Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. DHCP server behing Cisco relay (Hernan Saltiel)
2. Re: DHCP server behing Cisco relay (Jos? Queiroz)
3. RE: DHCP server behing Cisco relay (Patrick Trapp)
4. Re: cutover from conf file to ldap (Brendan Kearney)
----------------------------------------------------------------------
Message: 1
Date: Fri, 20 May 2016 17:58:23 -0300
From: Hernan Saltiel <hsalt...@gmail.com>
To: dhcp-users@lists.isc.org
Subject: DHCP server behing Cisco relay
Message-ID:
<CAMXef5JBX1i8C=w-r-nta5aca3yvkqm0awq0rlnf-bgdgav...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Hi everybody.
Maybe I'm asking something previously answered.
I configured my new iscp-dhcp-server (Ubuntu 16.04) to server requests from
a network of APs.
Those APs are connected to a Cisco switch, having 192.168.120.1/24 as
primary address, and a secondary subnet with address 10.0.0.1/16 (yes,
16...). It has relay configured, just to send the dhcp requests to
192.168.120.20, a Windows machine.
Today I have a Windows machine connected there, where I use the AP
controller software, and TFTPD64, a thin software that works as a DHCP
server. I configured there a range (10.0.0.10 -> 10.0.200.200) and
everything works well, but it's Windows, then from time to time, I have to
reboot the system.
This is why I configured the new machine as 192.168.120.40/24, installed
isc-dhcp-server package, and configured the following lines on
/etc/dhcp/dhcpd.conf:
default lease-time 600;
max-lease-time 7200;
subnet 10.0.0.0 netmask 255.255.0.0 {
range 10.0.0.10 10.0.200.200;
option subnet-mask 255.255.0.0;
option routers 10.0.0.1;
option domain-name-servers 8.8.8.8, 8.8.4.4;
}
subnet 192.168.120.0 netmask 255.255.255.0 {
}
When I start the server, I only see it trying to answer requests using
network 192.168.120.0, then saying "no free leases", and not serving any
10.0.0.0/16 address.
Now I'm living with TFTPD64, but I plan to move that to a better solution.
Does anybody know about this configuration? Is there something I'm doing
wrong?
Thanks a lot in advance, and best regards.
--
HeCSa
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20160520/9e96d5e4/attachment-0001.html>
------------------------------
Message: 2
Date: Fri, 20 May 2016 18:46:23 -0300
From: Jos? Queiroz <zekk...@gmail.com>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: DHCP server behing Cisco relay
Message-ID:
<CADeaZRxSa5etWsLVxufg1=eybu9kngd_w63zn9tmfd1d3uj...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Hi Hernan,
Could you please post the Cisco Switch's relevant configuration, also?
Including the VLAN interfaces serving the 10.0.0.0/16 network.
By the way, does this switch have conectivity with your dhcp server? This
is mandatory for the DHCP relay to work, as the relay agent needs to
forward DHCP messages for clients in unicast to the DHCP server; and the
reverse path must be available also, once you're checking the direct path,
give some time checking this also.
2016-05-20 17:58 GMT-03:00 Hernan Saltiel <hsalt...@gmail.com>:
> Hi everybody.
>
> Maybe I'm asking something previously answered.
> I configured my new iscp-dhcp-server (Ubuntu 16.04) to server requests
> from a network of APs.
> Those APs are connected to a Cisco switch, having 192.168.120.1/24 as
> primary address, and a secondary subnet with address 10.0.0.1/16 (yes,
> 16...). It has relay configured, just to send the dhcp requests to
> 192.168.120.20, a Windows machine.
> Today I have a Windows machine connected there, where I use the AP
> controller software, and TFTPD64, a thin software that works as a DHCP
> server. I configured there a range (10.0.0.10 -> 10.0.200.200) and
> everything works well, but it's Windows, then from time to time, I have to
> reboot the system.
> This is why I configured the new machine as 192.168.120.40/24, installed
> isc-dhcp-server package, and configured the following lines on
> /etc/dhcp/dhcpd.conf:
>
> default lease-time 600;
> max-lease-time 7200;
>
> subnet 10.0.0.0 netmask 255.255.0.0 {
> range 10.0.0.10 10.0.200.200;
> option subnet-mask 255.255.0.0;
> option routers 10.0.0.1;
> option domain-name-servers 8.8.8.8, 8.8.4.4;
> }
>
> subnet 192.168.120.0 netmask 255.255.255.0 {
> }
>
> When I start the server, I only see it trying to answer requests using
> network 192.168.120.0, then saying "no free leases", and not serving any
> 10.0.0.0/16 address.
>
> Now I'm living with TFTPD64, but I plan to move that to a better solution.
> Does anybody know about this configuration? Is there something I'm doing
> wrong?
> Thanks a lot in advance, and best regards.
>
> --
> HeCSa
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20160520/95bde625/attachment-0001.html>
------------------------------
Message: 3
Date: Fri, 20 May 2016 21:54:37 +0000
From: Patrick Trapp <ptr...@nex-tech.com>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: RE: DHCP server behing Cisco relay
Message-ID:
<1d507d610594d14f86d40d77c17e9e662aa17...@exchangedsb.ruralnex.com>
Content-Type: text/plain; charset="iso-8859-1"
Also, if you are intending for addresses to be made available from both of the
subnets, I believe you may need to define those pools as a shared network. Look
up shared-network in your handy DHCP documentation, but I would wonder if
something like this would make a difference:
default lease-time 600;
max-lease-time 7200;
shared-network Combined-pools {
subnet 10.0.0.0 netmask 255.255.0.0 {
range 10.0.0.10 10.0.200.200;
option subnet-mask 255.255.0.0;
option routers 10.0.0.1;
option domain-name-servers 8.8.8.8, 8.8.4.4;
}
subnet 192.168.120.0 netmask 255.255.255.0 {
}
}
Or, so be more generic
shared-network shared-network-label
{
subnet1 x.x.x.x netmask 255.x.x.x
{
} (to close subnet1)
subnet2 y.y.y.y netmask 255.y.y.y
{
} (to close subnet2)
} (to close the shared-network declaration)
________________________________
From: dhcp-users-boun...@lists.isc.org [dhcp-users-boun...@lists.isc.org] on
behalf of Jos? Queiroz [zekk...@gmail.com]
Sent: Friday, May 20, 2016 4:46 PM
To: Users of ISC DHCP
Subject: Re: DHCP server behing Cisco relay
Hi Hernan,
Could you please post the Cisco Switch's relevant configuration, also?
Including the VLAN interfaces serving the 10.0.0.0/16<http://10.0.0.0/16>
network.
By the way, does this switch have conectivity with your dhcp server? This is
mandatory for the DHCP relay to work, as the relay agent needs to forward DHCP
messages for clients in unicast to the DHCP server; and the reverse path must
be available also, once you're checking the direct path, give some time
checking this also.
2016-05-20 17:58 GMT-03:00 Hernan Saltiel
<hsalt...@gmail.com<mailto:hsalt...@gmail.com>>:
Hi everybody.
Maybe I'm asking something previously answered.
I configured my new iscp-dhcp-server (Ubuntu 16.04) to server requests from a
network of APs.
Those APs are connected to a Cisco switch, having
192.168.120.1/24<http://192.168.120.1/24> as primary address, and a secondary
subnet with address 10.0.0.1/16<http://10.0.0.1/16> (yes, 16...). It has relay
configured, just to send the dhcp requests to 192.168.120.20, a Windows machine.
Today I have a Windows machine connected there, where I use the AP controller
software, and TFTPD64, a thin software that works as a DHCP server. I
configured there a range (10.0.0.10 -> 10.0.200.200) and everything works well,
but it's Windows, then from time to time, I have to reboot the system.
This is why I configured the new machine as
192.168.120.40/24<http://192.168.120.40/24>, installed isc-dhcp-server package,
and configured the following lines on /etc/dhcp/dhcpd.conf:
default lease-time 600;
max-lease-time 7200;
subnet 10.0.0.0 netmask 255.255.0.0 {
range 10.0.0.10 10.0.200.200;
option subnet-mask 255.255.0.0;
option routers 10.0.0.1;
option domain-name-servers 8.8.8.8, 8.8.4.4;
}
subnet 192.168.120.0 netmask 255.255.255.0 {
}
When I start the server, I only see it trying to answer requests using network
192.168.120.0, then saying "no free leases", and not serving any
10.0.0.0/16<http://10.0.0.0/16> address.
Now I'm living with TFTPD64, but I plan to move that to a better solution.
Does anybody know about this configuration? Is there something I'm doing wrong?
Thanks a lot in advance, and best regards.
--
HeCSa
_______________________________________________
dhcp-users mailing list
dhcp-users@lists.isc.org<mailto:dhcp-users@lists.isc.org>
https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20160520/8ae6c73a/attachment-0001.html>
------------------------------
Message: 4
Date: Fri, 20 May 2016 19:03:44 -0400
From: Brendan Kearney <bpk...@gmail.com>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: cutover from conf file to ldap
Message-ID: <573f97d0.5060...@gmail.com>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
On 05/19/2016 10:43 AM, brendan kearney wrote:
>
> I was figuring that to be the case. There is a startup debug file I
> can write out to, and will review that again. I do notice that
> formatting (line terminators, whitespace , etc) doesnt seem very clean
> but I am not sure if that makes a difference.
>
> On May 19, 2016 9:25 AM, "dave c" <d...@gvtc.drakkar.org
> <mailto:d...@gvtc.drakkar.org>> wrote:
>
> I've not tried moving config to ldap myself, but it sounds like
> the key indicator is that message when you were testing the leases
> file against the ldap config with the -T... that no subnets were
> found.
>
> Then when you made the config active, it sounded like the subnets
> couldn't be found in the config and as a result the devices that
> had active leases were NAKed and no leases were being issued.
>
> I don't know if there is a way to have dhcp pull out the configs
> it acquired from LDAP and display them so you can verify what it's
> seeing... but the likeliest scenario is that it has enough
> knowledge and visibility to test clean when using ldap, but not
> have the shared networks and subnets defined to anchor the leases.
>
> Dave
>
> On 5/18/16 18:17, Brendan Kearney wrote:
>
> running fedora 20, dhcp 4.2.7 (i will be upgrading to f24
> shortly after it comes out)
>
> i have put a bunch of effort into setting up ldap to house my
> configs and all of the directives
> in my conf file(s) are in ldap at this point. if i run the below:
>
> dhcpd -4 -f -t -cf /etc/dhcp/dhcpd.conf.ldap bond0
>
> i get:
>
> Internet Systems Consortium DHCP Server 4.2.7
> Copyright 2004-2014 Internet Systems Consortium.
> All rights reserved.
> For info, please visit https://www.isc.org/software/dhcp/
>
> it seems that no issues exist in the config, as housed in
> ldap. if i run the same command with
> a -T, to test the leases file, every IP in all subnets, pools,
> etc is reported with the below line:
>
> lease 192.168.xxx.xxx: no subnet.
>
> the subnet definition exists in ldap, so i dont know what this
> might be. a nuance with the
> lease file, maybe? any pointers would be appreciated.
>
> now, when i cutover from conf files to ldap, what is the
> proper procedure? i tried to do so
> already, and all sorts of problems came from it. existing
> leases were getting NAK responses for
> renewals, and new leases were not being given out. i even
> wound up with "peer holds all free
> leases" errors from both servers.
>
> i stopped both instances, changed the conf files from static
> files to a config pointing to ldap
> for configs, and started one instance. i waited a minute or so
> and started the second instance.
>
> i also stopped both instances and removed the leases files
> from both servers and restarted. in
> no scenario was i able to get leases to start being handed
> out. because the network is a lab
> network, i dont have any real requirement for things to stay
> online at all times.
>
> am i missing something in my approach? are there best
> practices to perform such a change?
>
> thanks in advance,
>
> brendan
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org <mailto:dhcp-users@lists.isc.org>
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
> --
> Dave Calafrancesco
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org <mailto:dhcp-users@lists.isc.org>
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
i found the issue with the leases. it turns out that for some reason
you have to define one pool in a subnet (looks like the first enumerated
pool) using the dhcpPoolDN attribute. oddly, all other pools are found
and dont require you to explicit define them.
anyway, the tests come back clean now and i restarted using ldap for my
configs. again, the NAK and "peer holds all free leases" errors from
both servers started again. i have switched back, but what should i be
looking for now?
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20160520/76f75082/attachment.html>
------------------------------
_______________________________________________
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
End of dhcp-users Digest, Vol 91, Issue 24
******************************************
