Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP Failover bei VLANS

    Deutsch
    1
    1
    1507
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nemix
      last edited by

      Hallo,

      wir haben aktuell über eine NIC ein "normales" Lan und 2 VLANs auf unseren 2 PFSense Boxen eingerichtet, welche wir im mobilen Einsatz auf Events einsetzen.
      Carp mit Failover für die Virtuellen IPs im Wan und Lan läuft wunderbar, allerdings würde ich gerne noch einen DHCP Failover für 3 Netzwerk einsetzen.
      Dies klappt allerdings nur bei der dhcp0 Group. Bei den anderen dhcp Groups steht unter My State recover (bei beiden FWs) und Peer State auf unknown-state.
      In den dhcp Logs sieht man ein "flapping" auf beiden Firewalls: Failover peer dhcp1: I move from startup to recover. 1 Sekunde später Failover peer dhcp1: I move from recover to startup usw.

      Anbei meine dhcp config:

      option domain-name "esl.event";
      default-lease-time 7200;
      max-lease-time 86400;
      authoritative;
      log-facility local7;
      ddns-update-style none;
      one-lease-per-client true;
      deny duplicates;

      failover peer "dhcp0" {
        primary;
        address 10.101.0.2;
        port 519;
        peer address 10.101.0.3;
        peer port 520;
        max-response-delay 10;
        max-unacked-updates 10;
        split 128;
        mclt 600;

      load balance max seconds 3;
      }
      failover peer "dhcp1" {
        primary;
        address 10.102.0.2;
        port 519;
        peer address 10.102.0.3;
        peer port 520;
        max-response-delay 10;
        max-unacked-updates 10;

      split 128;
        mclt 600;

      load balance max seconds 3;
      }
      failover peer "dhcp2" {
        primary;
        address 192.168.1.1;
        port 519;
        peer address 192.168.1.3;
        peer port 520;
        max-response-delay 10;

      max-unacked-updates 10;
        split 128;
        mclt 600;

      load balance max seconds 3;
      }
      subnet 10.101.0.0 netmask 255.255.0.0 {
      pool {
      option domain-name-servers 10.101.0.1;
      deny dynamic bootp clients;

      failover peer "dhcp0";
      range 10.101.2.10 10.101.2.240;
      }
      option routers 10.101.0.1;
      option domain-name-servers 10.101.0.1;
      }
      subnet 10.102.0.0 netmask 255.255.0.0 {
      pool {
      option domain-name-servers 10.102.0.1;

      deny dynamic bootp clients;
      failover peer "dhcp1";
      range 10.102.2.10 10.102.2.240;
      }
      option routers 10.102.0.1;
      option domain-name-servers 10.102.0.1;
      }
      subnet 192.168.0.0 netmask 255.255.0.0 {

      pool {
      option domain-name-servers 192.168.1.10,193.41.200.1;
      deny dynamic bootp clients;
      failover peer "dhcp2";
      range 192.168.1.100 192.168.1.150;
      }
      option routers 192.168.1.10;
      option domain-name-servers 192.168.1.10,193.41.200.1;

      }

      1 Reply Last reply Reply Quote 0
      • First post
        Last post