More then 1 dhcp server...

L

ltickett

[H]ard|Gawd
Joined
Jul 27, 2000
Messages
1,125
My current network setup utilises a dhcp server per household, each household also has a router and thus the dhcp server hands out a dns/default gateway relative to the house....

The problem has arisen as we have a number of houses wirelessly linked; When a client seeks a dhcp server to assign it an ip and what-not it will often pickup on the wrong house and thus will end up surfing using the wrong internet connection and so on and so forth....

Is there a way I may be able to handle this?
 
Can the devices linking the homes block broadcast or DHCP traffic? That would solve the problem.

On a more basic level, you could go with static IP's for each box.
 
Static ip's would be a pain in the arse, especially as I use RIS on a regular basis, so think still need a dhcp server for this to work...

And I don't believe my D-Link AP's allow blockin of broadcast/dhcp traffic :(

Any more ideas? :p
 
I think you'll have to force your client to connect to the AP coresponding to the house your in.

Other than that, I don't know of a way to select which DHCP server your using. When your system sends out a DHCP Discover, it'll work with the first DHCP server that replies.

Riley
 
Do you mean that the wireless is supposed to be a network between the houses or are the just supposed to be wireless networks for that one house?

If so then you need to set your wireless networks such that they are seperate in network and broadcast over the air
 
LittleMe; Lol, what don't i do?! You got msn?

bigstusexy; The wireless i'm referring to is meant to connect each houses network to the next-door-neighbours basically....

Skud; " think you'll have to force your client to connect to the AP coresponding to the house your in. "

How? Do you mean set a static IP?
 
Surely a computer requesting an IP address (broadcasting awaiting response from a dhcp server) will not have a subnet.
Therefore I don't see how it would be possible?
 
I didn't read half the post the first time; thought you had full-fledged routers on all sides to restrict traffic. If you're just bridging everything together without some sort of traffic filtration between sites and if your DHCP servers don't have some sort of MAC restrictions/filters, you're screwed.
 
Lol, aiii i thought as much. I guess I can setup reservations for the majority of the PC's and then hope that for the rest of cases the appropriate dhcp server will be quickest to resond (although I know this not always to be the case :p)
 
If you have just one big subnet:
  1. Use 1 DHCP server
  2. Use several DHCP servers with a "split scope"
  3. Use several DHCP servers which support DHCP failover protocol
    [/list=1]
    DHCP doesn't support what it sounds like you are trying to do. How would you prevent the same IP from being handed out to multiple systems by these various DHCP servers?
 
He could (probably has) set alternate ranges for each of the DHCP servers to eliminate IP address conflicts.

Actually, it just occurred to me you could try some really crackheaded stuff here. Setup your different DHCP servers to give out the list of all the possible gateways, then restrict those gateways to traffic from MACs on their own networks. It may work, lol.
 
Originally posted by ltickett
Surely a computer requesting an IP address (broadcasting awaiting response from a dhcp server) will not have a subnet.
Therefore I don't see how it would be possible?
Click to expand...
It does have a subnet, it's just the workstation doesn't know what it is. So, it sends out a DHCP request to the all 1's address (255.255.255.255). The DHCP server, which is sitting on that subnet does know what subnet it is, and includes that information in the reply to the workstation.

If there are multiple logical subnets on a single physical network, DHCP has no way to distinguish which is which based on DHCP request alone. As was pointed out by Snugglebear, you probably want to make each house its own subnet.

If you don't want to do this, then use a single DHCP server which allows you to specify gateway on a MAC address by MAC address basis. ISC DHCP server can do this. I don't know that Microsoft's can, and I'm almost certain the DCHP server built into those wireless routers can't.

Or, is the idea to have the gateway change based on what house you are in? I don't know that that can be done without manually changing some settings on the workstation itself, in which case why not just enter the gateway by hand and leave the rest to DHCP?
 
Having a single, master DHCP server is somewhat risky, though. Should that wireless link go down, those clients are stuck out in the cold. Usually in situations like this you'd want to run failover servers, but then the other factor in situations like this - that most of the links are friends who aren't techies - precludes running more than SOHO NAT devices. No fancy dedicated servers, etc.

On the side, by RIS do you mean Remote Installation Services? If so, why not run a hybrid environment, static IPs for most things, DHCP for the rest?
 
Can't you just set a different wireless SID for each house's AP and it's wireless devices? Would keep you from stepping on one another I believe... If I'm wrong, sorry
 
mjones73; Kinda defeats the object of having the wireless setup? The idea is we're all on one big network...

Snugglebear; Yup Remote Installation Services :) I was hoping that the outcome of this thread would solve my problem, but as it stands I think I may have to go the route of primarily static ip's.

And as for giving out all the gateway/dns address's I might try it, but as you said "crackhead stuff" lol :p

bdavids1; I've currently set several reservations in Microsofts DHCP server in order to ensure a few PC's always obtain the same address aswel as to prevent them using the wrong gateway and dns server.....
 
Sounded like you wanted certain devices to go to certain access points, having different SID's isn't gonna keep them from ultimately getting to the same network, just keeps the device configured to the right access point... I mistook whatt your trying to do I guess...
 
Na, in my setup the AP's are acting as wireless bridges... Eeach house has a wired network (not strictly true, but theoretically :)) then the AP's connect the houses to one-another... :p

From the ideas/suggetions thrown together I wonder if I can install a simplistic firewall app on each dhcp server to block requests which come via a certain AP? I'm not too sure; when I do a tracert from my machine to the dhcp server next-door per say;

Tracing route to 192.168.0.200 over a maximum of 30 hops

1 2 ms 2 ms 2 ms 192.168.0.200

Trace complete.

Doesn't show the hop via the AP :(
 
LittleMe; Errr... no :p

Just really me being majorly into everything from programming to dvd authoring, networking, and everything else loosely related to computers + technology! Well that and several other reasons :)
 
Originally posted by ltickett
LittleMe; Errr... no :p

Just really me being majorly into everything from programming to dvd authoring, networking, and everything else loosely related to computers + technology! Well that and several other reasons :)
Click to expand...
so enlighten us as to how your hobby of computers (like everyone here) lets you setup a network between your entire street?? Do the people in the other houses have a say in this or what? :D

Im really lost as to what your trying to do here..
 
Originally posted by SKiTLz
so enlighten us as to how your hobby of computers (like everyone here) lets you setup a network between your entire street?? Do the people in the other houses have a say in this or what? :D
Click to expand...

Wish it was the entire street, probably 500 odd houses, that would rock! Multiple subnets, lotsa routing, much more in terms of security issues, blimey a dream come true (ok now i'm just being a geek! :p)

The other houses do have a say (just :)). Initially I guess it started with a family my family are very friendly with; We were always running back and forth borrowing cd's, dvd's and that sort of thing. We thought it would be great to have our houses connected somehow... We were looking @ cabled firstly, as the distance is only 100m odd, however crossing a road wouldnt be easy! When 802.11b came out we saw an opportunity and grabbed ahold of it! Spent hour upon hour, day upon day working on reflectors, antennas and whatnot in order to get a rock solid reliable/fast link between our houses.... Eventually we did it...

Anyway, this grew from just the odd file sharing to using each others internet connections when we had large downloads to complete, sharing printers, and utilising DAB radio e.t.c....

After sometime a few others I spoke to wanted in... so bingo...

From time to time I "war-drive" locally and picked up a few more wireless networks so basically invited them...

Word gets around :D

Originally posted by SKiTLz
Im really lost as to what your trying to do here.. [/B]
Click to expand...

And the problem we're encountering is;

Multiple DHCP servers exist on the network. i.e. one at my house, one at a next-door-neighbours, one next-door-but-one.... When a new PC is connected to the network it will attempt to obtain an IP from a DHCP server; often a DHCP server from a different house will answer the request. Details such as dns address, default gateway are obtained incorrectly!

So say I bring a new laptop home tomorow and plug it into my network it may get an ip 10.0.0.251 with default gateway 10.0.0.8 and dns server 10.0.0.101. Both of which belong to my next-door-neighbour! It should actually be obtaining default gateway 10.0.0.5 and dns server 10.0.0.95... if that makes sense?
 
Ok I get what your saying, but I think you've got some serious flaws in your whole layout...

What are the DHCP servers? SOHO linksys like boxes or win2k/nix boxes?

If there WIn based why not just balance the one scope across all of them? Im guessing this isn't the situation though as you would have thought of it..

Your AP's are all in bridge mode right? Give us some more info like what equipment is at each house and how many houses...
 
Roughly 10 houses at the moment, and yeah bridge mode for the AP's (All D-Link DWL900AP+) Most of the properties use ipcop to connect the LAN to WAN and therefore utilise that as a DHCP server. Myself and a several others use Win2k Server. The problem is that we all use different default gateway/dns servers and dns suffix.... So need to use different DHCP servers in order to be issued with the correct addresses. In addition to this from time to time a link may be down (powercut, family on holiday, computer blown up, that sort of thing... :p)
 
Well I really dont know....

Wouldn't this work???

Have IPCop (iptables) restrict outbound dhcp acks to the WAP IP and put them back into AP mode... Just talking out my ass cause I really got no idea but that seems to make sense too me..
 
Originally posted by SKiTLz
Well I really dont know....

Wouldn't this work???

Have IPCop (iptables) restrict outbound dhcp acks to the WAP IP and put them back into AP mode... Just talking out my ass cause I really got no idea but that seems to make sense too me..
Click to expand...

Hehe, think you hit the nail on the head with "just talking out my ass" :p

The ipcop machine joins eah house to the internet (WAN). The AP joins each house to the other houses (LAN). I'll see if I can make a rough diagram in visio for ya...

http://www.ltickett.nildram.co.uk/network.htm is a very very old diagram, which may give you some idea how it used to work, jus add a dozen more houses the network...
 
Your right.. Its old.. That diagram doesnt look like what you've described....

I still think my idea is right though...

Whipped this up quickly... This is what It looks like too me front what I can gather...

If you deny dhcp acks from your IPCopy box to the AP then the clients in that house will still recieve acks but noone outside..

What am I missing? Sounds simple too me...

EDIT: Have to give me a few to get the image up... F**n host been down all day...
 
I'm just working on an image too hehe :)

Basically the ipcop box lies doesn't lie between the AP and the computers within the house. If that makes sense? Diagram should explain it.. give me a minute :p
 
I think I would do something like:
Code: 
Internet          Internet
  |                 |
House1            House2
router            router
  |(10.1.1.0/24)    | (10.1.2.0/24)
H1BBrouter        H2BBrouter
  |                 |
Access  --------- Access   (10.254.254.0/24)
Point             Point

The H#BBrouter (House Backbone Router) has routing entries for all other house backbone routers, but doesn't know how to get to the Internet (so nobody can steal service from a neighbor). The H#BBrouter also serves as a choke point. You can configure what your neighbors are and aren't allowed to do on your house network.

The House# router (internet router) would have an additional routing entry for the 10.0.0.0/8 which points to the H#BBrouter. That way, traffic for any of your neighbors would be routed through the wireless network. This would still give you the much higher bandwidth.

Each house gets its own 10.1.#.0/24 subnet, and the house DHCP server resides on that subnet. If you want wireless access, another access point would be required (which would not bridge to the APs in other houses!).

I know this kind of sucks because you need a 2nd router and 2nd Access Point per house. Another option would be to consolodate and get a T1 or T3 line, have everyone chip in to pay for that, and get rid of those individual lines...
 
See if
network2.jpg
helps to explain :)
 
bdavids1; no router exists between the network within each house and the AP joining that house to the rest of the houses...

I'd love to be able to have a "fat pipe" and share costs! However the max we have available to us here is 512k ADSL :(
 
the only thing I can think of looking at that diagram is to grab them ankles. I'm sure you don't need or want a lecture about locking down all external entry points to your network.
 
Hehe, trust me you wont get in :) Or you'll have extreme difficulty. I like to think of myself as somewhat a security expert (damn i'm gonna get flamed). I even go to the extent of trying to hack my own network to see if others may be able to. Because the AP's are in bridge mode it helps a great deal tho, not wardrivers afaik can jus stumble onto the network :)
 
Ok Im still lost.. My way would work fine from that diagram..

Limit DHCP ACKS on each IPCop box to only the clients, slap the bridges in AP so you can stop them recieving ACKS.. How would that not work?
 
The ipcop box is NOT between the client and the AP, the dhcp request from the client would NOT be routed through the ipcop box. Make sense? :p

The AP, client and ipcop box are connected using a switch (not a router :p)
 
Originally posted by ltickett
bdavids1; no router exists between the network within each house and the AP joining that house to the rest of the houses...

I'd love to be able to have a "fat pipe" and share costs! However the max we have available to us here is 512k ADSL :(
Click to expand...
I realize there currently aren't routers there. That's the bit I would add, along with the corresponding routing stuff I mentioned above. The only downside is the cost of the additional routers (and APs?).

Another workaround, since I doubt you'll go that route, would be to use the ISC DHCP server, put in host statements for each system and link computers to routers in each host statement. For fault tolerance, you can set up 2 DHCP servers and use the failover protocol.

Trying to make multiple DHCP servers work on a single network is just not going to work...
 
Originally posted by ltickett
The ipcop box is NOT between the client and the AP, the dhcp request from the client would NOT be routed through the ipcop box. Make sense? :p

The AP, client and ipcop box are connected using a switch (not a router :p)
Click to expand...

it makes no difference... Play follow the leader in your diagrams and you'll see what I mean...

If House 1 decides not to use their DHCP server and hops on the AP over to house 2... House 2 AP has an IP that the IpCOp box refuses to send a DHCP ack to...

Get what I mean?
 
You must log in or register to reply here.
Back
Top