Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. Re: DISCOVERs from "unkown network segment" - suppress log
messages? (Simon)
2. Re: DISCOVERs from "unkown network segment" - suppress log
messages? (Christina Siegenthaler)
3. Re: DISCOVERs from "unkown network segment" - suppress log
messages? (Christina Siegenthaler)
----------------------------------------------------------------------
Message: 1
Date: Fri, 25 Nov 2022 18:23:35 +0000
From: Simon <dh...@thehobsons.co.uk>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: DISCOVERs from "unkown network segment" - suppress log
messages?
Message-ID: <333c503c-db68-45ae-ba84-4dacf2e4f...@thehobsons.co.uk>
Content-Type: text/plain; charset=utf-8
Darren Ankney <darren.ank...@gmail.com> wrote:
> Since the log messages say: via 10.xx.xx.1: unknown network segment, I
> assume that the 10.xx.xx.xx/xx subnet is not one you are concerned
> with. If that is, indeed, the case, I suggest adding a firewall rule
> either on the server itself or further upstream to block traffic from
> that subnet (or just the 10.xx.xx.1 host) to UDP port 67. The "via
> 10.xx.xx.1" indicates that the traffic is being relayed, so it should
> be unicast and not difficult to add to the firewall.
Yes, that?s probably the easiest way to deal with it. I have a rather vague
recollection that a server rule might not work as dhcpd uses raw packet
handling by default which means it gets to see packets before the network stack.
Also, who is the network administrator responsible for the kit that?s
incorrectly relaying requests to your server ? Perhaps the OP should ?invite
them? to correct their clearly broken config - I hesitate to suggest the use of
a piece of clue by four :D
Christina Siegenthaler <t...@ieu.uzh.ch> wrote:
> Background is, we (unfortunately) got new network hardware (Huawei instead of
> Cisco), and now I get also DHCP requests from buildings and networks that do
> not belong to our department and that are not served by our DHCP server.
I would disagree with ?it?s not a problem? since it clearly indicates that
there is a network misconfiguration in the new kit - so if someone got this
wrong, what else did they get wrong ?
> This is usually not a problem since the server simply ignores those requests
> (though it logs them), but now there is a client in one of the other subnets
> which constantly sends DISCOVERS (about 200 per minute); they fill my log
> file and I?d like to get rid of them ...
200 per minute ! That?s a seriously badly configured client and I?d be asking
whoever is responsible for that network to be tracking it down and ?asking? the
user to remove it until it?s been fixed. Mind you, the user might well be
wondering why it?s not working properly ?
00:07:32 belongs to AAEON Technology Inc. (an OUI lookup tool such as
https://www.wireshark.org/tools/oui-lookup.html is helpful here). Their website
(https://www.aaeon.com/en/) says "AAEON Technology Inc. is a leading
manufacturer of advanced industrial and embedded computing platforms.? so the
device could be almost anything.
But as I know internal politics in universities can be ?interesting?, perhaps
just stick with firewalling the requests.
Simon
------------------------------
Message: 2
Date: Sat, 26 Nov 2022 10:17:04 +0000
From: Christina Siegenthaler <t...@ieu.uzh.ch>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: DISCOVERs from "unkown network segment" - suppress log
messages?
Message-ID: <2baaf05f-ea9e-45df-adf8-48afcc589...@ieu.uzh.ch>
Content-Type: text/plain; charset="utf-8"
Hi
> Am 25.11.2022 um 19:23 schrieb Simon <dh...@thehobsons.co.uk>:
>
> Darren Ankney <darren.ank...@gmail.com> wrote:
>
>> Since the log messages say: via 10.xx.xx.1: unknown network segment, I
>> assume that the 10.xx.xx.xx/xx subnet is not one you are concerned
>> with. If that is, indeed, the case, I suggest adding a firewall rule
>> either on the server itself or further upstream to block traffic from
>> that subnet (or just the 10.xx.xx.1 host) to UDP port 67. The "via
>> 10.xx.xx.1" indicates that the traffic is being relayed, so it should
>> be unicast and not difficult to add to the firewall.
>
> Yes, that?s probably the easiest way to deal with it. I have a rather vague
> recollection that a server rule might not work as dhcpd uses raw packet
> handling by default which means it gets to see packets before the network
> stack.
OK, I was afraid that this would be the case. I?ll look into firewall
configuration then (the DHCP server runs on macOS).
>
> Also, who is the network administrator responsible for the kit that?s
> incorrectly relaying requests to your server ? Perhaps the OP should ?invite
> them? to correct their clearly broken config - I hesitate to suggest the use
> of a piece of clue by four :D
Couldn?t agree more here! Unfortunately, the decision for that brand/ model for
the new network hardware came from higher up (and they took the ones with the
lowest quote, of course)?
We, and the network admins, already noticed in summer 2021 (!), when the first
new switches were up, that they cannot configure them to relay DISCOVERs to the
correct DHCP server, they can only relay all request to all servers. They filed
a feature request with Huawei to add this - of course, we?re still waiting.
They network admins are pretty p*** off, too, because this worked fine with the
old config, and in our opinion, this is a crucial feature for network hardware,
but?
Thus I?d like to see what I can on my end, for the time being.
>
>
>
> Christina Siegenthaler <t...@ieu.uzh.ch> wrote:
>
>> Background is, we (unfortunately) got new network hardware (Huawei instead
>> of Cisco), and now I get also DHCP requests from buildings and networks that
>> do not belong to our department and that are not served by our DHCP server.
>
> I would disagree with ?it?s not a problem? since it clearly indicates that
> there is a network misconfiguration in the new kit - so if someone got this
> wrong, what else did they get wrong ?
Agree - but see above, we?ll have to live with it somehow. Maybe they?ll add
that feature at some time.
>
>> This is usually not a problem since the server simply ignores those requests
>> (though it logs them), but now there is a client in one of the other subnets
>> which constantly sends DISCOVERS (about 200 per minute); they fill my log
>> file and I?d like to get rid of them ...
>
> 200 per minute ! That?s a seriously badly configured client and I?d be asking
> whoever is responsible for that network to be tracking it down and ?asking?
> the user to remove it until it?s been fixed. Mind you, the user might well be
> wondering why it?s not working properly ?
> 00:07:32 belongs to AAEON Technology Inc. (an OUI lookup tool such as
> https://www.wireshark.org/tools/oui-lookup.html is helpful here). Their
> website (https://www.aaeon.com/en/) says "AAEON Technology Inc. is a leading
> manufacturer of advanced industrial and embedded computing platforms.? so the
> device could be almost anything.
> But as I know internal politics in universities can be ?interesting?, perhaps
> just stick with firewalling the requests.
Yeah, indeed. I called the IT guy of the department responsible for the device.
It seems to be a 3D printer. Obviously, they took it off the network after my
call, since I did not get the DISCOVERs for a few days, but now they have
started again. Wrote them an email since it was Friday evening, but it would be
easier for me to be able to just ignore the requests, rather than call them
every few days?
Thank you all,
Tina
>
>
> Simon
>
> --
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
---------------------------------------------------------------------------------
Dr. Tina Siegenthaler
IT support
Institute of Evolutionary Biology and Environmental Studies
University of Zurich
Winterthurerstr. 190
8057 Z?rich
tel : ++41 44 6354891
email: t...@ieu.uzh.ch
---------------------------------------------------------------------------------
------------------------------
Message: 3
Date: Sat, 26 Nov 2022 10:21:53 +0000
From: Christina Siegenthaler <t...@ieu.uzh.ch>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: DISCOVERs from "unkown network segment" - suppress log
messages?
Message-ID: <2c238f8a-7c5e-414d-9a53-5d33bfb84...@ieu.uzh.ch>
Content-Type: text/plain; charset="utf-8"
Hi John
> Am 25.11.2022 um 15:58 schrieb John W. Blue <john.b...@rrcic.com>:
>
> Tina,
>
> As I am sure you are aware DHCPDISCOVER is a broadcast message. If you are
> getting these from networks that you do not administrate it would seem to
> suggest there are engineering flaws with the segmentation of the network or
> the configuration of this new Huawei hardware.
>
> Based upon the wording of your email this extra traffic seems to coincide
> with the arrival of the new hardware so I would recommend you focus your
> troubleshooting efforts on that.
>
> Assuming your network is properly segmented then there is something in the
> Huawei config that is flipping WAN side broadcast traffic into your network.
You are correct. The problem is indeed the new hardware, but it is not
?misconfigured? as such, it simply doesn?t have the option to configure it to
relay DHCP requests from different subnets to different DHCP servers - it can
only relay all requests to all servers. Our network admins talked to Huawei,
they confirmed that and we filed a feature request for this, but we?re still
waiting?
Tina
>
> Good hunting.
>
> John
>
> Sent from Nine
>
> From: Christina Siegenthaler <t...@ieu.uzh.ch>
> Sent: Friday, November 25, 2022 8:34 AM
> To: dhcp-users@lists.isc.org
> Subject: DISCOVERs from "unkown network segment" - suppress log messages?
>
> Dear all
>
>
> Is there a possibility to suppress messages like this from being logged:
>
> Nov 25 15:13:46 ieu-dhcp1 dhcpd[23577]: DHCPDISCOVER from 00:07:32:xx:xx:xx
> via 10.xx.xx.1: unknown network segment
>
> ?
>
> Background is, we (unfortunately) got new network hardware (Huawei instead of
> Cisco), and now I get also DHCP requests from buildings and networks that do
> not belong to our department and that are not served by our DHCP server. This
> is usually not a problem since the server simply ignores those requests
> (though it logs them), but now there is a client in one of the other subnets
> which constantly sends DISCOVERS (about 200 per minute); they fill my log
> file and I?d like to get rid of them?
>
> I tried to add the MAC address of the rogue client to the config file with an
> ?ignore booting? statement, but the DISCOVERs still get logged.
>
>
> Thanks, Tina
>
>
>
>
> --
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
> --
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
---------------------------------------------------------------------------------
Dr. Tina Siegenthaler
IT support
Institute of Evolutionary Biology and Environmental Studies
University of Zurich
Winterthurerstr. 190
8057 Z?rich
tel : ++41 44 6354891
email: t...@ieu.uzh.ch
---------------------------------------------------------------------------------
------------------------------
Subject: Digest Footer
_______________________________________________
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 169, Issue 9
******************************************
