[Kea-users] Advice for reconfigured reservations when implementing VLANs

Ubence Quevedo thatrat at gmail.com
Sun May 26 15:03:51 UTC 2024 

Hi Everyone,

I'm in the process of implementing VLANs on my home network to separate my
IoT devices onto their own VLAN to eventually segment those devices from my
main network.

I currently have Kea setup with reservations for all of these devices, IoT,
user systems, and other devices.

I've taken my existing reservation information and separated out the IoT
devices to their own network addresses for the VLAN they will reside on [
192.168.12.0/24], with all of the user systems and other devices with
another network [192.168.11.0/24], and all of the network and
administratives devices on the default VLAN [192.168.10.0/24].

I reconfigured my Kea system [a Rasberry Pi running Ubuntu 22.04 with Kea
2.0.2] with interfaces on all of these VLANs to listen for the DHCP
requests.  My network equipment is all Unifi and I reconfigured all of the
relevant ports on the switches with the appropriate VLAN the device should
be on.  I also put the two separate SSIDs configured on their respective
VLANs.  My gateway device is a pfSense box with the network interfaces
configured with the appropriate VLAN gateways.

I restarted the Kea service aftyer making all of these changes and thought
everything "would just work" and the devices would get the appropriate IP
address reservation.  I was wrong.  Even though I had interfaces on all of
the VLANs and set Kea to listen on those interfaces, I still needed to set
the DHCP Relay feature on the pfSense device to point to my server.

Things kind of started to work then, but I still wasn't getting addresses
assigned.

After some troubleshooting and frustration, I eventually reverted
everything back to the original configuration [everything on the Default
VLAN].

I'm not entirely sure why things didn't work out the way I expected, but I
have some hunches that I'd like to get some feedback on:

   - *Existing reservations haven't expired* - The time I had set for the
   lifetime of the reservation [7200 seconds] hadn't expired
   - *Reservation database [flat file]* - Still had entries for all of the
   devices
   - *Something else?* - Something else I'm not considering when making
   this change?

Ultimately it seems to me that I should have somehow "flushed" everything
before making my change so that everything would be new and not have any
type of existing reservation?

I know that the reservations on the new VLANs work because I created test
SSIDs, assigned them to the new VLANs, and connected wireless clients and
they get the appropriate address I'm expecting [no MAC address reservation
though].

If anyone has done something similar or has any other advice on what I
should be doing or looking at, it would be greatly appreciated!

-Ubence
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20240526/69b1017f/attachment.htm>

More information about the Kea-users mailing list