ONE Linux DHCP Server + Multiple VLANs

Hi everyone. I hope some of you could help with this headache problem because I've really tried thousands of dhcp and interfaces configs without success why does WinNT4 manage handle it and not the latest linux kernel...

--- NETWORK SETUP ---

My company have 3 Cisco 3500XL switches and one Cisco Catalyst 4006 router.

Every switch act as a VTP Client to the Catalyst which acts as a VTP Server. My current configuration uses the old Windows NT4 as DHCP and DNS server and a linux box as a file server.

I have configured 4 VLANs (100, 200, 300, 400), and my Windows NT4 box assigns DHCP adresses to the current VLANs with the rigth VLAN IP. Everything works fine. The servers are in VLAN 100 and the other office computers are in the others.

Now, I setup a linux box (Debian 3.1 stable, customized 2.6.12 kernel with 802.1q as a module and VLAN support as static)

I compiled vconfig tool from the kernel sources, I checked if the driver of my 2 NIC cards (3c509c) is correctly patched to handle VLAN Trunk. It's ok.

I can add with vconfig new vlan interfaces on my linux box, it works without freezing the entire box. Until now, no problem.

The DNS server is up and running, I can switch off the windows box and the linux box can take the job. But...

--- THE REAL TROUBLE ---

I tried to configure the DHCP Server (apt-get install dhcp3-server) to handle the VLANs. And nothing works from now on...

Here are the steps I think it's supposed to work (I disabled the second NIC, it will be used in the future to do load balancing with bond0, so only eth0 is concerned for my test):

The linux server adress is 10.50.100.10 with default gateway

10.50.100.1 and the Catalyst holds an ip-helper-adress for dhcp to the linux box.

Add 3 virtual network interfaces with vconfig, so

vconfig add eth0 200 vconfig add eth0 300 vconfig add eth0 400

Set up IP for the new interfaces

ifconfig eth0.200 10.50.200.5/24 broadcast 10.50.200.255 up ifconfig eth0.300 10.50.300.5/24 broadcast 10.50.300.255 up ifconfig eth0.400 10.50.400.5/24 broadcast 10.50.400.255 up

DHCP Configuration

subnet 10.50.200.0 netmask 255.255.255.0 { authoritative; # I TRIED WITH OR WITHOUT IT option routers 10.50.200.1; range 10.50.200.10 10.50.200.160;

}

subnet 10.50.300.0 netmask 255.255.255.0 { authoritative; # I TRIED WITH OR WITHOUT IT option routers 10.50.300.1; range 10.50.300.10 10.50.300.160;

}

subnet 10.50.400.0 netmask 255.255.255.0 { authoritative; # I TRIED WITH OR WITHOUT IT option routers 10.50.400.1; range 10.50.400.10 10.50.400.160;

}

That should be enough for the config. I read many notes on internet, I even tried to put the whole in a shared network or in separate declaration. Nothing works!

I launched the dhcp server in debug mode to see the details for the connections. And the problem is that...it isn't even asked to offer an IP.

--- THE ANALYSIS ---

So I tried to sniff packets with tethereal to see what was going on. And when I launch it with: tethereal -V -f "vlan or (port bootpc or port bootps)"

Notings happens (I configured the switches to add VLAN Trunks).

And by chance, I did try to add virtual interfaces with

ifconfig eth0:1 10.50.200.6/48 broadcast 10.50.255.255 up

-> Notice the /48 and the broadcast!

And I tried once again dhcp in debug mode and sniffing packets...and here is the result when I restard the connection on two Windows 2000 clients:

Multiple interfaces match the same subnet: eth0 eth0.100 Multiple interfaces match the same shared network: eth0 eth0.100 Listening on LPF/eth0.100/00:50:da:66:67:2d/10.50.100.0/24 Sending on LPF/eth0.100/00:50:da:66:67:2d/10.50.100.0/24 Listening on LPF/eth0.200/00:50:da:66:67:2d/10.50.200.0/24 Sending on LPF/eth0.200/00:50:da:66:67:2d/10.50.200.0/24 Listening on LPF/eth0/00:50:da:66:67:2d/10.50.100.0/24 Sending on LPF/eth0/00:50:da:66:67:2d/10.50.100.0/24 Sending on Socket/fallback/fallback-net

DHCPDISCOVER from 00:12:79:68:0c:0e via 10.50.200.2 DHCPOFFER on 10.50.200.160 to 00:12:79:68:0c:0e (w2k) via 10.50.200.2

DHCPDISCOVER from 00:12:79:68:0a:b5 via 10.50.100.2 DHCPOFFER on 10.50.100.160 to 00:12:79:68:0a:b5 (PST2) via

10.50.100.2

DHCPDISCOVER from 00:12:79:68:0c:0e via 10.50.200.2 DHCPOFFER on 10.50.200.160 to 00:12:79:68:0c:0e (w2k) via 10.50.200.3

DHCPDISCOVER from 00:12:79:68:0c:0e via 10.50.200.2 DHCPOFFER on 10.50.200.160 to 00:12:79:68:0c:0e (w2k) via 10.50.200.2

DHCPDISCOVER from 00:12:79:68:0a:b5 via 10.50.100.2 DHCPOFFER on 10.50.100.160 to 00:12:79:68:0a:b5 (PST2) via

10.50.100.2

DHCPDISCOVER from 00:12:79:68:0a:b5 via 10.50.100.3 DHCPOFFER on 10.50.100.160 to 00:12:79:68:0a:b5 (PST2) via

10.50.100.3

There's an option in vconfig that might help you:

birdsong@phos:/usr/src/linux-2.6.11.11/net/8021q$ sudo vconfig --help

....

FLAGS: 1 REORDER_HDR When this is set, the VLAN device will move the ethernet header around to make it look exactly like a real ethernet device. This may help programs such as DHCPd which read the raw ethernet packet and make assumptions about the location of bytes. If you don't need it, don't turn it on, because there will be at least a small performance degradation. Default is OFF.

Here it is in the dot1q Linux code; as you can see it specifically is used for DHCP:

int vlan_dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev) { struct net_device_stats *stats = vlan_dev_get_stats(dev); struct vlan_ethhdr *veth = (struct vlan_ethhdr *)(skb->data);

/* Handle non-VLAN frames if they are sent to us, for example by DHCP. * * NOTE: THIS ASSUMES DIX ETHERNET, SPECIFICALLY NOT SUPPORTING * OTHER THINGS LIKE FDDI/TokenRing/802.3 SNAPs... */

if (veth->h_vlan_proto != __constant_htons(ETH_P_8021Q)) { int orig_headroom = skb_headroom(skb); unsigned short veth_TCI;

/* This is not a VLAN frame...but we can fix that! */ VLAN_DEV_INFO(dev)->cnt_encap_on_xmit++; ....

I don't think you specified that flag so you might need to.

Ad wrote:

ONE Linux DHCP Server + Multiple VLANs - Soluble problem?