2 bridged networks / DHCP problem

hchady · Apr 26, 2007, 4:15 PM

on DHCP 1 (134.214.0.0/22) pfsense record these logs :

Apr 26 18:10:23 dhcpd: DHCPDISCOVER from 00:90:96:20:98:2d via rl0: network 134.214.0/22: no free leases
Apr 26 18:10:23 dhcpd: DHCPREQUEST for 134.214.232.32 (134.214.100.6) from 00:90:96:20:98:2d via rl0: wrong network.
Apr 26 18:10:23 dhcpd: DHCPNAK on 134.214.232.32 to 00:90:96:20:98:2d via rl0
Apr 26 18:10:24 dhcpd: DHCPDISCOVER from 00:90:96:20:98:2d via rl0: network 134.214.0/22: no free leases
Apr 26 18:10:24 dhcpd: DHCPREQUEST for 134.214.232.32 (134.214.100.6) from 00:90:96:20:98:2d via rl0: wrong network.
Apr 26 18:10:24 dhcpd: DHCPNAK on 134.214.232.32 to 00:90:96:20:98:2d via rl0

I don't have access to the logs of DHCP2 (134.214.100.6), but it seems that it offer the IP 134.214.232.32 to the client.
if I restart or stop the pfsense DHCP, the client gets the IP 134.214.232.32 directely.

note that DHCP 1 cannot offer a lease for an unknown client because the option deny unknown option is checked.

So any idea ?

gbenoit · Apr 26, 2007, 5:06 PM

OK, maybe the DHCPNACK cancels the DHCPACK from the other dhcp server.

As you're using public IPs, maybe it will be difficult, but if you can try to extend the subnet of the DHCP 1 (let's say from /22 et /16), to include the network of the second DHCP server in the same network as the first (same network, but still different ranges), in order to see if the "unknow lease" only instead of the DHCPNACK message should solve the issue…

Because DHCPNACK is sent to client, but unknow lease is only log, and no message is sent back to client.

DHCPNACK is used to say to a laptop coming from another wifi network : "hey, you're dhcp renew is not valid on this wifi lan ! you're no more on your home wifi network"

hchady · Apr 26, 2007, 5:10 PM

i think that it is something related to dhcp-authoritative option that is not enabled may be on DHCP 2 (Windows 2K3 server)

gbenoit · Apr 26, 2007, 5:30 PM

And I still think it might be a DHCPNACK issue :D

hchady · Apr 26, 2007, 5:54 PM

hmmm !! ok

hchady · May 2, 2007, 11:16 AM

is there a solution for this ?

jeroen234 · May 3, 2007, 7:17 AM

using only 1 dhcp server

gbenoit · May 3, 2007, 8:49 AM

Map wireless lan on different VLAN, or try to share the same network, and dhcp distributing on 2 different ranges.

hchady · May 3, 2007, 11:40 AM

the problem that i have 2 differents servers for authentication, and a captive portal on each network
so is there a way to let user choose between the server, or the domain ?

i.e. there is a way to have local authentication and radius or NT domaine (or LDAP) authentication on the same captive portal page ?
in this way each user can choice his domain

hoba · May 3, 2007, 1:27 PM

No. Maybe you can try to simplyfiy your setup a bit. It seems to be rather complex.