<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
p.xmsonormal, li.xmsonormal, div.xmsonormal
{mso-style-name:x_msonormal;
margin:0in;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Question about the setup. On the network switches that the DHCP requests would hit first, do you have IP Helpers configured? In my experience that’s what I’ve had to do to ensure that the packets make it to
the DHCP server without a DHCP Relay. I’m in an environment where I cannot deploy a DHCP Relay service, so I am leveraging the IP Helpers on an L3 switch to forward those requests. This is passing through an Cisco firewall and all that. Hope that helps.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-top:2.0pt;background:white"><b><span style="font-size:11.0pt;color:black">Joseph Craig</span></b><span style="font-size:11.0pt;color:black"><br>
Systems Engineer<br>
</span><span style="color:black"><img width="192" height="51" style="width:2.0in;height:.5347in" id="Picture_x0020_2" src="cid:image001.png@01DAD695.415E2110"></span><span style="font-size:11.0pt;color:black"><br>
<br>
<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Kea-users <kea-users-bounces@lists.isc.org>
<b>On Behalf Of </b>DDFR | Ronald Blaas<br>
<b>Sent:</b> Monday, July 15, 2024 2:15 AM<br>
<b>To:</b> kea-users@lists.isc.org<br>
<b>Subject:</b> [EXTERNAL] Re: [Kea-users] Need to have DHCP Relay in order for Kea to work...?<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" align="left" width="100%" style="width:100.0%">
<tbody>
<tr>
<td style="background:#A6A6A6;padding:5.25pt 1.5pt 5.25pt 1.5pt"></td>
<td width="100%" style="width:100.0%;background:#EAEAEA;padding:5.25pt 3.75pt 5.25pt 11.25pt">
<div>
<p class="MsoNormal" style="mso-element:frame;mso-element-frame-hspace:2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;mso-element-anchor-horizontal:column;mso-height-rule:exactly">
<span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#212121">You don't often get email from
<a href="mailto:ronald.blaas@ddfr.nl">ronald.blaas@ddfr.nl</a>. <a href="https://aka.ms/LearnAboutSenderIdentification">
Learn why this is important</a><o:p></o:p></span></p>
</div>
</td>
<td width="75" style="width:56.25pt;background:#EAEAEA;padding:5.25pt 3.75pt 5.25pt 3.75pt;align:left">
</td>
</tr>
</tbody>
</table>
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">Not really sure how you have your network setup. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">But in my belief, if you want dhcp to work without RELAY you have to make sure your DHCP server is directly connected to all the LANs. So your DHCP server will need to have multiple Nics. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">Is there a particular reason you do not want to have a dhcp relay? <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">I have a kinda similar setup and am using DHCP relay. It is operating as expected and without problems.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">It is also wise to share the output of your log file with the error you are receiving. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">Tis helps in pinpointing the problem.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">Regards<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div id="Signature">
<p style="background:white"><span style="font-size:8.5pt;font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
<p style="background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">Ronald </span><span style="font-size:8.5pt;font-family:"Helvetica",sans-serif"><o:p></o:p></span></p>
<p style="min-height: 12px"><span style="font-size:8.5pt;font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:8.5pt;font-family:"Times New Roman",serif;color:black"><o:p> </o:p></span></p>
</div>
</div>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="2" width="98%" align="center">
</div>
<div id="divRplyFwdMsg">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"> Kea-users <<a href="mailto:kea-users-bounces@lists.isc.org">kea-users-bounces@lists.isc.org</a>>
on behalf of Ubence Quevedo <<a href="mailto:thatrat@gmail.com">thatrat@gmail.com</a>><br>
<b>Sent:</b> Monday, July 15, 2024 00:26<br>
<b>To:</b> <a href="mailto:kea-users@lists.isc.org">kea-users@lists.isc.org</a> <<a href="mailto:kea-users@lists.isc.org">kea-users@lists.isc.org</a>><br>
<b>Subject:</b> [Kea-users] Need to have DHCP Relay in order for Kea to work...?</span>
<o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" align="left" width="100%" style="width:100.0%;display:table;border-collapse:seperate;float:none">
<tbody>
<tr>
<td style="background:#A6A6A6;padding:5.25pt 1.5pt 5.25pt 1.5pt"></td>
<td width="100%" style="width:100.0%;background:#EAEAEA;padding:5.25pt 3.75pt 5.25pt 11.25pt">
<div>
<p class="MsoNormal" style="mso-element:frame;mso-element-frame-hspace:2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;mso-element-anchor-horizontal:column;mso-height-rule:exactly">
<span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#212121">U ontvangt niet vaak e-mail van
<a href="mailto:thatrat@gmail.com">thatrat@gmail.com</a>. <a href="https://aka.ms/LearnAboutSenderIdentification">
Meer informatie over waarom dit belangrijk is</a><o:p></o:p></span></p>
</div>
</td>
<td width="75" style="width:56.25pt;background:#EAEAEA;padding:5.25pt 3.75pt 5.25pt 3.75pt">
</td>
</tr>
</tbody>
</table>
<div>
<div>
<p class="xmsonormal">Hi Everyone,<o:p></o:p></p>
<p class="xmsonormal"> <o:p></o:p></p>
<p class="xmsonormal">I’ve been using Kea for just under a year for a home setup on a Linux Ubuntu server. I switched from isc dhcp since it was end of life. My setup has a lot of MAC address reservations with some general pools for systems that don’t have
IP reservations.<o:p></o:p></p>
<p class="xmsonormal"> <o:p></o:p></p>
<p class="xmsonormal">I also have a few vlans set up with the reservations for devices on each of the vlans. I’m using pfSense as my gateway with some Unifi equipment that is vlan aware.<o:p></o:p></p>
<p class="xmsonormal"> <o:p></o:p></p>
<p class="xmsonormal">I’m running into an issue and I’m not sure why and would love some advice on how to look into this.<o:p></o:p></p>
<p class="xmsonormal"> <o:p></o:p></p>
<p class="xmsonormal">I have the interfaces on the system setup that is running Kea, to advertise on the untagged network [mostly some servers], vlan 11 [user systems], and vlan12 [IoT devices].<o:p></o:p></p>
<p class="xmsonormal"> <o:p></o:p></p>
<p class="xmsonormal">I don’t have the firewall in pfSense to block traffic between these networks yet, so they can all freely talk to each other.<o:p></o:p></p>
<p class="xmsonormal"> <o:p></o:p></p>
<p class="xmsonormal">Even though I have my Kea configured to advertise on all of the interfaces [untagged, 11, 12], I can’t seem to get anything to work unless I have the DHCP Relay service setup on the pfSense device to redirect all DHCP traffic to the Kea
system’s untagged IP address [192.168.10.3].<o:p></o:p></p>
<p class="xmsonormal"> <o:p></o:p></p>
<p class="xmsonormal">I can verify through nmap that udp port 67 is running on all three interfaces.<o:p></o:p></p>
<p class="xmsonormal"> <o:p></o:p></p>
<p class="xmsonormal">If I turn off the DHCP Relay service, I was expecting the interfaces to pick up on the DHCP requests from devices on all of these networks.<o:p></o:p></p>
<p class="xmsonormal"> <o:p></o:p></p>
<p class="xmsonormal">This doesn’t happen and devices don’t get addresses. I’ve even watched the logs I’ve split out and nothing is written for the duration that the relay service is turned off. As soon as I turn it back on, I start seeing traffic again.<o:p></o:p></p>
<p class="xmsonormal"> <o:p></o:p></p>
<p class="xmsonormal">I’m running Kea 2.6.0.<o:p></o:p></p>
<p class="xmsonormal"> <o:p></o:p></p>
<p class="xmsonormal">I’d love to turn the DHCP Relay off to then try to troubleshoot another issue I’m having with bridging interfaces to VMs and then having the VM interface assigned to a vlan other than the bridged interface. It seems to work for something
else I’m doing, but just trying to rule some things out. Probably another post if I can figure out why the DHCP Relay seems to need to be on.<o:p></o:p></p>
<p class="xmsonormal"> <o:p></o:p></p>
<p class="xmsonormal">Any ideas why I need the DHCP Relay service on another device even though all of the interfaces on each respective vlan are configured to listen for dhcp requests?<o:p></o:p></p>
<p class="xmsonormal"><o:p> </o:p></p>
<p class="xmsonormal">-Ubence<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</body>
</html>