4. DHCP Failover bei VLANS

DHCP Failover bei VLANS

  • N

    Hallo,

    wir haben aktuell über eine NIC ein "normales" Lan und 2 VLANs auf unseren 2 PFSense Boxen eingerichtet, welche wir im mobilen Einsatz auf Events einsetzen.
    Carp mit Failover für die Virtuellen IPs im Wan und Lan läuft wunderbar, allerdings würde ich gerne noch einen DHCP Failover für 3 Netzwerk einsetzen.
    Dies klappt allerdings nur bei der dhcp0 Group. Bei den anderen dhcp Groups steht unter My State recover (bei beiden FWs) und Peer State auf unknown-state.
    In den dhcp Logs sieht man ein "flapping" auf beiden Firewalls: Failover peer dhcp1: I move from startup to recover. 1 Sekunde später Failover peer dhcp1: I move from recover to startup usw.

    Anbei meine dhcp config:

    option domain-name "esl.event";
    default-lease-time 7200;
    max-lease-time 86400;
    authoritative;
    log-facility local7;
    ddns-update-style none;
    one-lease-per-client true;
    deny duplicates;

    failover peer "dhcp0" {
      primary;
      address 10.101.0.2;
      port 519;
      peer address 10.101.0.3;
      peer port 520;
      max-response-delay 10;
      max-unacked-updates 10;
      split 128;
      mclt 600;

    load balance max seconds 3;
    }
    failover peer "dhcp1" {
      primary;
      address 10.102.0.2;
      port 519;
      peer address 10.102.0.3;
      peer port 520;
      max-response-delay 10;
      max-unacked-updates 10;

    split 128;
      mclt 600;

    load balance max seconds 3;
    }
    failover peer "dhcp2" {
      primary;
      address 192.168.1.1;
      port 519;
      peer address 192.168.1.3;
      peer port 520;
      max-response-delay 10;

    max-unacked-updates 10;
      split 128;
      mclt 600;

    load balance max seconds 3;
    }
    subnet 10.101.0.0 netmask 255.255.0.0 {
    pool {
    option domain-name-servers 10.101.0.1;
    deny dynamic bootp clients;

    failover peer "dhcp0";
    range 10.101.2.10 10.101.2.240;
    }
    option routers 10.101.0.1;
    option domain-name-servers 10.101.0.1;
    }
    subnet 10.102.0.0 netmask 255.255.0.0 {
    pool {
    option domain-name-servers 10.102.0.1;

    deny dynamic bootp clients;
    failover peer "dhcp1";
    range 10.102.2.10 10.102.2.240;
    }
    option routers 10.102.0.1;
    option domain-name-servers 10.102.0.1;
    }
    subnet 192.168.0.0 netmask 255.255.0.0 {

    pool {
    option domain-name-servers 192.168.1.10,193.41.200.1;
    deny dynamic bootp clients;
    failover peer "dhcp2";
    range 192.168.1.100 192.168.1.150;
    }
    option routers 192.168.1.10;
    option domain-name-servers 192.168.1.10,193.41.200.1;

    }

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy