Re: [Dnsmasq-discuss] DHCP errors with vlans and multiple subnets

[Simon Kelley]

So, the same machine, with the same MAC address, seems to be talking to
the dnsmasq DHCP server from (at least) three different subnets
more-or-less simultaneously. This is not good, as the DHCP protocol (for
IPv4, at least) assumes each interface will get _one_ address. Dnsmasq
is chasing its tail, giving the machine one address, then abandoning
that and giving it another, and so on.

The APs have interfaces on multiple VLANS? If so you need to do one of
two things

1) Get them to use different MAC addresses on each distinct VLAN,
2) Get them to use DHCP client-IDs and ensure that _those_ are distinct.

As a unique identifier, client-ids override MAC addresses, so you should
be OK leaving the interfaces with a single MAC address if you take the
client-id route.

Most DHCP clients have a way to configure which client-id they should use.



Cheers,

Simon.



On 03/03/14 15:46, David Joslin wrote:
 Cheers Simon
 
 Here's the output of dnsmasq with log-dhcp set. It shows the requests
 from one particular access point (Room4UAP) over about 3 or 4 minutes.
 
 Mar  3 13:39:24 eastgaterouter daemon.info
 http://daemon.info/ dnsmasq[9848]: started, version
 2.69test8-78-g6e0290a cachesize 1500
 Mar  3 13:39:24 eastgaterouter daemon.info
 http://daemon.info/ dnsmasq[9848]: compile time options: IPv6
 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP
 no-conntrack ipset Tomato-helper auth no-DNSSEC
 Mar  3 13:39:24 eastgaterouter daemon.warn dnsmasq[9848]: warning:
 interface tap21 does not currently exist
 Mar  3 13:39:24 eastgaterouter daemon.info
 http://daemon.info/ dnsmasq[9848]: asynchronous logging enabled, queue
 limit is 5 messages
 Mar  3 13:39:24 eastgaterouter daemon.info
 http://daemon.info/ dnsmasq-dhcp[9848]: DHCP, IP range 10.10.99.101 --
 10.10.99.200, lease time 1d
 Mar  3 13:39:24 eastgaterouter daemon.info
 http://daemon.info/ dnsmasq-dhcp[9848]: DHCP, IP range 10.10.70.101 --
 10.10.70.200, lease time 1d
 Mar  3 13:39:24 eastgaterouter daemon.info
 http://daemon.info/ dnsmasq-dhcp[9848]: DHCP, IP range 10.10.30.101 --
 10.10.30.200, lease time 1d
 Mar  3 13:39:24 eastgaterouter daemon.info
 http://daemon.info/ dnsmasq-dhcp[9848]: DHCP, IP range 10.10.20.101 --
 10.10.20.200, lease time 1d
 Mar  3 13:39:24 eastgaterouter daemon.info
 http://daemon.info/ dnsmasq-dhcp[9848]: DHCP, IP range 10.10.10.151 --
 10.10.10.200, lease time 1d
 Mar  3 13:39:24 eastgaterouter daemon.info
 http://daemon.info/ dnsmasq[9848]: using local addresses only for
 domain office.nkcc.org.uk http://office.nkcc.org.uk/
 Mar  3 13:39:24 eastgaterouter daemon.info
 http://daemon.info/ dnsmasq[9848]: reading /etc/resolv.dnsmasq
 Mar  3 13:39:24 eastgaterouter daemon.info
 http://daemon.info/ dnsmasq[9848]: using local addresses only for
 domain office.nkcc.org.uk http://office.nkcc.org.uk/
 Mar  3 13:39:24 eastgaterouter daemon.info
 http://daemon.info/ dnsmasq[9848]: using nameserver 208.67.222.222#53
 Mar  3 13:39:24 eastgaterouter daemon.info
 http://daemon.info/ dnsmasq[9848]: using nameserver 208.67.220.220#53
 Mar  3 13:39:24 eastgaterouter daemon.info
 http://daemon.info/ dnsmasq[9848]: read /etc/hosts - 5 addresses
 Mar  3 13:39:24 eastgaterouter daemon.info
 http://daemon.info/ dnsmasq[9848]: read /etc/dnsmasq/hosts/hosts - 41
 addresses
 Mar  3 13:39:24 eastgaterouter daemon.info
 http://daemon.info/ dnsmasq-dhcp[9848]: read /etc/dnsmasq/dhcp/dhcp-hosts
 Mar  3 13:39:24 eastgaterouter daemon.warn dnsmasq-dhcp[9848]: not
 giving name Room5UAP.office.nkcc.org.uk
 http://room5uap.office.nkcc.org.uk/ to the DHCP lease of 10.10.10.180
 because the name exists in /etc/dnsmasq/hosts/hosts with address 10.10.99.23
 Mar  3 13:39:24 eastgaterouter daemon.warn dnsmasq-dhcp[9848]: not
 giving name Room5UAP to the DHCP lease of 10.10.10.180 because the name
 exists in /etc/dnsmasq/hosts/hosts with address 10.10.99.23
 Mar  3 13:39:24 eastgaterouter daemon.warn dnsmasq-dhcp[9848]: not
 giving name ManagementSuiteUAP.office.nkcc.org.uk
 http://managementsuiteuap.office.nkcc.org.uk/ to the DHCP lease of
 10.10.30.195 because the name exists in /etc/dnsmasq/hosts/hosts with
 address 10.10.99.21
 Mar  3 13:39:24 eastgaterouter daemon.warn dnsmasq-dhcp[9848]: not
 giving name ManagementSuiteUAP to the DHCP lease of 10.10.30.195 because
 the name exists in /etc/dnsmasq/hosts/hosts with address 10.10.99.21
 Mar  3 13:39:24 eastgaterouter daemon.warn dnsmasq-dhcp[9848]: not
 giving name AuditoriumCentreWestUAPAC.office.nkcc.org.uk
 http://auditoriumcentrewestuapac.office.nkcc.org.uk/ to the DHCP lease
 of 10.10.10.162 because the name exists in /etc/dnsmasq/hosts/hosts with
 address 10.10.99.24
 Mar  3 13:39:24 eastgaterouter daemon.warn dnsmasq-dhcp[9848]: not
 giving name AuditoriumCentreWestUAPAC to the DHCP lease of 10.10.10.162
 because the name exists in /etc/dnsmasq/hosts/hosts with address 10.10.99.24
 Mar  3 13:39:24 eastgaterouter daemon.warn dnsmasq-dhcp[9848]: not
 giving name Room4UAP.office.nkcc.org.uk
 

Re: [Dnsmasq-discuss] DHCP errors with vlans and multiple subnets

[David Joslin]

Thanks, Simon.

The access points are all on vlan 9 (the management vlan). They serve
wireless clients on vlans 3, 4 and 5 but they don't have interfaces on
these vlans.

What's really baffling me is that nothing has changed with the network
configuration. I've been through the configuration of the router (with it's
dnsmasq dhcp server) and the switches on the network over and over again
and I can't find anything that's changed.

Each subnet is defined on the router (with dhcp enabled for each subnet)
and each vlan is associated with a particular subnet. The way it used to
work was this: I simply reserved the IP addresses for the access points on
the router (and I can see that these reservations have gone into dnsmasq's
dhcp-hosts file) and the access points were given these addresses (on
vlan9) when they asked for them - simple! Now, when they request addresses,
they are being offered addresses from every vlan apart from vlan 9! And
when they request the offered address, dnsmasq pumps out the warning
messages that the requested address conflicts with the address in the hosts
file. I even disabled the dhcp server on all the subnets apart from that
assigned to vlan9 to see if that would force the dhcp server to assign the
correct 10.10.99... address but when I did this dnsmasq logged the
following messages over and over again:
no address range available for DHCP request via br0
no address range available for DHCP request via br1
no address range available for DHCP request via br2

It wouldn't offer a vlan9 address.

There appeared to be a simple solution to this which was to assign static
IPs to all vlan9 devices (switches, access points). But when I did, DHCP
requests from the access points still appeared at the router! This would
seem to be a fairly major bug (in the Ubiquti UniFi Wi-Fi system) but I'm
wondering if this is in some way related to this problem (I can't think
how, though).

The access points have only one network interface and don't seem to offer
any way to configure client-IDs so I still can't see a solution (apart from
reverting everything to factory settings and building it all from scratch
again - not something I want to do).

If you've got any advice I'd be grateful.

Cheers

David


On 4 March 2014 17:59, Simon Kelley si...@thekelleys.org.uk wrote:

 So, the same machine, with the same MAC address, seems to be talking to
 the dnsmasq DHCP server from (at least) three different subnets
 more-or-less simultaneously. This is not good, as the DHCP protocol (for
 IPv4, at least) assumes each interface will get _one_ address. Dnsmasq
 is chasing its tail, giving the machine one address, then abandoning
 that and giving it another, and so on.

 The APs have interfaces on multiple VLANS? If so you need to do one of
 two things

 1) Get them to use different MAC addresses on each distinct VLAN,
 2) Get them to use DHCP client-IDs and ensure that _those_ are distinct.

 As a unique identifier, client-ids override MAC addresses, so you should
 be OK leaving the interfaces with a single MAC address if you take the
 client-id route.

 Most DHCP clients have a way to configure which client-id they should use.



 Cheers,

 Simon.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss