DHCP on multiple interfaces

danldn31 · Sep 9, 2020, 3:19 PM

Hey guys, Need your valid inputs/advice here. Thanks in advance.

We reached a point where we can no longer expand our current DHCP network pool inside LAN interface. So what I am thinking is enable DHCP on the next interface(OPT1) where the subnet is not at all in use.
The idea is DHCP should allocate IP from any of these interfaces, LAN or OPT1 based on availabilities.
Default GW for OPT1 DHCP should be the same GW of LAN interface DHCP.
Is this something possible? Please share your thoughts on this.

JeGr · Sep 9, 2020, 3:37 PM

@ddanielpala said in DHCP on multiple interfaces:

The idea is DHCP should allocate IP from any of these interfaces, LAN or OPT1 based on availabilities.
Default GW for OPT1 DHCP should be the same GW of LAN interface DHCP.

Nope. No. Nonononononono. NO. You don't configure two separate interfaces with the same IP range or default gateway or anything else what you are thinking. That simply screams bad design and accident to happen. I don't even understand how you'd like to set that up so that OPt1 uses other IPs then LAN but uses LANs Gateway or addresses or anything.

a) Why aren't you using a bigger CIDR mask if you are "out of IPs" for your pool?
b) Why do you have that many IPs in that pool in the first place? Why not segmenting them into different VLANs with different IP networks?
c) Why not simply do a clean routing?

Perhaps I'm misunderstanding what you are trying to do but it reads REALLY bad in my book so I'm glad to offer advice with more background infos on what is actually happen :)

JKnott · Sep 9, 2020, 3:50 PM

@ddanielpala said in DHCP on multiple interfaces:

We reached a point where we can no longer expand our current DHCP network pool inside LAN interface. So what I am thinking is enable DHCP on the next interface(OPT1) where the subnet is not at all in use.

Why can't you? If you need more addresses, make your subnet bigger and then adjust the DHCP pool size.

danldn31 · Sep 9, 2020, 3:50 PM

@JeGr Thank you for commenting. Here is my answer,

Our LAN network is currently a shared one for all kind of connections, like personal devices, office devices, qa/dev envs etc etc. I know its a bad design, but unfortunately it is what is for now.
As you got it already, what I am trying to achieve is expand our DHCP IP range. Our current LAN network 192.168.0.0/24 is almost full due to the consumption as I described above.
We also have 192.168.1.0/24, 192.168.2.0/24 networks (interfaces in vlan) assigned to other environments.
And opt1 192.168.5.0/24 is not in use. I was thinking if I can use this interface also for the DHCP by going to
pfsense -> services -> dhcp server -> go to opt1 interface,
select Enable DHCP server and configure its default gw as 192.168.0.1 which is LAN interface GW.
I don't have much experience in this stuff, so please consider me a newbie.
Thank you very much again.

danldn31 · Sep 9, 2020, 3:53 PM

@JKnott because we have multiple interfaces defined with /24 subnet. and the LAN subnet with /24 range is almost full

JeGr · Sep 9, 2020, 4:02 PM

@ddanielpala said in DHCP on multiple interfaces:

select Enable DHCP server and configure its default gw as 192.168.0.1 which is LAN interface GW.

Nope, routing doesn't work that way. What you'd do is a half-separation. The client would get an address in the .5.x subnet but have no route whatsoever. Your firewall also has to have an IP in the .5.x subnet or it can't give out DHCP offers, DNS or anything at all. So your gateway would be the firewall's .5.x address as you normally can't simply use a default gateway on clients that is NOT in your current network (as the client has no clue how to reach it). You can't simply hand out the .0.1 as DefaultGW and hope the device to work just like a LAN device :) It would still be in the broadcast domain on OPT1 and multicast/broadcast traffic doesn't get routed so you would have won nothing.

So no, you can't simply stretch your LAN that way. That doesn't work.

Perhaps it's either time for better subnetting and separation or renumber your LAN from .0.x to e.g. .100.x and use it as /23 or /22. I'd strongly advise to simply go the slightly harder way and just start the separation process and pack office devices in their net, make seprate QA/dev envs (That IS important! That's a main thing i'd do immediatly) etc. etc.

And as you already have that process started it's time to sit down, plan your network for your needs and do a proper separation into various VLANs and setup some nice routing. Hurts now, I know, but you're WAY better later on.

Cheers
\jens

danldn31 · Sep 9, 2020, 4:10 PM

@JeGr Makes sense! Thank you very much.
So what if I have an IP in OPT1 interface and allow that as the default gw for OPT1 DHCP.

Totally agreed regarding the separation of networks. At-least have a separate network for all personal devices.

JeGr · Sep 9, 2020, 4:19 PM

@ddanielpala said in DHCP on multiple interfaces:

Totally agreed regarding the separation of networks. At-least have a separate network for all personal devices.

Absolutely!

So what if I have an IP in OPT1 interface and allow that as the default gw for OPT1 DHCP.

I don't get that ;) Can you make an example?

danldn31 · Sep 9, 2020, 4:24 PM

@JeGr So,
For opt1 interace which is 192.168.5.0/24, interface static IP would be 192.168.5.1 (pfsense -> interfaces) and then for DHCP
(pfsense -> services -> dhcp server -> go to opt1 interface)
select Enable DHCP server and configure its default gw as 192.168.5.1 as the GW.
Then ISP won't know who is this new DHCP server as it only knows DHCP server is LAN, am I right?

johnpoz · Sep 9, 2020, 4:39 PM

So your problem is your using 192.168.0/24 and you need more IPs in this network.. But your problem is your already using .1 and .2, etc. So you can not just expand the network to a /23 or /22 for example because it would overlap your other networks.

The proper solution then is to change the network to say 192.168.6/23 or some other range completely..

If your devices are all dhcp changing the lan network to 192.168.6/23 would be simple as your devices getting new IP via dhcp.. After you change it.

If you need more than a /23, then use say 192.168.8/22

JeGr · Sep 9, 2020, 4:39 PM

@ddanielpala said in DHCP on multiple interfaces:

Then ISP won't know who is this new DHCP server as it only knows DHCP server is LAN, am I right?

The ISP doesn't know anything about your internal networks as you're NATting them outbound to your WAN IP anyway. So if you're coming from .5.x or .0.x you'll get mapped by pfSense to your WAN IP either way.

danldn31 · Sep 9, 2020, 5:27 PM

@JeGr So in that case, having a static IP on OPT1 and make that Ip as the default GW for DHCP under OPT1 should solve the issue, correct?

johnpoz · Sep 9, 2020, 5:28 PM

You can create as many networks as you want.. If you want to put some of the devices that are currently on your lan network, on some other opt1 network sure that works..

danldn31 · Sep 9, 2020, 5:45 PM

@johnpoz Thanks. So pfsense will use both dhcp services(running on LAN and OPT1) allocate IP addresses accordingly?

johnpoz · Sep 9, 2020, 5:48 PM

Yeah lan devices will get IPs from the lan dhcp pool, and devices in the opt1 network will be getting ips from that pool.

Are none of your other networks using dhcp?

Not understanding what the concern is here.. You clearly are running multiple networks, how is it you think you can only run 1 dhcpd pool?

Your not wanting to run 2 different networks on the same L2 are you??

danldn31 · Sep 9, 2020, 5:49 PM

@johnpoz Other networks are wired. Not in DHCP

johnpoz · Sep 9, 2020, 6:06 PM

@ddanielpala said in DHCP on multiple interfaces:

Other networks are wired. Not in DHCP

Huh?? What does wired or not have to do with dhcp? Your saying those other networks are all assigned static on the devices? Why? How many devices?

danldn31 · Sep 9, 2020, 6:15 PM

Forget about other networks. What I am trying to achieve is to have two DHCP server on two different networks for clients to connect. Thanks.

JKnott · Sep 9, 2020, 6:18 PM

@ddanielpala said in DHCP on multiple interfaces:

What I am trying to achieve is to have two DHCP server on two different networks for clients to connect.

You can configure a DHCP server on every interface.

johnpoz · Sep 9, 2020, 6:40 PM

Yeah you could have 100's, shoot prob 1000s - depending on the umph of your hardware of networks and dhcp running on all of them.. I'm just a bit confused to how that is even a question.. Pfsense would be pretty freaking crappy if you could only run dhcpd on 1 network at a time ;) hehehe

So yeah, you can run multiple networks with dhcpd on any or all of them if you want.. Just click the little enable dhcp check box on the interface in the dhcp server section.

What you can not do, and people complain about it is run dhcpd and a dhcp relay.. You can either relay or be dhcp server.. You can not do both things at the same time, even on different networks.