<div dir="ltr">Hi Ubence,<div><br></div><div>I would recommend taking tcpdump traffic captures on the three interfaces and see if traffic is arriving properly at the interfaces. I also recommend turning on debug logging to see if Kea is receiving those requests and how it is processing them. </div><div><br></div><div>In terms of design it doesn't sound like good form having Kea listen on 3 interfaces and process broadcast traffic on 3 interfaces on a raspberry pi. I'd recommend using separate statically addressed VLAN having Kea listen on one interface using unicast ("dhcp-socket-type": "udp") Use relays from the rest of the 3 VLANs.</div><div><br></div><div>Best Regards,</div><div>David</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, May 26, 2024 at 11:04 AM Ubence Quevedo <<a href="mailto:thatrat@gmail.com" target="_blank">thatrat@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi Everyone,<div><br></div><div>I'm in the process of implementing VLANs on my home network to separate my IoT devices onto their own VLAN to eventually segment those devices from my main network.</div><div><br></div><div>I currently have Kea setup with reservations for all of these devices, IoT, user systems, and other devices.</div><div><br></div><div>I've taken my existing reservation information and separated out the IoT devices to their own network addresses for the VLAN they will reside on [<a href="http://192.168.12.0/24" target="_blank">192.168.12.0/24</a>], with all of the user systems and other devices with another network [<a href="http://192.168.11.0/24" target="_blank">192.168.11.0/24</a>], and all of the network and administratives devices on the default VLAN [<a href="http://192.168.10.0/24" target="_blank">192.168.10.0/24</a>].</div><div><br></div><div>I reconfigured my Kea system [a Rasberry Pi running Ubuntu 22.04 with Kea 2.0.2] with interfaces on all of these VLANs to listen for the DHCP requests. My network equipment is all Unifi and I reconfigured all of the relevant ports on the switches with the appropriate VLAN the device should be on. I also put the two separate SSIDs configured on their respective VLANs. My gateway device is a pfSense box with the network interfaces configured with the appropriate VLAN gateways.</div><div><br></div><div>I restarted the Kea service aftyer making all of these changes and thought everything "would just work" and the devices would get the appropriate IP address reservation. I was wrong. Even though I had interfaces on all of the VLANs and set Kea to listen on those interfaces, I still needed to set the DHCP Relay feature on the pfSense device to point to my server.</div><div><br></div><div>Things kind of started to work then, but I still wasn't getting addresses assigned.</div><div><br></div><div>After some troubleshooting and frustration, I eventually reverted everything back to the original configuration [everything on the Default VLAN].</div><div><br></div><div>I'm not entirely sure why things didn't work out the way I expected, but I have some hunches that I'd like to get some feedback on:</div><div><ul><li><b>Existing reservations haven't expired</b> - The time I had set for the lifetime of the reservation [7200 seconds] hadn't expired</li><li><b>Reservation database [flat file]</b> - Still had entries for all of the devices</li><li><b>Something else?</b> - Something else I'm not considering when making this change?</li></ul><div>Ultimately it seems to me that I should have somehow "flushed" everything before making my change so that everything would be new and not have any type of existing reservation?</div></div><div><br></div><div>I know that the reservations on the new VLANs work because I created test SSIDs, assigned them to the new VLANs, and connected wireless clients and they get the appropriate address I'm expecting [no MAC address reservation though].</div><div><br></div><div>If anyone has done something similar or has any other advice on what I should be doing or looking at, it would be greatly appreciated!</div><div><br></div><div>-Ubence</div></div>
-- <br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
To unsubscribe visit <a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a>.<br>
<br>
Kea-users mailing list<br>
<a href="mailto:Kea-users@lists.isc.org" target="_blank">Kea-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a><br>
</blockquote></div>