ISC DHCP server on Rasbian not liking NIC aliases

See the configuration below. The dhcp server does not like the statement "interface eth0.1". It does not work with the interface statement left out. I have enabled 802.1q trunking on the port that the NIC is connected to and I am distinguishing between the vlans with eth0.x where x is the vlan number. To my knowledge I therefore need this configuration. I also have an extensive iptables script that distinguished between two different names, eth0.1 and eth0.2.

This is on Raspbian for Raspberry PI. Pretty much Debian.

/etc/network/interfaces
auto eth0.1
iface eth0.1 inet static
        address 192.168.1.254
        network 192.168.1.0
        netmask 255.255.255.0
        broadcast 192.168.1.255
        dns-search nodenet.local
        pre-up iptables-restore < /etc/iptables.rules
        post-down iptables-save -c > /etc/iptables.rules


auto eth0.2
iface eth0.2 inet dhcp

Open in new window


/etc/dhcp/dhcp.conf and /etc/dhcp3/dhcp.conf:
ddns-update-style none;
log-facility local7;

default-lease-time 7200;
max-lease-time 12000;

subnet 192.168.1.0 netmask 255.255.255.0 {
        interface eth0.1;
        range 192.168.1.105 192.168.1.200;
        option subnet-mask 255.255.255.0;
        option broadcast-address 192.168.1.255;
        option routers 192.168.1.254;
        option netbios-name-servers 192.168.1.254;
        option domain-name-servers 192.168.1.254;
        option domain-name "nodenet.local";
        option domain-search "nodenet.local";
        option ntp-servers 192.168.1.254;
        option netbios-node-type 8;

        host Tom {
          hardware ethernet 00:25:fc:66:a8:18;
          fixed-address 192.168.1.208;
          option subnet-mask 255.255.255.0;
          option broadcast-address 192.168.1.255;
        }
}

Open in new window

LVL 2
itniflAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Daniel McAllisterPresident, IT4SOHO, LLCCommented:
FIRST, a very common issue in situations like this is that you may have left Network Manager running (do something akin to "sudo chkconfig NetworkManager off \; service NetworkManager stop"  -- which is CentOS 4/5/6). (I could assume this, but just to be safe...)

Next, I AM going to ASSUME (bad, but necessary) that you have vlan already installed, and the kernel module already loaded for 8021q.

Next, I'm going to assume you've modified /etc/network/interfaces similarly to this:

auto eth0.1
iface eth0.1 inet static
address 10.0.1.254
netmask 255.255.255.0

iface vlan1 inet static
vlan-raw-device eth0
address 10.0.1.254
netmask 255.255.255.0

auto eth0.2
iface eth0.2 inet static
address 10.0.2.254
netmask 255.255.255.0

iface vlan2 inet static
vlan-raw-device eth0
address 10.0.2.254
netmask 255.255.255.0

auto eth0.3
iface eth0.3 inet static
address 10.0.3.254
netmask 255.255.255.0

iface vlan3 inet static
vlan-raw-device eth0
address 10.0.3.254
netmask 255.255.255.0

Open in new window


NOTE: You MUST have a static IP on ALL of the VLAN interfaces -- if there is another DHCP server running, you'll have problems -- and you cannot be your own DHCP server.

You should verify your VLANs are working (sudo cat /proc/net/vlan/config) ... you should get something like:

eth0.1 | 1 | eth0
eth0.2 | 2 | eth0
eth0.3 | 3 | eth0

Open in new window


Similarly, the output of ifconfig should show all of the vlans...

Now I'm going to make an aside -- my example is perhaps overly simplistic -- because I started with VLAN1 -- and a significant number of routers & switches will CHOKE on VLAN1 packets... so you're better off actually starting at 2 :)

So, NOW you can try to configure the DHCP.... which in my example, would be akin to:

ddns-update-style none;
option domain-name "hello.lan";
option domain-name-servers 10.0.0.254;
option domain-name-servers 8.8.8.8;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
subnet 10.0.1.0 netmask 255.255.255.0 {
range 10.0.1.20 10.0.1.30;
option routers 10.0.1.254;
}
subnet 10.0.2.0 netmask 255.255.255.0 {
range 10.0.2.20 10.0.2.30;
option routers 10.0.2.254;
}
subnet 10.0.3.0 netmask 255.255.255.0 {
range 10.0.3.20 10.0.3.30;
option routers 10.0.3.254;
}
host static-machine-vlan1{
hardware ethernet 90:94:e4:f7:c3:f3;
fixed-address 10.0.1.11;
}

Open in new window


Please let me know how this works out...

Dan
IT4SOHO
0
itniflAuthor Commented:
Hello. The OS was booted between retries so I am sure network manager also had its restart.

Yes, you assume correct.
/etc/modules contains 8021q and it is successfully loaded at startup.
# lsmod | grep 8021q
8021q                  19535  0
garp                    6367  1 8021q

Could you please tell me the effective difference between your /etc/network/interfaces and my /etc/network/interfaces?

https://wiki.debian.org/NetworkConfiguration
"If you name your VLAN interfaces ethX.YYY, then there is no need to specify the vlan-raw-device, as the raw device can be retrieved from the interface name."

Seems like the VLANS are working, i also could verify this by using ping tests.

~# cat /proc/net/vlan/config
VLAN Dev name    | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
eth0.1         | 1  | eth0
eth0.2         | 2  | eth0

Your dhcp.conf is much the same syntax as mine, only you are not using the keyword 'interface.' To have a DHCP server receive a DHCP address on one NIC (in this case a virtual nic), and distribute IP addresses on another NIC, I need to tell it what NIC it should use with the 'interface' keyword. Obviously it can't answer DHCP requests and give DHCP offers on a NIC that receives its IP address from another DHCP server, but it can do this on a NIC with a static address and if I tell the server what that NIC is then there is no confusion for the server. This is tested and verified from previous setup on a different system, where I had two physical NICS in each VLAN and routed between them. The same router acted as a dhcp server and gave IP addresses in one VLAN, but received its address dynamically on the other NIC in the other VLAN. This ran for years without trouble. the situation today is that I want the same thing, only i don't have two NICs, but only one. So that NIC is now trunked one port and two VLANS. The problem is, as stated in the question, that I can't use the 'inteface' keyword to tell my DHCP server what NIC to listen for requests on, because the DHCP server does not accept the synthax 'interface eth0.1;' In the previous setup I just described, I did not have this problem, because I had two NICs and therefore there was no dot in the NIC name(I used eth0 and eth1).

My workaround today is that I have moved the DHCP server to another server with a dedicated NIC in VLAN 1. On this server, I dont have to use a punctuation in the NIC name or even specify what NIC to listen to since it only has one NIC. I think, however, that the dhcp servers unability to read the eth0.x synthax should be viewed as a bug. Iptables in comparrison has no problems with it when filtering on source packet NIC origin.

For instance this is no problem:

iptables -A INPUT -p tcp -i eth0.1 --dport 137 -j ACCEPT

You might be wondering how I can NAT route with iptables and correct setup in syctl.conf between two networks where the one NIC receives its address from a DHCP server? I do this by dynamically reading the IP address periodically with a script and create the iptable rules in accordance to the reply. Works like a charm.
0
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
That is quite a lengthy response -- before I go through it step-by-step, I will point out that the ISC DHCP service, when deployed with VLANs does not (and, I believe, CAN NOT) be directed to use specific interfaces for each VLAN. (That is, the intelligence for separating out the separate IP address ranges is determined by the VLAN device that the broadcast was received on, and thus is created and replied to on the same VLAN -- hence the REQUIREMENT that each VLAN device that you want to run DHCPd on must have a STATIC IP on that VLAN's network.

I'll look over the rest of your comment later, right now I'm "experiencing a Monday"...

Dan
IT4SOHO
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
itniflAuthor Commented:
I think actually, that you gave me the correct response. If you have more you would like to add, please free to further comment =)
0
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
LOL - Glad I was of assistance :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DHCP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.