Re: DHCP Issues with VLAN setup - Page 2

ALIAOF_ · ‎03-04-2020

I ran into a non standard network setup and there seems to be many DHCP Bad Address issues happening on the DHCP server.

This is a Windows DHCP server with second DHCP server as a backup.

Attached diagram shows how things are setup.

Basically two /24's have been carved out of Site2's /16 network and setup as secondary addresses on the Site1's L3 switch.

There are two static routes on Site1 router for the two /24's. Would the secondary IP's cause issues in this case?

Looking for thoughts on this, thank you in advance.

ALIAOF_ · ‎03-05-2020

Don't see the MAC in the scope that is what I have been trying to find out but no luck so far. I have asked customer to send me the logs lets see will keep y'all posted.

andrew.butterworth · ‎03-05-2020

1st issue - secondary IPv4 addressing and DHCP... You need to create three scopes for each of the networks and then combine them into a Super Scope on the DHCP servers so they know they can issue addresses from any of the subnets when they receive DHCP requests forwarded by the routers primary IPv4 address.

2nd issue - DHCP resilience. Three options here. Cluster (MS Clustering with a VIP so both DHCP servers need to be on the same L2 network), DHCP failover (available from 2012 R2 where the DHCP server database is replicated so each server knows what has been leased) or split the scopes so the servers don't have overlapping addresses to dish out.

ALIAOF_ · ‎03-05-2020

Thanks Andrew please see my responses below:

1st issue - secondary IPv4 addressing and DHCP... You need to create three scopes for each of the networks and then combine them into a Super Scope on the DHCP servers so they know they can issue addresses from any of the subnets when they receive DHCP requests forwarded by the routers primary IPv4 address.

*** No DHCP is needed for the secondary IP's. Devices in those networks are setup with Static IPs. DHCP is only needed for the 10.21.0.0/16 network

2nd issue - DHCP resilience. Three options here. Cluster (MS Clustering with a VIP so both DHCP servers need to be on the same L2 network), DHCP failover (available from 2012 R2 where the DHCP server database is replicated so each server knows what has been leased) or split the scopes so the servers don't have overlapping addresses to dish out.

*** DHCP servers are setup with option 2 i.e; DHCP Failover.

There are two scopes on the servers:

10.20.0.0/16

10.21.0.0/16

andrew.butterworth · ‎03-05-2020

OK, just read through the thread again and looked at the diagram.

You have 10.20.0.0/16 one one site and 10.21.0.0/16 on the other with a routed link between the two routers using 172.22.209.136/30 (i am assuming a /30 P2P link here?). I suspect what's happening is your router 10.20.1.3 is proxy-arping for hosts on subnets 10.20.8.0/24 & 10.20.7.0/24 since it has a more specific routes that its own 10.20.0.0/16. Check the ARP cache on the DHCP server and see if there are entries that correspond to the BAD_ADDRESS entries?

Its a 'bodged' design though and should be fixed rather than trying to work around it - engineer the crap out of the equation so its never an issue....

Andy

ALIAOF_ · ‎03-09-2020

Thanks Andrew that is correct it is a /30 P2P link.

There is nothing on 10.20.8.0/24 and 10.20.7.0/24 have static IP's only no DHCP.

Only BAD_ADDRESS messages are on 10.21.x.x/16 range. I did notice that none of the interfaces have "no ip proxy-arp" command and I am looking to add that on both ends later tonight.

Yes I concur its a terrible design and I would love to fix it/change it. I have talked to the customer about it as well, but they have to make the last call.