We are set up with a two-branch MPLS with a DCHP Helper on the Remote subnet. The DHCP service is running on a CentOS box.
So I have two subnets:
- HostRange: 192.168.0.1 – 192.168.1.254
- RemoteRange: 192.168.2.1 – 192.168.3.254
There are two problems:
- When I tested this configuration at the host location, the computer I tested with pulled from a guest pool instead of receiving its assigned ip address.
- The DHCP server doesn't like to see the same device in both subnets and throws an error saying it is listed twice.
Now, how do I specify the two networks in my config file? This is what I have come up with, which doesn't work:
shared-network CompleteNetwork {
subnet 192.168.2.0 netmask 255.255.254.0 {
option subnet-mask 255.255.254.0;
option broadcast-address 192.168.3.255;
option routers 192.168.2.1;
#reserved pool for Guests (freely distributed)
pool {
range 192.168.3.101 192.168.3.150;
}
# ----A Laptop Computer for testing sake
host TestSubject {
hardware ethernet AA:BB:00:11:22:33;
fixed-address 192.168.2.205;
}
#...
}
subnet 192.168.0.0 netmask 255.255.254.0 {
option subnet-mask 255.255.254.0;
option broadcast-address 192.168.3.255;
option routers 192.168.1.1;
#reserved pool for Guests <------ ONLY RANGE DISTRIBUTED FREELY
pool {
range 192.168.0.101 192.168.0.150;
}
# ----A Laptop Computer for testing sake
host TestSubject {
hardware ethernet AA:BB:00:11:22:33;
fixed-address 192.168.1.205;
}
#...
}
}
[edit]
So I understand now that to have the same device on both networks I must specify a different host name. I also understand now that I don't need the shared-network part.
Also, Am I right to use that network broadcast over both subnets like that?
Best Answer
First of all, enclosing everything in "shared-network" is not necessary. From man dhcpd.conf:
This is not the case in your setup - the two networks are physically and logically separate.
Second, you're getting errors about two TestSubjects because dhcpd does not allow you to have two hosts with the same name. Change the name on one of them, and even if the MAC addresses are the same, and I'm pretty sure the errors will go away and you host reservations will work as intended.
The name in the host declaration does not have to match whatever the client thinks its hostname should be - in this case it's more of an arbitrary identifier. The server matches a client to a host declaration based on the subnet on which the request is received and the hardware address.
Finally, the broadcast address for the second subnet should be 192.168.1.255 (sorry I missed that earlier!) You're really setting up two separate layer 3 networks here (assuming this is a Layer 3 MPLS VPN).
There's a lot of good reference info in the manual pages for ISC dhcpd - I highly suggest reading through man dhcpd and man dhcpd.conf.
Regarding the wisdom of setting up your network this way - I agree that it's probably not the ideal configuration, especially if your only link between the two sites is a single MPLS VPN. I work for a small telco that provides MPLS service to our customers. I know that we have some customers who run a single DHCP server at their main location. I know this because when their WAN links go down, they call up our NOC in a panic asking us to enable the DHCP server on our CPE router. If you have some device at the remote office that can provide the DHCP service you need, your network will be more resilient if you enable DHCP locally. If you have to run DHCP across a WAN link, I'd strongly recommend at least setting the lease lifetime to a high value. Adding a backup link, like a VPN connection over the Internet (assuming each site has a separate internet connection) could also help to ensure the availability of DHCP service.