DHCP on subnets

radarino

Hi,
I'm a new user of pfSense.. For testing purpose, I've activate 2 subnet on LAN (by manually defining alias for NIC) but DHCP page configuration can manage only the first one.. there is a way for use DHCP only on second subnet? and, net 1.3 release will manage multiple subnets?

Thanks
Antonio

GruensFroeschli

No.
Its bad practice to have multiple subnets on the same physical layer.
(Unless you separate via VLAN-tags).

Imagine you connect a second DHCP to your existing network.
How would the clients know with which DHCP server they should communicate?

iggdawg

I've run into this wall as well.  My topology is

internet –-- soekris/pfsense --192.168.0.1/30-- cisco 2621 ---- cisco 2950
                                                                                     192.168.2.0/24
                                                                                              |
                                                                                              |
                                                                                       Wireless AP
                                                                                     192.168.2.0/24

The AP doesn't route, it just acts as a bridge.  I have the AP serving DHCP to the wireless segment.  Before I switched from openbsd to pfsense I had the 2621 relaying dhcp requests to my soekris box, but now I have to use the 2621 for DHCP duty.  The obvious question of course is "why is the 2621 there?".  it's a lab device and connects to a number of other cisco routers that are irrelevant to the production network topology.  the main reason it's there is so I can see how different things react to real production traffic since you can only learn so much in a lab environment.

Any Cisco router is going to support the "ip helper-address" directive to relay DHCP, so it would be nice if pfsense could handle serving arbitrary subnets with DHCP.  Firewalls are rarely on the same physical subnet as workstations.  it's easy enough to do with BSD's DHCPD daemon, it doesn't care what subnets you put into it.  Maybe just an "allow arbitrary subnets" checkbox if you want to keep the same "you're using the wrong subnet, guy" logic it has in there now.

To respond the the above comment...  When you do things that aren't completely standard, you just need to do it intelligently.  Thats why there are so many options for DHCP.  I use an ACL and address exclusions to handle having 2 DHCP servers on the same subnet, and it works wonderfully.  Each server has a chunk of the subnet it can assign to users.  The 2621 won't get any requests from the wireless network, and the ACL blocks the AP from getting requests from the wired network.  Everybody wins.

on the 2621:
ip dhcp excluded-address 192.168.2.0 192.168.2.10
ip dhcp excluded-address 192.168.2.120 192.168.2.254
!
ip dhcp pool wishbone
  network 192.168.2.0 255.255.255.0
  default-router 192.168.2.1
  domain-name iggdawg.com
  dns-server 192.168.0.1

on the AP:
ip dhcp excluded-address 192.168.2.1 192.168.2.127
ip dhcp excluded-address 192.168.2.165 192.168.2.254
!
ip dhcp pool wishbone
  network 192.168.2.0 255.255.255.0
  default-router 192.168.2.1
  domain-name iggdawg.com
  dns-server 192.168.0.1

interface FastEthernet0
no ip address
ip access-group Deny_DHCP in
---- snipping other interface config directives ----

ip access-list extended Deny_DHCP
deny  udp any any eq bootpc
deny  udp any any eq bootps
permit ip any any