TESTING NEEDED: Multiple DHCP pools within a subnet

jimp · Oct 28, 2012, 8:07 PM

The feature was not added to the IPv6 DHCP settings. Only IPv4.

robfantini · Dec 26, 2012, 3:20 PM

I set a different DNS server ( 208.67.222.222 ) on Pool-Specific Options. but that did not get to resolv.conf on the linux client. The client was even rebooted to test. resolv.conf instead gets the dns servers defined in main pool.

Also tried to set NTP time server to 0.debian.pool.ntp.org . the result was this message at top of the screen: "A valid IP address must be specified for the primary/secondary NTP servers."

jimp · Dec 26, 2012, 3:26 PM

Does using a hostname in the NTP server field work on the main tab? I thought we required an IP there.

DNS should work, it did last I knew. You can check /var/dhcpd/etc/dhcpd.conf that it's getting into the pool config. It is when I look on mine, though I don't have a client hooked up behind that test VM to do a proper check at the moment.

robfantini · Dec 26, 2012, 5:46 PM

@jimp:

Does using a hostname in the NTP server field work on the main tab? I thought we required an IP there.

an IP is needed there. however i assumed that since an IP is not needed at General Setup then an IP would not be needed in dhcp server.

Just read isc-dhcp dhcp-options man page and now see that IP is needed.

DNS should work, it did last I knew. You can check /var/dhcpd/etc/dhcpd.conf that it's getting into the pool config. It is when I look on mine, though I don't have a client hooked up behind that test VM to do a proper check at the moment.

the pool config is OK at /var/dhcpd/etc/dhcpd.conf


        pool {
                option domain-name-servers 127.0.0.1,172.50.24.2;
                range 172.50.24.100 172.50.24.200;
        }

        pool {
                option domain-name-servers 127.0.0.1,208.67.222.222;
                deny unknown-clients;
                default-lease-time 600;
                range 172.50.24.11 172.50.24.20;
        }

here is more client info:


t520  /etc # cat resolv.conf
# Generated by NetworkManager
domain fantinibakery.com
search fantinibakery.com
nameserver 127.0.0.1
nameserver 172.50.24.2

t520  /etc # ip a
....

3: wlan0: <broadcast,multicast,up,lower_up>mtu 1500 qdisc mq state UP qlen 1000
    link/ether 10:0b:a9:69:21:70 brd ff:ff:ff:ff:ff:ff
    inet 172.50.24.11/24 brd 172.50.24.255 scope global wlan0
    inet6 fe80::120b:a9ff:fe69:2170/64 scope link 
       valid_lft forever preferred_lft forever</broadcast,multicast,up,lower_up>

Also I was not able to add the client fixed lease to the 'additional pool'. tried a few things and it always ended up at bottom of the main pool page.

jimp · Dec 26, 2012, 5:58 PM

Hmm that DNS config looks OK, not sure why it didn't go to the client properly.

Also static mappings are not pool specific, they are global for an interface. You can't define a static mapping inside a pool.
I made a commit earlier today to remove the static mapping list from the pool page since it's not relevant.

To control who gets into a specific pool you need to use the allow/deny MAC boxes. At the moment they're just comma-separated lists. they could be changed into lists (like aliases) in the future if we get a proper web developer position filled.

robfantini · Dec 26, 2012, 6:44 PM

tried using the mac address allow, saved changes and then restarted dhcp server [ not sure is restart is needed ] rebooted the client and still wrong dns in resolv.conf .

maybe the client is asking for and getting the old lease information. is there a place to clear the cache?

jimp · Dec 26, 2012, 7:49 PM

The client could be remembering it, that varies by OS but it may be in /tmp/ or /var/ somewhere. (I think it's /var/lib/dhclient/dhclient.leases but on FreeBSD it's in /var/db/dhclient/dhclient.leases I think, or thereabouts)

On pfSense the server's lease database is under /var/dhcpd/var/db/ but you can clear individual leases from the GUI by clicking the 'x' next to the lease under Status > DHCP Leases. Failing that, stop the dhcp service, rm the leases files(s), then restart it.

jimp · Dec 26, 2012, 8:16 PM

I just did a quick test in a VM:

option domain-name "example.com";
option ldap-server code 95 = text;
option domain-search-list code 119 = text;

default-lease-time 7200;
max-lease-time 86400;
log-facility local7;
ddns-update-style none;
one-lease-per-client true;
deny duplicates;
ping-check true;
authoritative;
class "000C29DBA30B" {
        match if substring (hardware, 1, 6) = 00:0C:29:DB:A3:0B;
}
subnet 192.168.27.0 netmask 255.255.255.0 {
        pool {
                deny members of "000C29DBA30B";
                range 192.168.27.100 192.168.27.199;
        }

        pool {
                option domain-name-servers 208.67.222.222;
                allow members of "000C29DBA30B";
                range 192.168.27.50 192.168.27.60;
        }

        option routers 192.168.27.1;
        option domain-name-servers 192.168.27.1;

}

That one MAC address is my test client.

And the Windows client received:

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : example.com
        Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter

        Physical Address. . . . . . . . . : 00-0C-29-DB-A3-0B
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.27.50
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.27.1
        DHCP Server . . . . . . . . . . . : 192.168.27.1
        DNS Servers . . . . . . . . . . . : 208.67.222.222
        Lease Obtained. . . . . . . . . . : Wednesday, December 26, 2012 3:02:35 PM
        Lease Expires . . . . . . . . . . : Wednesday, December 26, 2012 5:02:35 PM

So it did receive the expected IP and DNS server from the secondary pool.

robfantini · Dec 29, 2012, 6:30 PM

the client here runs debian wheezy .

there is a fixed dhcp lease in /var/dhcpd/etc/dhcpd.conf on pfsense.

all the rest of settings here look the same.

when i get a chance, I'll try removing the fixed lease , clearing caches , restating network on client…

maybe you could try adding the test client to fixed leases ..

robfantini · Dec 29, 2012, 6:54 PM

after deleting the fixed lease the client got the correct sub pool nameserver.

on our current dhcp server we use 'group' to assign some dhcp options:


       group {
                        option ntp-servers  10.100.100.17;
                        next-server 10.100.100.17;

                        host phone30 {
                                hardware ethernet 00:0E:08:19:.....;
                                fixed-address 10.100.199.30;
                                }

                        host phone31 {
                                hardware ethernet 70:81:05:-----;
                                fixed-address 10.100.199.30;
                                }
               # we have about 20 more devices...
}

the isc-dhcp-server server runs on Debian wheezy . here is version info:


fbc123  /etc/dhcp # aptitude show isc-dhcp-server
Package: isc-dhcp-server                 
State: installed
Automatically installed: no
Version: 4.2.2.dfsg.1-5+deb70u2

I think
maybe fixed leases could be assigned to a group?

jimp · Dec 29, 2012, 7:03 PM

With some more coding changes, perhaps.

Fixed leases do not belong to a pool so no pool-specific settings will apply to them.

Eventually someone could take the pool type settings and apply that to static leases as well, since most all of those settings are also valid for static leases.

But doing the groups thing, though interesting, would greatly increase the complexity of the code on the page, and it's already pretty complicated.

Possible, yes, but unless someone pumps some funding into it, not likely to happen anytime soon.

jimp · Jan 27, 2013, 6:47 PM

FYI- Input validation was added last week to prevent overlapping pools from being saved. Testing would be helpful there also.

bluenote · May 15, 2013, 8:54 PM

I tested multiple DHCP pool for a subnet (LAN) and I noticed that the fixed lease were not anymore handle properly. Only the last one inserted was show in the fixed lease table in the bottom of services_dhcp.php.

Every new insertion made the previous record to be delete.

jimp · May 15, 2013, 9:08 PM

@bluenote:

I tested multiple DHCP pool for a subnet (LAN) and I noticed that the fixed lease were not anymore handle properly. Only the last one inserted was show in the fixed lease table in the bottom of services_dhcp.php.

Every new insertion made the previous record to be delete.

On 2.1 or with a 2.0.x patch? (I would expect issues with the 2.0.x patch, it wasn't meant to be used, use 2.1 instead)

jimp · May 16, 2013, 7:44 PM

@jimp:

@bluenote:

I tested multiple DHCP pool for a subnet (LAN) and I noticed that the fixed lease were not anymore handle properly. Only the last one inserted was show in the fixed lease table in the bottom of services_dhcp.php.

Every new insertion made the previous record to be delete.

On 2.1 or with a 2.0.x patch? (I would expect issues with the 2.0.x patch, it wasn't meant to be used, use 2.1 instead)

Seems to be fixed by this:
https://github.com/pfsense/pfsense/commit/37c922a6faff0e55db04fb66e43b76180e1c1449

WetWilly · Jun 4, 2013, 1:40 PM

Is "Multiple DHCP pools outside of subnet"

Anywhere on the roadmap?

Or is there any smooth way to a DHCP-range outside of LAN interface subnet?

jimp · Jun 4, 2013, 2:04 PM

@WetWilly:

Is "Multiple DHCP pools outside of subnet"

Anywhere on the roadmap?

Or is there any smooth way to a DHCP-range outside of LAN interface subnet?

It's closer to being possible, but not going to happen any time soon (maybe 2.2, if someone has the time or funding for it).

There is no way to do DHCP for another subnet on an interface currently. That's a question for another thread, though.