0

I want for the devices which belong to different VLANs to have different routers. For instance:

  • The device 10.0.10.84 inside a VLAN 10.0.10.0/24 would have its router set to 10.0.10.1, whereas:
  • The device 10.0.11.6 belonging to 10.0.11.0/24 should use the router 10.0.11.1.

I configured ISC DHCP server like this:

subnet 10.0.10.0 netmask 255.255.255.0 {
    option subnet-mask 255.255.0.0;
    option routers 10.0.10.1;
    ...

    pool {
        failover peer "dhcp-primary";
        max-lease-time 1800;
        range 10.0.10.200 10.0.10.210;
    }
}

subnet 10.0.11.0 netmask 255.255.255.0 {
    option subnet-mask 255.255.0.0;
    option routers 10.0.11.1;
    ...

    pool {
        failover peer "dhcp-primary";
        max-lease-time 1800;
        range 10.0.11.200 10.0.11.210;
    }
}

host nmap-tests {
    hardware ethernet de:ad:c0:de:ca:fe;
    fixed-address 10.0.11.6;
}

Unfortunately, this doesn't work. When I run nmap --script broadcast-dhcp-discover, the dump from tcpdump -n -i eth0 port bootps or port bootpc -v shows the original request:

0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from de:ad:c0:de:ca:fe ...

and the response:

10.0.10.5.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, ...
      Your-IP 192.168.1.205
      Client-Ethernet-Address de:ad:c0:de:ca:fe

Given the configuration, I would expect the DHCP server to respond with the fixed address 10.0.11.6, and not an IP address from the pool.

What's wrong with the configuration?

Arseni Mourzenko
  • 2,275
  • 5
  • 28
  • 41
  • Is the response coming from your server (10.0.10.5)? The assigned IP does not belong to the configuration your are showing... Please also note that the MAC address in the request you are showing does not match address in host nas1 section, so I am not surprised it is taken from the pool. – Tomek Jan 16 '21 at 19:36
  • @Tomek: yes, the response is coming from the correct server. I checked, and there are no other DHCP servers on the network. About the MAC address, it was a wrong copy-paste; I fixed it now. – Arseni Mourzenko Jan 16 '21 at 19:56
  • 1
    Are these two networks assigned to separate interfaces or are shared on the single interface? If the latter - you may need to put these two networks inside the shared-network statement. You can also have a look at the logs and leases files to see if there is anything interesting there. And where does this 192.168.1.205 come from? How this network relate to the other two? – Tomek Jan 16 '21 at 20:09
  • @Tomek: `shared-network` is indeed the solution (and yes, I was using a single interface). Can you please promote your comment to an answer? – Arseni Mourzenko Jan 16 '21 at 20:18

1 Answers1

2

The configuration below works only if the DHCP server uses multiple interfaces, for example eth1.10 and eth1.11 in the case of VLANs. If there is only one interface, then the subnet statements should be enclosed in a shared-network block.

According to the documentation:

The shared-network statement is used to inform the DHCP server that some IP subnets actually share the same physical network. Any subnets in a shared network should be declared within a shared-network statement.

Arseni Mourzenko
  • 2,275
  • 5
  • 28
  • 41
Tomek
  • 3,390
  • 1
  • 16
  • 10