share net 2 cm's get online well,<br>
> cpe's don't they allways get<br>
> DHCPDISCOVER from 00:14:2a:xc:xx:xc via x.x.x.x: unknown client<br>
><br>
> My only way to distinct the hosts at this moment is<br>
> CM's have docsis vendor class and have a host { } declaration<br>
><br>
> CPE's use de remote-id that's obtained from the relay<br>
><br>
> I'm missing something in the config for the second shared-network or something is wrong<br>
><br>
> Any sugestions ?<br>
><br>
> Best regards,<br>
> FR<br>
><br>
<br></div>
greetings<br>
post your dhcpd.conf file<br><br><Dhcpd.conf><br><br>ddns-update-style none;<br>default-lease-time 1800;<br>max-lease-time 7200;<br>authoritative;<br>log-facility local7;<br>allow leasequery;<br>ddns-updates off;<br>
deny duplicates;<br>deny declines;<br>deny client-updates;<br>one-lease-per-client off;<br>update-static-leases on;<br>stash-agent-options true;<br><br>class "online" {<br> match option agent.remote-id;<br>}<br>
<br>include "/etc/dhcp3/online.conf";<br>include "/etc/dhcp3/hostscm.conf";<br>include "/etc/dhcp3/static.conf";<br><br>class "CM" {<br> # only match if first 6 chars of option 61 are docsis<br>
match if (substring(option vendor-class-identifier,0,6) = "docsis");<br> spawn with hardware;<br>}<br><br>class "MTA" {<br>match if (substring(option vendor-class-identifier,0,4) = "pktc");<br>
spawn with hardware;<br>}<br><br>class "Client" {<br>match if ((substring(option vendor-class-identifier,0,6) != "docsis") and (substring(option vendor-class-identifier,0,4) != "pktc"));<br>
spawn with hardware;<br>
}<br><br>class "c3" {<br>match if binary-to-ascii(10, 16, "", substring( option agent.circuit-id,2 ,2)) = "99";<br>spawn with hardware;<br>}<br><br>if known {<br> log (info, concat ("HOSTNAME: ", host-decl-name, " on ",binary-to-ascii (10, 8, ".", leased-address)," at ", binary-to-ascii (16, 8, ":", substring (hardware, 1, 6))));<br>
}<br><br>on commit {<br> set ClientIP = binary-to-ascii(10, 8, ".", leased-address);<br> set ClientMac = binary-to-ascii(16, 8, ":", substring(hardware, 1, 6));<br> #set ClientRemoteId = binary-to-ascii(16, 8, ":", substring( option agent.remote-id, 2, 12));<br>
set ClientRemoteId = binary-to-ascii(16, 8, ":", option agent.remote-id);<br> set Via = binary-to-ascii(10, 16, "", substring( option agent.circuit-id,2 ,2));<br> log(concat("Commit: IP: ", ClientIP, " Mac: ", ClientMac," RemoteID: ",<br>
ClientRemoteId, " Via:", Via<br> ));<br> execute("/etc/dhcp3/<a href="http://record.pl" target="_blank">record.pl</a>", "commit", ClientIP, ClientMac, ClientRemoteId);<br>
}<br><br>shared-network share1 <br>
{<br> option domain-name "cpe.domain";<br> option ntp-servers x.x.34.20, x.x.34.10;<br> option domain-name-servers x.x.34.10;<br> option time-servers x.x.34.20;<br> default-lease-time 1800;<br>
max-lease-time 1800;<br> option time-offset 0;<br><br> subnet x.x.35.0 netmask 255.255.255.0 {<br> allow unknown-clients;<br> option routers x.x.35.1;<br> pool {<br>
<br> allow members of "online";<br> deny members of "CM";<br><br> range x.x.35.2 x.x.35.26;<br> range x.x.35.28 x.x.35.254;<br> <br>
}<br> } <br><br> subnet 10.1.0.0 netmask 255.255.0.0 {<br> allow bootp;<br> deny unknown-clients;<br> default-lease-time 14400;<br> max-lease-time 14400;<br>
option domain-name-servers x.x.34.20;<br> option ntp-servers x.x.34.20;<br> option time-servers x.x.34.20;<br> option domain-name "cuda.cm.domain";<br>
option time-offset 0;<br><br> option subnet-mask 255.255.0.0;<br> option broadcast-address 10.1.255.255;<br> option routers 10.1.0.1;<br> option log-servers x.x.34.20;<br>
option tftp-server-name "x.x.34.20";<br> next-server x.x.34.20;<br> }<br><br> subnet x.x.34.0 netmask 255.255.255.192 {<br> # CORE NETWORK DONT TOUCH <br>
}<br> <br> subnet 192.168.0.0 netmask 255.255.0.0 {<br> # CORE MANAGEMENT DONT TOUCH<br> }<br><br>}<br><br>shared-network share-c3<br>{<br> option domain-name "c3.cpe.domain";<br>
option ntp-servers x.x.34.20, x.x.34.10;<br> option domain-name-servers x.x.34.20, x.x.34.10;<br> option time-servers x.x.34.20;<br> default-lease-time 800;<br> max-lease-time 800;<br> option time-offset 0;<br>
<br> subnet x.x.48.0 netmask 255.255.255.0 {<br> default-lease-time 800;<br> max-lease-time 800;<br> allow unknown-clients;<br> option routers x.x.48.1;<br> pool {<br> allow members of "online";<br>
range x.x.48.2 x.x.48.200;<br> range x.x.48.201 x.x.48.254;<br> }<br> }<br><br> subnet 10.2.0.0 netmask 255.255.0.0 {<br> deny unknown-clients;<br> allow bootp;<br> default-lease-time 14400;<br>
max-lease-time 14400;<br> option domain-name-servers 192.168.0.30;<br> option domain-name "c3.cm.domain";<br> option time-offset 0;<br> option ntp-servers 192.168.0.30;<br> option time-servers 192.168.0.30;<br>
option subnet-mask 255.255.0.0;<br> option broadcast-address 10.2.255.255;<br> option routers 10.2.0.1;<br> option log-servers 192.168.0.30;<br> option tftp-server-name "192.168.0.30";<br>
next-server 192.168.0.30;<br><br> pool {<br> allow members of "online";<br> range 10.2.0.2 10.2.254.253;<br> }<br> }<br>}<br><br><br>I removed comments for better readability.<br>
Also If I place the network x.x.48.x inside share1 I get ip's delivered to it from network for example x.x.35.x<br>regardless of setting the <br>dhcp-giaddr to policy ; # making the relay agent use the gateway of x.x.48.1 instead of 10.2.0.1 <br>
in the first equipment it looks like I can't specify the use of the normal network IP<br><br>I tryed using circuit-id of the equipments to try to deny them from being delivered from some subnets of share1.<br><br>Thank you for any help.<br>
<br>Best regards,<br>FR<div><div></div><div class="h5"><br><br><div class="gmail_quote">On Tue, Oct 11, 2011 at 3:54 PM, André <span dir="ltr"><<a href="mailto:netriver@gmail.com" target="_blank">netriver@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div></div><div><br><div class="gmail_quote">Hello,<br><br>I'm running a dhcp server and recently I needed to add a second relay that will connect to this server.<br><br>My relays are on the networks <br>
10.1<br>and 10.2<br><br>This is a cable network so cm's will be served from 10.1 and 10.2 <br>
Due to equipment restrictions I require to use the dhcp giaddr of 10.1.x.1 and 10.2.x.2 for all the hosts <br>requesting a IP address.<br><br>To solve this I created to shared networks<br>The cpe hosts in share net 1 work well no issues the cm's get online ok<br>
<br>My problem is in the new equipment in share net 2 cm's get online well,<br>cpe's don't they allways get <br>DHCPDISCOVER from 00:14:2a:xc:xx:xc via x.x.x.x: unknown client<br><br>My only way to distinct the hosts at this moment is <br>
CM's have docsis vendor class and have a host { } declaration <br><br>CPE's use de remote-id that's obtained from the relay<br><br>I'm missing something in the config for the second shared-network or something is wrong<br>
<br>Any sugestions ?<br><br>Best regards,<br>FR<br><br>
</div><br>
</div></div></blockquote></div><br>
</div></div></blockquote></div><br>