Configuring ISC DHCP Server for Multiple Subnets on Different Network Interfaces


5 views

When setting up a multi-homed DHCP server with ISC DHCPD, administrators often encounter situations where DHCP offers are incorrectly served through unintended interfaces. The fundamental issue lies in how the DHCP server associates subnets with physical interfaces.

The ISC DHCP server determines which interface to use based on two key factors:

  1. The network topology defined in dhcpd.conf
  2. The interface binding specified in /etc/default/isc-dhcp-server

Here's a more robust configuration approach:

# /etc/default/isc-dhcp-server
INTERFACESv4="eth1 eth2 eth3"
INTERFACESv6=""

Modify your dhcpd.conf to explicitly bind subnets to interfaces:

subnet 172.16.0.0 netmask 255.255.255.0 {
    range 172.16.0.2 172.16.0.100;
    option subnet-mask 255.255.255.0;
    option routers 172.16.0.1;
    interface eth2;  # Explicit interface binding
}

subnet 10.0.0.0 netmask 255.255.255.0 {
    range 10.0.0.2 10.0.0.100;
    option subnet-mask 255.255.255.0;
    option routers 10.0.0.1;
    interface eth1;  # Explicit interface binding
}

subnet 10.0.1.0 netmask 255.255.255.0 {
    range 10.0.1.2 10.0.1.100;
    option subnet-mask 255.255.255.0;
    option routers 10.0.1.1;
    interface eth3;  # Explicit interface binding
}

After making these changes, restart the DHCP server and monitor logs:

systemctl restart isc-dhcp-server
tail -f /var/log/syslog | grep dhcpd

Expected output should show DHCP traffic on correct interfaces:

dhcpd: DHCPDISCOVER from aa:bb:cc:dd:ee:ff via eth2
dhcpd: DHCPOFFER on 172.16.0.2 to aa:bb:cc:dd:ee:ff via eth2

For environments requiring more granular control, consider these additional measures:

shared-network "VLANs" {
    subnet 172.16.0.0 netmask 255.255.255.0 {
        range 172.16.0.2 172.16.0.100;
        interface eth2;
        # Additional options
    }
    
    subnet 10.0.0.0 netmask 255.255.255.0 {
        range 10.0.0.2 10.0.0.100;
        interface eth1;
        # Additional options
    }
}

Verify interface IP bindings:

ip addr show eth1
ip addr show eth2
ip addr show eth3

Check DHCP server status:

systemctl status isc-dhcp-server
dhcpd -t -cf /etc/dhcp/dhcpd.conf  # Configuration test

When deploying an ISC DHCP server with multiple network interfaces (eth1, eth2, eth3), we often encounter situations where DHCP requests only get processed through one interface despite proper subnet configurations. This becomes particularly problematic in virtualized environments like VMware ESXi where each interface connects to separate vSwitches serving distinct subnets.

The core problem lies in how ISC DHCPD binds to network interfaces. The server uses the INTERFACES parameter in /etc/default/isc-dhcp-server to determine which interfaces to listen on, but doesn't automatically map subnets to specific interfaces. We need explicit configuration to ensure proper routing of DHCP requests.

Here's the complete working configuration to properly bind subnets to interfaces:

# /etc/dhcp/dhcpd.conf
authoritative;

default-lease-time 600;
max-lease-time 7200;

# Eth1 - 10.0.0.0/24 configuration
subnet 10.0.0.0 netmask 255.255.255.0 {
    interface eth1;
    range 10.0.0.2 10.0.0.100;
    option subnet-mask 255.255.255.0;
    option domain-name-servers 10.0.0.1;
    option routers 10.0.0.1;
    option broadcast-address 10.0.0.255;
}

# Eth2 - 172.16.0.0/24 configuration
subnet 172.16.0.0 netmask 255.255.255.0 {
    interface eth2;
    range 172.16.0.2 172.16.0.100;
    option subnet-mask 255.255.255.0;
    option domain-name-servers 172.16.0.1;
    option routers 172.16.0.1;
    option broadcast-address 172.16.0.255;
}

# Eth3 - 10.0.1.0/24 configuration
subnet 10.0.1.0 netmask 255.255.255.0 {
    interface eth3;
    range 10.0.1.2 10.0.1.100;
    option subnet-mask 255.255.255.0;
    option domain-name-servers 10.0.1.1;
    option routers 10.0.1.1;
    option broadcast-address 10.0.1.255;
}

The key improvements in this configuration are:

  1. Added authoritative directive for proper DHCP server behavior
  2. Explicit interface declaration within each subnet block
  3. Maintained all existing DHCP options while adding interface binding

After implementing these changes, verify with:

sudo systemctl restart isc-dhcp-server
sudo tail -f /var/log/syslog

You should see DHCPDISCOVER messages appearing on all configured interfaces. For testing, you can temporarily add debug logging:

# In dhcpd.conf
log-facility local7;

# In /etc/rsyslog.conf
local7.* /var/log/dhcpd.log

For complex environments, consider these additional measures:

# Shared network declaration for VLANs using same physical interface
shared-network "VLANs" {
    subnet 10.0.2.0 netmask 255.255.255.0 {
        option routers 10.0.2.1;
        range 10.0.2.10 10.0.2.100;
    }
    subnet 10.0.3.0 netmask 255.255.255.0 {
        option routers 10.0.3.1;
        range 10.0.3.10 10.0.3.100;
    }
}