Multiple cisco dhcp servers on the wan problem...

Discussion in 'Cisco' started by Faustino Dina, Sep 28, 2004.

  1. Hi all,
    I installed a dhcp server on the segment 10.10.10.0/24 on a cisco router at
    10.10.10.34. It works OK.
    Then I configured another DHCP server on the segment 10.10.34.0/24, also on
    a cisco router at 10.10.34.254.
    Now plug a PC on the 10.10.10.0 segment, the DHCP server that answer first
    is 10.10.34.254 (!) and it leases of course a 10.10.34.xxx address to the PC
    connected at 10.10.10.0. From ethereal sniffing I can also see that the
    10.10.10.34 dhcp server also answer the request but too late. How can I
    restrict the dhcp server to serve only to clients on his sub-network? It
    looks like the dhcp broadcast is not restricted by certain routers in my
    wan. How can I block it?
    I'm not a LAN expert and mostly the router configuration is held by external
    consultants. So I'm looking for the most simple configuration. I thought
    installing a dhcp server on each router to serve it subnet will be the
    safest mode instead of using relay agents.
    Any suggestion is welcomed. Thanks in advance

    The dhcp configuration of the routers is:

    //--- router 10.10.10.34
    ip dhcp excluded-address 10.10.10.1 10.10.10.60
    ip dhcp excluded-address 10.10.10.64 10.10.10.254
    no ip dhcp conflict logging
    ip dhcp pool 0
    network 10.10.10.0 255.255.255.0
    domain-name matusa.net
    dns-server 10.10.10.1
    netbios-name-server 10.10.10.1
    netbios-node-type h-node
    default-router 10.10.10.254
    lease 1

    //--- router 10.10.34.254
    no ip dhcp conflict logging
    ip dhcp excluded-address 10.10.34.1 10.10.34.199
    ip dhcp pool net0
    network 10.10.34.0 255.255.255.0
    domain-name matusa.net
    dns-server 10.10.10.1
    netbios-name-server 10.10.10.1
    netbios-node-type h-node
    default-router 10.10.34.254
    lease 1


    --
    Faustino Dina
    --------------------------------------------------------
    If my email address starts with two 'f'
    drop the first 'f' when mailing me.
     
    Faustino Dina, Sep 28, 2004
    #1
    1. Advertising

  2. Faustino Dina

    RC Guest

    Are both these routers on the same physical segment? If they aren't, and
    they shouldn't be, they should work fine. What's the rest of the router
    config? Is there a "helper" address? Are they configured as a bridge? DHCP
    broadcasts shouldn't be going across the WAN link.

    "Faustino Dina" <> wrote in message
    news:...
    > Hi all,
    > I installed a dhcp server on the segment 10.10.10.0/24 on a cisco router

    at
    > 10.10.10.34. It works OK.
    > Then I configured another DHCP server on the segment 10.10.34.0/24, also

    on
    > a cisco router at 10.10.34.254.
    > Now plug a PC on the 10.10.10.0 segment, the DHCP server that answer first
    > is 10.10.34.254 (!) and it leases of course a 10.10.34.xxx address to the

    PC
    > connected at 10.10.10.0. From ethereal sniffing I can also see that the
    > 10.10.10.34 dhcp server also answer the request but too late. How can I
    > restrict the dhcp server to serve only to clients on his sub-network? It
    > looks like the dhcp broadcast is not restricted by certain routers in my
    > wan. How can I block it?
    > I'm not a LAN expert and mostly the router configuration is held by

    external
    > consultants. So I'm looking for the most simple configuration. I thought
    > installing a dhcp server on each router to serve it subnet will be the
    > safest mode instead of using relay agents.
    > Any suggestion is welcomed. Thanks in advance
    >
    > The dhcp configuration of the routers is:
    >
    > //--- router 10.10.10.34
    > ip dhcp excluded-address 10.10.10.1 10.10.10.60
    > ip dhcp excluded-address 10.10.10.64 10.10.10.254
    > no ip dhcp conflict logging
    > ip dhcp pool 0
    > network 10.10.10.0 255.255.255.0
    > domain-name matusa.net
    > dns-server 10.10.10.1
    > netbios-name-server 10.10.10.1
    > netbios-node-type h-node
    > default-router 10.10.10.254
    > lease 1
    >
    > //--- router 10.10.34.254
    > no ip dhcp conflict logging
    > ip dhcp excluded-address 10.10.34.1 10.10.34.199
    > ip dhcp pool net0
    > network 10.10.34.0 255.255.255.0
    > domain-name matusa.net
    > dns-server 10.10.10.1
    > netbios-name-server 10.10.10.1
    > netbios-node-type h-node
    > default-router 10.10.34.254
    > lease 1
    >
    >
    > --
    > Faustino Dina
    > --------------------------------------------------------
    > If my email address starts with two 'f'
    > drop the first 'f' when mailing me.
    >
    >
     
    RC, Sep 28, 2004
    #2
    1. Advertising

  3. ....Then I reconfigure the dhcp server on 10.10.34.254 to be the only dhcp
    server on my wan (lets try to live with dhcp broadcast crossing routers). I
    disconnected my 10.10.10.34 router from the network, and reconfigured
    10.10.34.254 with two pools: one to serve the 10.10.10.0 network, and the
    other to serve 10.10.34.0 network. But the problem remains similar: the dhcp
    server leases a 10.10.34.x address to my 10.10.10.0 located test PC. It
    doesn't has the intelligence to use the 10.10.34.0 network pool instead of
    the 10.10.10.0 one. What I'm missing here?

    Thanks in advance
    The configuration for the router in dhcp role is the following:


    no ip dhcp conflict logging
    ip dhcp excluded-address 10.10.34.1 10.10.34.199
    ip dhcp excluded-address 10.10.10.1 10.10.10.60
    ip dhcp excluded-address 10.10.10.64 10.10.10.254
    !
    ip dhcp pool 0
    network 10.10.34.0 255.255.255.0
    domain-name matusa.net
    dns-server 10.10.10.1
    netbios-name-server 10.10.10.1
    netbios-node-type h-node
    default-router 10.10.34.254
    !
    ip dhcp pool 1
    network 10.10.10.0 255.255.255.0
    domain-name matusa.net
    dns-server 10.10.10.1
    netbios-name-server 10.10.10.1
    netbios-node-type h-node
    default-router 10.10.10.254
     
    Faustino Dina, Sep 28, 2004
    #3
  4. "Faustino Dina" <> wrote in
    news::

    > Hi all,
    > I installed a dhcp server on the segment 10.10.10.0/24 on a cisco
    > router at 10.10.10.34. It works OK.
    > Then I configured another DHCP server on the segment 10.10.34.0/24,
    > also on a cisco router at 10.10.34.254.
    > Now plug a PC on the 10.10.10.0 segment, the DHCP server that answer
    > first is 10.10.34.254 (!) and it leases of course a 10.10.34.xxx
    > address to the PC connected at 10.10.10.0. From ethereal sniffing I
    > can also see that the 10.10.10.34 dhcp server also answer the request
    > but too late. How can I restrict the dhcp server to serve only to
    > clients on his sub-network? It looks like the dhcp broadcast is not
    > restricted by certain routers in my wan. How can I block it?
    > I'm not a LAN expert and mostly the router configuration is held by
    > external consultants. So I'm looking for the most simple
    > configuration. I thought installing a dhcp server on each router to
    > serve it subnet will be the safest mode instead of using relay agents.
    > Any suggestion is welcomed. Thanks in advance
    >
    > The dhcp configuration of the routers is:
    >
    > //--- router 10.10.10.34
    > ip dhcp excluded-address 10.10.10.1 10.10.10.60
    > ip dhcp excluded-address 10.10.10.64 10.10.10.254
    > no ip dhcp conflict logging
    > ip dhcp pool 0
    > network 10.10.10.0 255.255.255.0
    > domain-name matusa.net
    > dns-server 10.10.10.1
    > netbios-name-server 10.10.10.1
    > netbios-node-type h-node
    > default-router 10.10.10.254
    > lease 1
    >
    > //--- router 10.10.34.254
    > no ip dhcp conflict logging
    > ip dhcp excluded-address 10.10.34.1 10.10.34.199
    > ip dhcp pool net0
    > network 10.10.34.0 255.255.255.0
    > domain-name matusa.net
    > dns-server 10.10.10.1
    > netbios-name-server 10.10.10.1
    > netbios-node-type h-node
    > default-router 10.10.34.254
    > lease 1
    >
    >


    You shouldn't have 2 DHCP servers on the same segment. But if you do,
    then the client will accept the first offer that it receives. That is
    why the ack packets are broadcasts, so that other servers on the segment
    will know that the client has accepted an offer from another server.
     
    Secret Squirrel, Oct 21, 2004
    #4
  5. Faustino Dina

    Guest

    On Mon, 27 Sep 2004 20:01:52 -0500, "Faustino Dina"
    <> wrote:

    >...Then I reconfigure the dhcp server on 10.10.34.254 to be the only dhcp
    >server on my wan (lets try to live with dhcp broadcast crossing routers). I
    >disconnected my 10.10.10.34 router from the network, and reconfigured
    >10.10.34.254 with two pools: one to serve the 10.10.10.0 network, and the
    >other to serve 10.10.34.0 network. But the problem remains similar: the dhcp
    >server leases a 10.10.34.x address to my 10.10.10.0 located test PC. It
    >doesn't has the intelligence to use the 10.10.34.0 network pool instead of
    >the 10.10.10.0 one. What I'm missing here?
    >
    >Thanks in advance
    >The configuration for the router in dhcp role is the following:
    >
    >
    >no ip dhcp conflict logging
    >ip dhcp excluded-address 10.10.34.1 10.10.34.199
    >ip dhcp excluded-address 10.10.10.1 10.10.10.60
    >ip dhcp excluded-address 10.10.10.64 10.10.10.254
    >!
    >ip dhcp pool 0
    > network 10.10.34.0 255.255.255.0
    > domain-name matusa.net
    > dns-server 10.10.10.1
    > netbios-name-server 10.10.10.1
    > netbios-node-type h-node
    > default-router 10.10.34.254
    >!
    >ip dhcp pool 1
    > network 10.10.10.0 255.255.255.0
    > domain-name matusa.net
    > dns-server 10.10.10.1
    > netbios-name-server 10.10.10.1
    > netbios-node-type h-node
    > default-router 10.10.10.254
    >



    Can you post the part of the config where you have the interface
    addresses configured? You may have the wrong subnet mask, or failed
    to add 'ip classless' and your routers considers 10.10.34.x and
    10.10.10.x to be on the same interface. This would cause routing
    problems though.

    Are these subnets physically seperate or do they share a segment (ala
    router on a stick)?

    -Chris
     
    , Oct 23, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. kev
    Replies:
    4
    Views:
    658
    Scooby
    Nov 17, 2003
  2. AM
    Replies:
    1
    Views:
    762
    Phillip Remaker
    May 24, 2005
  3. =?Utf-8?B?ZG91Z2hib3kzMQ==?=

    Implementing dhcp servers and dns servers

    =?Utf-8?B?ZG91Z2hib3kzMQ==?=, Jun 16, 2006, in forum: MCSE
    Replies:
    20
    Views:
    3,183
    Guest
    Jun 24, 2006
  4. Casper
    Replies:
    1
    Views:
    611
    headsetadapter.com
    Aug 17, 2007
  5. HangaS
    Replies:
    0
    Views:
    617
    HangaS
    Jul 16, 2009
Loading...

Share This Page