Single DHCP server for multiple subnets (VLANs) one single interface

Surprisingly this was an extremely hard to find piece of information on the topic. At least one that fit my need. There were lots of questions in various online posts, but no completely working answers with all the relevant details in one place.

I am going to document it here.

Aggregation router is a pair of Cisco 6506E in VSS mode, active-active. They have ip helper pointing to my DHCP server.

Multiple VLANs and subnets

There was a pretty useful post about single DHCP server, multiple subnets on one interface here. But this does not work for my situation. He’s using a fairly simple network, and his DHCP server run on the gateway.

I have a gateway/router that aggregates multiple VLANs, one of which is a management VLAN that my DHCP server sits on. All the other VLANs has the DHCP relay helper address pointing to my DHCP server (see graph above).

Using the “shared-network” statement in dhcpd.conf does not work as that will pool all of the subnet declaration into that single network. This is why the blog post uses the classes along with “match if” statements to put DHCP client requests into the correct subnets. I have anywhere from 200 to 300+ servers in each VLAN, and they are a mix of gears/vendors. There is no way that I can use hardware (MAC) address, without it getting very complicated, not to mention the horror of maintaining that mapping.

ISC DHCP actually supports what I wanted out of the box. The trick was to make all the subnet declaration, but don’t use the “shared-network” statement. Make sure the DHCP relay are setup correctly, and when client make DHCP requests, they will arrive at the DHCP server with the relay address in it as the GIADDR (gateway IP address). The DHCP server will see that and know which subnet it should provide addresses from.

Here is the dhcpd.conf portion of the working config. Note that I also do PXE and kickstart boot from this dhcpd server.

authoritative;

# this is the most important line. It specifies the method
# to use to connect to the DNS server and update it.
ddns-update-style none;
ddns-domainname "example.com";
ignore client-updates;
option host-name = config-option server.ddns-hostname;

include "/etc/rndc.key";

option domain-name              "example.com";
option domain-name-servers      10.1.14.10,10.1.14.11,10.1.14.12;
option time-offset              -18000; # Pacific Standard Time
option ntp-servers              10.1.14.11;
one-lease-per-client            off;
default-lease-time              86400;
max-lease-time                  604800;
option                          ip-forwarding off;

# PXE
next-server install;
filename "/linux-install/pxelinux.0";

# Subnet for internal hosts
    subnet 10.1.0.0 netmask 255.255.254.0 {
        range 10.1.1.200 10.1.1.253;
        option routers                  10.1.0.1;
        option subnet-mask              255.255.254.0;
        #failover peer "dhcp";
    }

    subnet 10.1.2.0 netmask 255.255.254.0 {
        range 10.1.3.200 10.1.3.253;
        option routers                  10.1.2.1;
        option subnet-mask              255.255.254.0;
        #failover peer "dhcp";
    }

    subnet 10.1.4.0 netmask 255.255.254.0 {
        range 10.1.5.200 10.1.5.253;
        option routers                  10.1.4.1;
        option subnet-mask              255.255.254.0;
        #failover peer "dhcp";
    }

....and so on....

21 thoughts on “Single DHCP server for multiple subnets (VLANs) one single interface”

  1. Hi,
    im a bit confused i had a HP procurve switch without dhcp server inside. So I have configured 2 Vlans in the Procurve and want now that in every Vlan the server which is at 192.168.1.20 served the ip adresses

    i entered this
    #Subnet for main lan
    subnet 192.168.1.0 netmask 255.255.255.0 {
    range 192.168.1.100 192.168.1.254;
    option routers 192.168.1.20;
    option subnet-mask 255.255.255.0;
    #failover peer “dhcp”;
    }

    #Subnet for guest lan
    subnet 192.168.2.0 netmask 255.255.255.0 {
    range 192.168.2.1 192.168.2.10;
    option routers 192.168.2.1;
    option subnet-mask 255.255.255.0;
    #failover peer “dhcp”;
    }

    but im not sure what the option routers is for? I want that all vlans had a internet connection through 192.168.1.1 thats the router itself

    Or is it a config for the vlans in the hp pro curve

    1. option routers is for your default route. It tells nodes in your network where to send packets that is destined outside of your local network.

      E.g. in your 192.168.1.0/24 network, option routers 192.168.1.20 mean packets going to any non-192.168.1.0/24 address should be sent to 192.168.1.20 (the gateway).

      Your gateway must be reachable in the network it is a gateway for, e.g. must be in the same network. So you can not use 192.168.1.1 as a gateway for your 192.168.2.0/24 subnet.

  2. Cool, good to know. I guess I could put both IP’s for both servers in as helpers.. thanks again for the great article!

  3. Thanks tin!

    This article was result #8 from Google when asking “isc dhcp multiple pools”! I am about to do this for a customer of mine and couldn’t believe how difficult this is to find. I feel bad for the earlier comments.. because it sure seems like that is what you have to do. I was 10 minutes from setting up an entire virtual lab to play with and test before going to the client.. you saved me hours!

    I wanted to ask about the:
    #failover peer

    I have two servers for this client now, doing perfectly great load balancing of DHCP. They are growing and I am breaking up their core a little bit.. enough that I am going to serve their DHCP from a both servers. Was that #failover commented out to not confuse people in your example, or were you able to do this “Single server for multiple subnet” thing and keep your failover.

    I am stuck on how this would even work, because the ip helper is a unicast-forwarded broadcast. So every request will come to one IP.. every time.

    Hope you figured it out… I am afraid the answer isn’t good. πŸ˜‰

    Thanks again! Great article!

    1. It was commented out on purpose. This setup was done over a Christmas and New Year week, approx 10 days. I spent that time moving and consolidating two data centers, well, moving/retiring one data center to a new data center that is up and running, but not fully populated.

      The single DHCP server I had was enough to handle all the subnets and VLANs I had. I never got around to setting up the failover DHCP server. I’ve since left that job years ago, and had not done anymore data center or network type of work since.

      It should work. I don’t have access to that kind of setup anymore and have given away most of my home lab networking gears.

  4. Hello, interesting thing! I have the same problem for a networking course I’m working on… User JB posted this problem too, but didn’t phrase it quite correctly..

    My issue (and this is perhaps because this is 2017 and the software has changed) is that, if the address of the single linux interface is not present in at least one of the Subnet declarations, then the dhcpd server will not start. You will get the following error:

    Mar 09 08:38:14 localhost.localdomain dhcpd[11369]: No subnet declaration for enp0s10 (192.168.0.1).
    Mar 09 08:38:14 localhost.localdomain dhcpd[11369]: ** Ignoring requests on enp0s10. If this is not what
    Mar 09 08:38:14 localhost.localdomain dhcpd[11369]: you want, please write a subnet declaration
    Mar 09 08:38:14 localhost.localdomain dhcpd[11369]: in your dhcpd.conf file for the network segment
    Mar 09 08:38:14 localhost.localdomain dhcpd[11369]: to which interface enp0s10 is attached. **

    Here, I was trying to make a DHCP server on 192.168.0.0/24 that assigns IPs to 10.10.1.0/24 and 10.10.2.0/24 (two separate VLANs). But my server IP is not stated anywhere in the dhcp.conf (and why should it be?…).

    So, in your example, your server is on the 10.1.14.0/23 VLAN.

    The DHCP server will not start up unless there is a statement in your dhcp.conf file with that 10.1.14.0/23 subnet declared…

    So I don’t know how you were able to get your dhcpd to start. I can’t see anything in your initial configuration file that would be different from mine..but I’ll keep trying.

    1. For the range that you do not want to act as a DHCP server for, e.g. in your case, 192.168.0.0/24, you can declare an empty subnet so DHCPD will start up.

      subnet 192.168.0.0 netmask 255.255.255.0 {
      # note that no range is given so dhcpd will not try to
      # assign IP addresses
      }

  5. I cant get this to work? whenever starting this configuration the service says “no subnet declariation for eth1”. Eth1 is not defined within the subnet declaration, exactly like yours is not?

    1. I only use one ethernet interface, actually it’s bond0, which is both eth0 and eth1 bonded for redundancy.

      Why don’t you post your entire config, so we can see and help.

  6. Hey Tin,

    Many thanks for the article….. i have solved my issue as per your guideline. i just want to add one thing i.e please concentrate on default gateway on dhcp server and respective VLANs too. once again thanks to TIN…..

    Thanks
    Amol Meghe

  7. hey can u send me out the interface entry and dhcp relay agent configuration file im very much cofused i have to setup a server where a catalyst switch has vlan assigned my physical interface is giving ip from dhcp but my vlan interface doesent send

  8. Hey, thanks for this guide. You saved my sanity! πŸ˜€ I have a network similar to yours. I had everything set correctly, except I had my subnets defined in shared network… just removing the shared network clause and everything works like a charm! Thanks again!

  9. do you using IP-Helper int cisco?
    I’m trying port switch as trunk connected to dhcp server,but failed conected.

    thx

  10. Really thanks! for this helpful post and its graph. Finally I made it at my network using this.
    (i’ve done this using OpenWRT as DHCP server)
    Totally agree with this sentence: “this was an extremely hard to find piece of information on the topic” πŸ˜›

  11. I did not define VLANs on the server (linux) box side. As far as each linux node is concerned, they are in their own subnet. All the VLANs are defined on the Cisco Cat6K.

    By doing it this way, all the complexities is at the switches end. The nodes does not know anything. The DHCP server is told where to send replies to (which gateway). Note that I only show one DHCP server here. It’s pretty easy to add more for failover scenarios.

  12. Can you post the interface eth0 configuration as well. Because I suppose it should be configured as: eth0:10.1.0.2; eth0:10.1.2.2 and so on.
    Also did you activate dhcp relay agent on Linux Server. Help will be much appreciated. ))

    1. Not sure I understand your question. The DHCP server only have one IP address, that’s 10.1.14.100. It’s in VLAN1000 (10.1.14.0/23 network). The aggregation routers (pair of Cat 6506E) has DHCP helper address pointing to 10.1.14.100 for all DHCP requests from all VLANs and subnets in the VLANs. That way, DHCP requests will get forwarded to 10.1.14.100, and the DHCP server knows which subnet is requesting (the GIADDR byte in DHCP packet).

Leave a Reply