Replacing MS DHCP with pfSense DHCP for /22 subnet question
-
Sorry if I over simplify it, I like being as concise as possible.
Currently the network assigned on the LAN is 10.1.0.0/22 which covers
10.1.0.0
10.1.1.0
10.1.2.0
10.1.3.0The MS DHCP Server is handing out
10.1.2.0 with a netmask of /24All static devices (servers, etc) are located on
10.1.3.0 with a netmask of /24I recently attempted to move DHCP to pfSense. The problem is that pfSense is handing out 10.1.2.0 with a subnet of /22 and that value cannot be changed. I thought of exporting the config file XML, modifying the <netmask> tag to <netmask>255.255.255.0</netmask> in order to maintain the continuity within the network and not have to reconfigure all static device netmasks in the 10.1.3.0 subnet.
Before I do so, I wanted to ask if pfSense will behave and allow this modification or will I end up in subnet hell?
Thanks.
-
Did you set your pfsense LAN interface for this range to a /22? I just tried on my local box on interface and have no problem setting a /22 on its DHCP server..
-
Huh? First you state your on a /22, then you say your MS dhcp is handing out /24??
Do you mean you have 4 vlans, and you have setup scopes with dhcp relay to let your MS dhcp hand out the different /24s out of the /22 to your vlans?
All static devices (servers, etc) are located on 10.1.3.0 with a netmask of /24Pfsense dhcp can not do that - it has to have an interface in each vlan.. Or it can relay.. But if what you want to hand out is actually /22 then yeah it can do that just fine.
Are you wanting to expand from /24 to /22 - and only hand out a portion of that range via dhcp say 10.1.2.10-250/22 to your clients?
-
-
Yeah I would wonder that as well.. I think maybe he is wanting to grow from /24 to /22?? But if your MS shop, and have AD up and running - best to use MS for your dns and dhcp.
-
I edited my original. The LAN INT has a /22. I only want DHCP for a single Class C, which is 10.1.2.0/24
Yes MS DHCP is handing out a subnet of /24 because it is configurable on MS DHCP. It does not appear to be configurable on pfSense which is why I asked about altering the DHCP backup XML and restoring just the DHCP.
Again, there are some machines on the 10.1.3.0 which have a static assignment with a /24 and they cannot communicate back with the clients on 10.1.2.0 when they request connectivity.
I know all the comments out there "oh why are you doing this" and all, believe me, not my first choice (not my choice at all, just my job to get it to work).
I can easily get this going with a Cisco router or even an ASA, but hell if I am going to use a Cisco over pfSense :-p
-
As far as the "why leave MS DHCP?" question.. Unstable server which we are waiting for the budget to replace and for now, we need a stable DHCP server.
-
The subnet mask pfSense DHCP gives is the same as the interface subnet mask. To do otherwise is pretty much nonsensical.
You can easily set the pool to only give out addresses 10.1.2.1 through 10.1.2.254 but as far as a different subnet mask, I would reevaluate your network design first.
-
Derelict, not my call. I am only in there to do as I was asked. I do agree but again, not my call. I know that DHCP gives out a subnet as defined by the Interface. I was only hoping to avoid changing the subnet masks of the devices in the 10.1.3.0 to /22 and initiate the change on pf instead.
-
@SenseiNYC said in Replacing MS DHCP with pfSense DHCP for /22 subnet question:
Again, there are some machines on the 10.1.3.0 which have a static assignment with a /24 and they cannot communicate back with the clients on 10.1.2.0 when they request connectivity.
Well no shit.. They are on a different network... If you want to use /24's then you vlan your networks to be these different /24's and then route between them.
If you want them all on the same L2 and talk to each other then they would all need to have /22 to cover the range netblock you stated..
To make it work - if they are all on the same L2 then they all need a mask that is what that L2, L3 network is - ie /22
To be honest if you have servers and clients, etc. on different networks - then they should be on different vlans and you route - which pfsense can do for you easy.
-
@SenseiNYC said in Replacing MS DHCP with pfSense DHCP for /22 subnet question:
Derelict, not my call. I am only in there to do as I was asked.
It sounds like the person asking for that might not know what he's talking about.
-
I have to agree @JKnott here.. There seems to be a lack of understanding for sure.. If you want all your devices to talk to each other they need to be on the same network - that means the same mask be it /24 or /23 or /22... Do you actually have that many devices? /22 is 1000 devices.. Do you have that many? Will you get to that many say sometime in the next year or so?
To be honest, lets say you had that many - that is a pretty big broadcast domain.. If these are windows boxes its going to be a bit noisy ;) Windows out of the box just loves to put shit on the wire for no reason...
If you have different types of devices - say servers and users.. You should put them on different vlans and route.. They will all be able to talk to each other - but now you can have some control via firewall, and you also reduce the number of devices on the same broadcast domain.
So this person told you to make it work... So make it work correctly ;)
If you have questions on how to do that - there are lots of people here that love to help.
-
@johnpoz said in Replacing MS DHCP with pfSense DHCP for /22 subnet question:
Well no shit.. They are on a different network... If you want to use /24's then you vlan your networks to be these different /24's and then route between them.
If you want them all on the same L2 and talk to each other then they would all need to have /22 to cover the range netblock you stated..
As you said "well no shit". I am well aware of subnetting concepts. That's not the question. I think you all missed the point of the question so allow me to clarify. HOW can the DHCP server on pfSense be configured to distribute client info with a different subnet? Other DHCP servers can do it, but apparently pfSense is falling short here.
Again, thanks for the helpful responses. :-(
-
Ok so it seems that changing the config backup <netmask> tag from blank to 255.255.255.0 really doesn't change a thing. Now to discuss with the customer and explain the limitation of the system. Thanks again.
-
So spin up a Linux or FreeBSD VM running ISC DHCP or Kea and configure it exactly how you want it.
It's quite frustrating when people think an inability to overcome network maldesign is somehow a shortcoming in pfSense.
-
@SenseiNYC said in Replacing MS DHCP with pfSense DHCP for /22 subnet question:
HOW can the DHCP server on pfSense be configured to distribute client info with a different subnet?
The only way I can think of is with a DHCP relay. Otherwise, if the DHCP server is on the same network as the devices, it must have the same subnet. How do the other servers you mentioned do it?
-
So again.. as I stated before and Derelict is saying - pfsense can not handle scopes for other vlans that are handed to it via a relay. It has to have an interface in the L2 where it will see the dhcp discovers.
And you sure can not hand out the wrong mask for what the interface is set to that dhcpd is listening on.
Changing the mask on the clients so they can talk to other clients in some larger L2 is NOT the CORRECT solution anyway!!!! It would just be some borked up nonsense. Devices that reside on the same L2 all need to be in the same L3 network via proper sized mask for the L3 you want to run on that L2.
If you want to have a dhcpd that can handle multiple scopes for different vlans - then your MS can do that now. Or as suggested fire up stand alone isc dhcpd.. But you would need relays to send the data to the dhcpd. Pfsense can be a relay from the different vlans that its connected to.
But mixing masks on a large L2 is not a valid configuration.