Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Multiple cisco dhcp servers on the wan problem...

Reply
Thread Tools

Multiple cisco dhcp servers on the wan problem...

 
 
Faustino Dina
Guest
Posts: n/a
 
      09-27-2004
Hi all,
I installed a dhcp server on the segment 10.10.10.0/24 on a cisco router at
10.10.10.34. It works OK.
Then I configured another DHCP server on the segment 10.10.34.0/24, also on
a cisco router at 10.10.34.254.
Now plug a PC on the 10.10.10.0 segment, the DHCP server that answer first
is 10.10.34.254 (!) and it leases of course a 10.10.34.xxx address to the PC
connected at 10.10.10.0. From ethereal sniffing I can also see that the
10.10.10.34 dhcp server also answer the request but too late. How can I
restrict the dhcp server to serve only to clients on his sub-network? It
looks like the dhcp broadcast is not restricted by certain routers in my
wan. How can I block it?
I'm not a LAN expert and mostly the router configuration is held by external
consultants. So I'm looking for the most simple configuration. I thought
installing a dhcp server on each router to serve it subnet will be the
safest mode instead of using relay agents.
Any suggestion is welcomed. Thanks in advance

The dhcp configuration of the routers is:

//--- router 10.10.10.34
ip dhcp excluded-address 10.10.10.1 10.10.10.60
ip dhcp excluded-address 10.10.10.64 10.10.10.254
no ip dhcp conflict logging
ip dhcp pool 0
network 10.10.10.0 255.255.255.0
domain-name matusa.net
dns-server 10.10.10.1
netbios-name-server 10.10.10.1
netbios-node-type h-node
default-router 10.10.10.254
lease 1

//--- router 10.10.34.254
no ip dhcp conflict logging
ip dhcp excluded-address 10.10.34.1 10.10.34.199
ip dhcp pool net0
network 10.10.34.0 255.255.255.0
domain-name matusa.net
dns-server 10.10.10.1
netbios-name-server 10.10.10.1
netbios-node-type h-node
default-router 10.10.34.254
lease 1


--
Faustino Dina
--------------------------------------------------------
If my email address starts with two 'f'
drop the first 'f' when mailing me.


 
Reply With Quote
 
 
 
 
RC
Guest
Posts: n/a
 
      09-27-2004
Are both these routers on the same physical segment? If they aren't, and
they shouldn't be, they should work fine. What's the rest of the router
config? Is there a "helper" address? Are they configured as a bridge? DHCP
broadcasts shouldn't be going across the WAN link.

"Faustino Dina" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi all,
> I installed a dhcp server on the segment 10.10.10.0/24 on a cisco router

at
> 10.10.10.34. It works OK.
> Then I configured another DHCP server on the segment 10.10.34.0/24, also

on
> a cisco router at 10.10.34.254.
> Now plug a PC on the 10.10.10.0 segment, the DHCP server that answer first
> is 10.10.34.254 (!) and it leases of course a 10.10.34.xxx address to the

PC
> connected at 10.10.10.0. From ethereal sniffing I can also see that the
> 10.10.10.34 dhcp server also answer the request but too late. How can I
> restrict the dhcp server to serve only to clients on his sub-network? It
> looks like the dhcp broadcast is not restricted by certain routers in my
> wan. How can I block it?
> I'm not a LAN expert and mostly the router configuration is held by

external
> consultants. So I'm looking for the most simple configuration. I thought
> installing a dhcp server on each router to serve it subnet will be the
> safest mode instead of using relay agents.
> Any suggestion is welcomed. Thanks in advance
>
> The dhcp configuration of the routers is:
>
> //--- router 10.10.10.34
> ip dhcp excluded-address 10.10.10.1 10.10.10.60
> ip dhcp excluded-address 10.10.10.64 10.10.10.254
> no ip dhcp conflict logging
> ip dhcp pool 0
> network 10.10.10.0 255.255.255.0
> domain-name matusa.net
> dns-server 10.10.10.1
> netbios-name-server 10.10.10.1
> netbios-node-type h-node
> default-router 10.10.10.254
> lease 1
>
> //--- router 10.10.34.254
> no ip dhcp conflict logging
> ip dhcp excluded-address 10.10.34.1 10.10.34.199
> ip dhcp pool net0
> network 10.10.34.0 255.255.255.0
> domain-name matusa.net
> dns-server 10.10.10.1
> netbios-name-server 10.10.10.1
> netbios-node-type h-node
> default-router 10.10.34.254
> lease 1
>
>
> --
> Faustino Dina
> --------------------------------------------------------
> If my email address starts with two 'f'
> drop the first 'f' when mailing me.
>
>



 
Reply With Quote
 
 
 
 
Faustino Dina
Guest
Posts: n/a
 
      09-28-2004
....Then I reconfigure the dhcp server on 10.10.34.254 to be the only dhcp
server on my wan (lets try to live with dhcp broadcast crossing routers). I
disconnected my 10.10.10.34 router from the network, and reconfigured
10.10.34.254 with two pools: one to serve the 10.10.10.0 network, and the
other to serve 10.10.34.0 network. But the problem remains similar: the dhcp
server leases a 10.10.34.x address to my 10.10.10.0 located test PC. It
doesn't has the intelligence to use the 10.10.34.0 network pool instead of
the 10.10.10.0 one. What I'm missing here?

Thanks in advance
The configuration for the router in dhcp role is the following:


no ip dhcp conflict logging
ip dhcp excluded-address 10.10.34.1 10.10.34.199
ip dhcp excluded-address 10.10.10.1 10.10.10.60
ip dhcp excluded-address 10.10.10.64 10.10.10.254
!
ip dhcp pool 0
network 10.10.34.0 255.255.255.0
domain-name matusa.net
dns-server 10.10.10.1
netbios-name-server 10.10.10.1
netbios-node-type h-node
default-router 10.10.34.254
!
ip dhcp pool 1
network 10.10.10.0 255.255.255.0
domain-name matusa.net
dns-server 10.10.10.1
netbios-name-server 10.10.10.1
netbios-node-type h-node
default-router 10.10.10.254


 
Reply With Quote
 
Secret Squirrel
Guest
Posts: n/a
 
      10-21-2004
"Faustino Dina" <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> Hi all,
> I installed a dhcp server on the segment 10.10.10.0/24 on a cisco
> router at 10.10.10.34. It works OK.
> Then I configured another DHCP server on the segment 10.10.34.0/24,
> also on a cisco router at 10.10.34.254.
> Now plug a PC on the 10.10.10.0 segment, the DHCP server that answer
> first is 10.10.34.254 (!) and it leases of course a 10.10.34.xxx
> address to the PC connected at 10.10.10.0. From ethereal sniffing I
> can also see that the 10.10.10.34 dhcp server also answer the request
> but too late. How can I restrict the dhcp server to serve only to
> clients on his sub-network? It looks like the dhcp broadcast is not
> restricted by certain routers in my wan. How can I block it?
> I'm not a LAN expert and mostly the router configuration is held by
> external consultants. So I'm looking for the most simple
> configuration. I thought installing a dhcp server on each router to
> serve it subnet will be the safest mode instead of using relay agents.
> Any suggestion is welcomed. Thanks in advance
>
> The dhcp configuration of the routers is:
>
> //--- router 10.10.10.34
> ip dhcp excluded-address 10.10.10.1 10.10.10.60
> ip dhcp excluded-address 10.10.10.64 10.10.10.254
> no ip dhcp conflict logging
> ip dhcp pool 0
> network 10.10.10.0 255.255.255.0
> domain-name matusa.net
> dns-server 10.10.10.1
> netbios-name-server 10.10.10.1
> netbios-node-type h-node
> default-router 10.10.10.254
> lease 1
>
> //--- router 10.10.34.254
> no ip dhcp conflict logging
> ip dhcp excluded-address 10.10.34.1 10.10.34.199
> ip dhcp pool net0
> network 10.10.34.0 255.255.255.0
> domain-name matusa.net
> dns-server 10.10.10.1
> netbios-name-server 10.10.10.1
> netbios-node-type h-node
> default-router 10.10.34.254
> lease 1
>
>


You shouldn't have 2 DHCP servers on the same segment. But if you do,
then the client will accept the first offer that it receives. That is
why the ack packets are broadcasts, so that other servers on the segment
will know that the client has accepted an offer from another server.
 
Reply With Quote
 
chris@nospam.com
Guest
Posts: n/a
 
      10-23-2004
On Mon, 27 Sep 2004 20:01:52 -0500, "Faustino Dina"
<(E-Mail Removed)> wrote:

>...Then I reconfigure the dhcp server on 10.10.34.254 to be the only dhcp
>server on my wan (lets try to live with dhcp broadcast crossing routers). I
>disconnected my 10.10.10.34 router from the network, and reconfigured
>10.10.34.254 with two pools: one to serve the 10.10.10.0 network, and the
>other to serve 10.10.34.0 network. But the problem remains similar: the dhcp
>server leases a 10.10.34.x address to my 10.10.10.0 located test PC. It
>doesn't has the intelligence to use the 10.10.34.0 network pool instead of
>the 10.10.10.0 one. What I'm missing here?
>
>Thanks in advance
>The configuration for the router in dhcp role is the following:
>
>
>no ip dhcp conflict logging
>ip dhcp excluded-address 10.10.34.1 10.10.34.199
>ip dhcp excluded-address 10.10.10.1 10.10.10.60
>ip dhcp excluded-address 10.10.10.64 10.10.10.254
>!
>ip dhcp pool 0
> network 10.10.34.0 255.255.255.0
> domain-name matusa.net
> dns-server 10.10.10.1
> netbios-name-server 10.10.10.1
> netbios-node-type h-node
> default-router 10.10.34.254
>!
>ip dhcp pool 1
> network 10.10.10.0 255.255.255.0
> domain-name matusa.net
> dns-server 10.10.10.1
> netbios-name-server 10.10.10.1
> netbios-node-type h-node
> default-router 10.10.10.254
>



Can you post the part of the config where you have the interface
addresses configured? You may have the wrong subnet mask, or failed
to add 'ip classless' and your routers considers 10.10.34.x and
10.10.10.x to be on the same interface. This would cause routing
problems though.

Are these subnets physically seperate or do they share a segment (ala
router on a stick)?

-Chris

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Dual WAN on a 2651, NAT inside, opening one port on the seconday WAN Martin Gallagher Cisco 0 11-27-2012 09:27 AM
PIX 501 - 2 WAN Connections, how to route certain IPs to the 2nd WAN Casper Cisco 1 08-17-2007 08:17 PM
Implementing dhcp servers and dns servers =?Utf-8?B?ZG91Z2hib3kzMQ==?= MCSE 20 06-23-2006 11:11 PM
Ethernet WAN and not WAN. AM Cisco 1 05-23-2005 11:45 PM
Need to securely connect workstations on another WAN to my WAN kev Cisco 4 11-17-2003 01:55 AM



Advertisments