Issues related to configuring your network
-
Sambone245
- Posts: 4
- Joined: 2017/05/27 10:51:49
Post
by Sambone245 » 2017/05/27 13:09:18
[/quote
I have been tasked with building out DHCP for our new facility with several requirements; it must be Linux, it must have Primary/Secondary servers and it must serve four different subnets - VOIP, Secured Wired, Unsecured Wired, and Secured WiFi.
We are using Centos 7 and ISC-dhcpd. The DHCP servers are running on VMWare 6.5.
I was able to get the primary/secondary working following these instructions;
http://geekyadmins.com/dhcp-server-setu ... -centos-7/
When I attempt to add the additional subnets and start dhcpd it fails to start and i get the following message;
subnet declarations not allowed here
.
Following some examples that I found on the web, I was doing something like this;
Code: Select all
# Subnet for internal hosts
subnet 10.1.0.0 netmask 255.255.254.0 {
range 10.1.1.200 10.1.1.253;
option routers 10.1.0.1;
option subnet-mask 255.255.254.0;
#failover peer "dhcp";
}
subnet 10.1.2.0 netmask 255.255.254.0 {
range 10.1.3.200 10.1.3.253;
option routers 10.1.2.1;
option subnet-mask 255.255.254.0;
#failover peer "dhcp";
this is my current conf file:
Code: Select all
#DHCP Configuration
#=======================================================================================================
#Primary DHCP Server
#=======================================================================================================
authoritative;
option domain-name "ln.mydomain.com";
option domain-name-servers 172.16.23.5, 172.16.23.6;
default-lease-time 600;
max-lease-time 7200;
#Failover Configuration
failover peer "dhcp-backup" {
primary;
address 172.16.23.3;
port 1024;
peer address 172.16.23.4;
peer port 1024;
max-response-delay 60;
max-unacked-updates 10;
mclt 3600;
split 128;
load balance max seconds 3;
}
subnet 172.16.23.0 netmask 255.255.255.0 {
option domain-name "ln.mydomain.com";
option domain-name-servers 172.16.23.5, 172.16.23.6;
option broadcast-address 172.16.23.255;
option routers 172.16.23.1;
pool {
failover peer "dhcp-backup";
range 172.16.23.100 172.16.23.150;
default-lease-time 6000;
max-lease-time 72000;
}
}
Any guidance or examples of how to correctly do this would be greatly appreciated.
Thanks in advance
Last edited by
Sambone245 on 2017/06/01 17:58:54, edited 1 time in total.
-
aks
- Posts: 3073
- Joined: 2014/09/20 11:22:14
Post
by aks » 2017/05/30 18:29:40
It is documented in the man page (man dhcpd.conf and search for CONFIGURING FAILOVER). Please note that ISC says this may or may not confirm to the standard but implements the DHCP failover protocol as documented in draft-ietf-dhc-failover-07.txt (also from the man page). Suggest you read that
It's not really HA, in the sense that half the available address space is in one server and the other half in the other server, so a renewal would have to happen on failure - but it's all in the man page.
-
Sambone245
- Posts: 4
- Joined: 2017/05/27 10:51:49
Post
by Sambone245 » 2017/05/30 21:02:01
Thanks aks,
I think I may not have been clear in what I'm asking - the 3 requirements were Linux, Primary/Secondary and multiple subnets, the first 2 I have been able to achieve. My issue is adding the other subnets. When I add them based on examples I am finding on the web I am clearly not configuring it correctly.
My conf file in my original post works as expected. When I declare another subnet and attempt to start dhcpd I am getting an error: subnet declarations not allowed here. I am looking for some guidance incorrectly adding 4 more subnets to my conf file.
-
aks
- Posts: 3073
- Joined: 2014/09/20 11:22:14
Post
by aks » 2017/05/31 17:19:10
Oh I see, mis-understood. Sorry.
Usually the "subnet declarations not allowed here" means you've left out a brace, missing semicolon etc.. But seemingly (the fact it works with just the one), you have something like:
} // end of failover configuration
subnet 172.16.23.0 netmask 255.255.255.0 {
} // end of subnet def.
subnet 172.16.24.0 netmask 255.255.255.0 {
} // end of subnet def.
doesn't work?
How about:
} // end of failover configuration
shared-network lan {
subnet 172.16.23.0 netmask 255.255.255.0 {
} // end of subnet def.
subnet 172.16.24.0 netmask 255.255.255.0 {
} // end of subnet def.
} //end of shared-network def.
I don't *know* if this'll work or not, it's just a suggestion, mainly because I think we need some kind of "encapsulation" around our subnet definitions.
-
Sambone245
- Posts: 4
- Joined: 2017/05/27 10:51:49
Post
by Sambone245 » 2017/06/01 14:31:37
So that's where I seem to be having the issue, I added a subnet like the example you posted :
Code: Select all
shared-network lan {
subnet 172.16.23.0 netmask 255.255.255.0 {
option domain-name "ln.mydomain.com";
option domain-name-servers 172.16.23.5, 172.16.23.6;
option broadcast-address 172.16.23.255;
option routers 172.16.23.1;
pool {
failover peer "dhcp-backup";
range 172.16.23.15 172.16.23.254;
default-lease-time 6000;
max-lease-time 72000;
}
subnet 172.16.16.0 netwmask 255.255.255.0 {
option domain-name "ln.mydomain.com";
option domain-name-servers 172.16.23.5, 172.16.23.6;
option broadcast-address 172.16.16.255;
option routers 172.16.16.1;
pool {
failover peer "dhcp-backup";
range 172.16.16.20 172.16.16.200;
default-lease-time 6000;
max-lease-time 72000;
}
}
}
the resulting error:
Code: Select all
/etc/dhcp/dhcpd.conf line 43: subnet declarations not allowed here.
Thanks again for your help
-
TrevorH
- Site Admin
- Posts: 33216
- Joined: 2009/09/24 10:40:56
- Location: Brighton, UK
Post
by TrevorH » 2017/06/01 14:40:59
If my eyes don't deceive me, that new subnet {} is inside the previous subnet {} defintion.
-
Sambone245
- Posts: 4
- Joined: 2017/05/27 10:51:49
Post
by Sambone245 » 2017/06/01 14:57:38
TrevorH - your eye were not deceiving you, thanks!
aks - thank you for your help!