One DHCP server, two VLANs?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

One DHCP server, two VLANs?

Karl Denninger

This seems like it should be possible without a lot of hand-wringing, but I can't find the magic smoke recipe for it....  :-)

Topology is a wireless AP with two SSIDs on it.  One is on Vlan 1 (just to make it simple) the other on Vlan 2.  AP is cabled to a switch that knows how to do VLANs of course.

Vlan 1 has access to all the "inside" stuff; servers and resources, etc.
Vlan 2 has access ONLY to the outside Internet via a gateway with a DNS server on it, etc.

Both Vlan 1 and 2 have distinct IP address assignments on different subnets.

Access from Vlan 2 to the outside works fine; this allows you to have a "guest" network where nobody can see anything inside, but they can get out to the Internet at-large.  Provided I hard-assign the IP number for things on VLAN 2 it works fine.

The DHCP server is on both VLANs via virtual interfaces (FreeBSD) with the port on the switch being told to send both through; it sees and handles traffic from both VLANs just fine.

But.... I cannot start two instances of dhcpd (one on each sub-interface.)  Nor can I find a way to tell dhcpd to read requests from both.

Am I stuck with running the server for the VLAN on a different machine?  If so that's probably ok, but doing it all on one machine would be nice....

--
Karl Denninger
[hidden email]
The Market Ticker
[S/MIME encrypted email preferred]

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: One DHCP server, two VLANs?

Simon Hobson
Karl Denninger <[hidden email]> wrote:

> This seems like it should be possible without a lot of hand-wringing, but I can't find the magic smoke recipe for it....  :-)

It is simple - you're just over thinking it !

> Topology is ...

> The DHCP server is on both VLANs via virtual interfaces (FreeBSD) with the port on the switch being told to send both through; it sees and handles traffic from both VLANs just fine.
>
> But.... I cannot start two instances of dhcpd (one on each sub-interface.)  Nor can I find a way to tell dhcpd to read requests from both.

You just start one instance, but in that instance you define both subnets. So say your subnets are 192.168.1.0/24 and 192.168.2.0/24, then you need a config file a bit like this :

subnet 192.168.1.0 ...
  router ...
  ...
}
subnet 192.168.2.0 ...
  router ...
  ...
}

Then make sure that it listens on both interfaces. The default is to listen on all broadcast capable interfaces, but distribution specific startup scripts may read settings from a file and limit that.

In operation, the daemon tracks the packets and the interface they arrive through - from this is knows which subnet any request is for, and the rest happens automagically.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: One DHCP server, two VLANs?

Karl Denninger
On 1/12/2016 15:04, Simon Hobson wrote:
Karl Denninger [hidden email] wrote:

This seems like it should be possible without a lot of hand-wringing, but I can't find the magic smoke recipe for it....  :-)
It is simple - you're just over thinking it !

Topology is ...

      
The DHCP server is on both VLANs via virtual interfaces (FreeBSD) with the port on the switch being told to send both through; it sees and handles traffic from both VLANs just fine.

But.... I cannot start two instances of dhcpd (one on each sub-interface.)  Nor can I find a way to tell dhcpd to read requests from both.
You just start one instance, but in that instance you define both subnets. So say your subnets are 192.168.1.0/24 and 192.168.2.0/24, then you need a config file a bit like this :

subnet 192.168.1.0 ...
  router ...
  ...
}
subnet 192.168.2.0 ...
  router ...
  ...
}

Then make sure that it listens on both interfaces. The default is to listen on all broadcast capable interfaces, but distribution specific startup scripts may read settings from a file and limit that.

In operation, the daemon tracks the packets and the interface they arrive through - from this is knows which subnet any request is for, and the rest happens automagically.

_______________________________________________


Well that's what I get for trying to get too cute :-)

Thanks.

--
Karl Denninger
[hidden email]
The Market Ticker
[S/MIME encrypted email preferred]

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

smime.p7s (4K) Download Attachment