Adding relayed subnets in DHCP

archangel_617b · 10-28-2008, 01:52 PM

Hi,

I have been having some confusion in starting to use separate subnets and DHCP relay for client configuration.

Currently, the setup we have is basically all our hosts plugged in to a lot of daisy-chained switches in to one large LAN and the DHCP server happily spits out IPs for, well, basically one large subnet.

Now we are getting to the point where we need to start using separate subnets so I am now starting to connect systems to a separate interface on our router (happens to be SonicWall) so where before everything was on a single LAN interface (called "X0"), we will have several LAN interaces (called "X3" and "X4").

So I've got different subnets going on. The X0 is 10.1.128.0/17 and X3 is 10.1.5.0/24 (and lets ignore X4 for now). I've added the new subnet with a pool on the DHCP server and configured the router's IP Helper option to relay DHCP requests to the original DHCP server.

The problem is that existing systems when they request IP info over the new interface, they request their old IP address and the DHCP server happily send an ACK back even though they are now on the wrong subnet. The only way so far that I can get the DHCP server to not ACK the client on the old IP address / subnet is to disable the pool / range the client is in, kick dhcpd, release / renew on the client, then re-enable that range and kick dhcpd again.

This is the relevant section from my DHCP config with options like ntp servers etc omitted:

PHP Code:


			
        # Manufacturing LAN

        subnet 10.1.5.0 netmask 255.255.255.0 {

                option routers                  10.1.5.1;

                option subnet-mask              255.255.255.0;

                option broadcast-address        10.1.5.255;



                default-lease-time 7200;

                max-lease-time 7200;



                pool { 

                        range dynamic-bootp 10.1.5.100 10.1.5.200;

                }

        }



        # Workstation / General LAN

        subnet 10.1.128.0 netmask 255.255.128.0 {

                option routers                  10.1.128.1;

                option subnet-mask              255.255.128.0;

                option broadcast-address        10.1.255.255;



                default-lease-time 7200; # 2 Hours  ! STUB !

                max-lease-time 7200;     # 2 Hours  ! STUB !



                pool { # General Pool(s)

                        range dynamic-bootp 10.1.128.100 10.1.128.200;

                        range dynamic-bootp 10.1.129.100 10.1.129.200;

                }

        }

Is there some better way to make the DHCP server force clients comming in on the new interface on to a new IP address?

Thanks in advance,
- Dominic

plpl303 · 10-29-2008, 08:40 PM

Does your dhcpd.conf file contain the "authoritative" directive?

Also, the page

http://www.isc.org/index.pl?/sw/dhcp/authoritative.php

contains an example that might do what you want.

archangel_617b · 10-29-2008, 09:12 PM

Quote:

Originally Posted by plpl303

Does your dhcpd.conf file contain the "authoritative" directive?

Also, the page

http://www.isc.org/index.pl?/sw/dhcp/authoritative.php

contains an example that might do what you want.

I did have authoritative in my shared-network block (e.g. above the subnet declarations).

However, in reading the link you cited, what they say is that ISC dhcpd will still not DHCPNAK if the client requests an IP address from a configured subnet and the example they give is when you want to remove a pool, you have to do "deny all clients" in the pool.

In my case, I certainly don't want to deny all clients because some clients should get IP addresses from their original pool (e.g. the clients that are staying on X0 and not being moved to X3 or X4).

So does that mean I have to do some sort of class matching to sort all the clients and and push them in to their respective pools? How do I do that and is that going to be the best answer?

Thanks again
- Dominic

archangel_617b · 10-30-2008, 01:30 PM

Quote:

Originally Posted by archangel_617b

So does that mean I have to do some sort of class matching to sort all the clients and and push them in to their respective pools? How do I do that and is that going to be the best answer?

Hm, I'm still not having any luck getting matching working. I did a packet capture and looked at it in Wireshark and I don't see either option 82 (Relay Agent Info, which should include agent.circuit-id and agent.remote-id) or option 118 (Subnet selection). There is a line that just reads "Relay agent IP address: x.x.x.x". How do I build a match statement or some class based on this?

Thanks,
- Dominic

archangel_617b · 10-30-2008, 04:49 PM

Ah, I finally found the answer. The problem was I had all the subnets wrapped in a shared-network statement and as per a discussion here:

http://marc.info/?l=dhcp-server&m=105369973320636&w=2

The shared-network statement should be used to group networks that are physically attached and thus the DHCP may assign IP addresses out of any subnet.

It works, it works! I can unplug my laptop from one interface and plug it in to another interface and it comes up right away.

- Dominic