Are DHCP Reservations on multiple sub-nets on a VLAN possible?

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Are DHCP Reservations on multiple sub-nets on a VLAN possible?

AndyT

164 posts

Master Geek

#279520 20-Oct-2020 21:02

I'm getting out of my depth again I'm afraid .... but here goes:

Background:

ER-X with switch0 at IP 192.168.10.1
UAP AC Lite on eth4 at static 192.168.10.50
VLANs set up:
- VLAN3 / switch0.3 / 192.168.30.1 ... for IoT clients
- VLAN4 / switch0.4 / 192.168.40.1 ... for Security Cameras

I can ping all this from Terminal, so, so far OK

The difficulty I'm then having is to create DHCP reservations on VLAN3 of say 192.168.30.10 stating the MAC address for a Google Home Mini, or likewise on VLAN4 of 192.168.40.10 for one of the cameras, with EdgeOS showing an error message popping up saying "192.168.30.10 must be within subnet 192.168.10.0/24". If I could set this up I would then set some firewall rules around the Google units and cameras.

I've trawled all the usual web forums but cant find a simple answer, but my question is are DHCP reservations on multiple sub-nets on a VLAN possible, and if so, how do I go about it in EdgeOS?

Thanks & regards,

Inphinity

2780 posts

Uber Geek

#2589580 20-Oct-2020 21:24

You should just be able to add a reservation to the DHCP pool that's serving the ranges for those VLANs. The error sounds like you're trying to add a reservation in the 192.168.30.0/24 range to a DHCP service that's only serving 192.168.10.0/24. Do you see multiple DHCP services, one for each VLAN?

AndyT

164 posts

Master Geek

#2589592 20-Oct-2020 22:16

Thanks Inphinity.

Ive configured that VLAN DCHP services per the attached screenshots, which does what I think you are suggesting .... but it doesn't seem to work as when I check the client IPs they are still the old dynamic IPs well passed their lease renewals, rather than these statics.

Is there something I'm missing that I need to do to fire this all up?

Thanks & regards,

Spyware

3764 posts

Uber Geek

Lifetime subscriber

#2589594 20-Oct-2020 22:26

And I guess the current leases are all on the untagged subnet.

Spark Max Fibre using Mikrotik CCR1009-8G-1S-1S+, CRS125-24G-1S, Unifi UAP, U6-Pro, UAP-AC-M-Pro, Apple TV 4K (2022), Apple TV 4K (2017), iPad Air 1st gen, iPad Air 4th gen, iPhone 13, SkyNZ3151 (the white box). If it doesn't move then it's data cabled.

AndyT

164 posts

Master Geek

#2589600 20-Oct-2020 22:37

Yes ...per attached screenshot.

But I can't map static IPs from here to the VLANs.

Spyware

3764 posts

Uber Geek

Lifetime subscriber

#2589603 20-Oct-2020 22:42

You would need to configure your AC Lite accordingly so that the wireless devices connect to an SSID on desired network.

AndyT

164 posts

Master Geek

#2589605 20-Oct-2020 22:53

The IoT stuff is already connecting to the UAP on an IoT specific SSID, but I cant link the SSID to the VLANID .... as that function seems to have been dropped in Unifi Controller 6.0.23 .... unless there's another way of achieving this?

Spyware

3764 posts

Uber Geek

Lifetime subscriber

#2589606 20-Oct-2020 23:01

Go to Settings > Networks, then set up your VLANs there first. THEN go to your Wireless Networks and choose your SSIDs and apply the "Network" to them.

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

fe31nz

1232 posts

Uber Geek

#2589608 20-Oct-2020 23:21

Getting new DHCP leases for manually assigned addresses into devices that already have a dynamically assigned lease always seems to be a problem. At times I have had to power off the device, restart the DHCP server (or reboot the EdgeRouter) and then power on the device, before it will pick up a new DHCP assignment. When I look at what is happening using Wireshark, I can see that the device often sends a DHCP request packet to the DHCP server with its old IP address in it, and the DHCP server just allocates that dynamically assigned address again. It seems that DHCP software has a bug where it will always reallocate a requested address without checking to see if there is a new manually assigned address. So you have to make sure that the device has forgotten its old address to prevent this from keeping on happening. And the bug seems to have another part where the DHCP server will match an incoming request for an address against its list of existing old leases (expired or not), so even if the device does not request a specific address, but its MAC address matches an old remembered address, the DHCP server will not check for a new manually assigned address and will give it the old address again. So you have to restart the DHCP server to clear its list of old assigned addresses.

This behaviour of DHCP servers is quite useful when you are not manually assigning addresses as a device will get an old address it used to have weeks ago if it is still available. In a small home network where there are fewer devices ever seen than the available pool of IP addresses, this means a device will always get the same address, until you have to restart the router. Which can be a very useful thing. But it is a complete pain every time you want to assign a new manual DHCP address.

So in your case, I would recommend turning off the device(s), then try using this command from your router command line:

clear dhcp leases

and then turning on the device(s) again and seeing if that fixes it. If that does not work, you can try using the GUI to disable the DHCP server(s), cycle the power on the device(s) and then re-enable the DHCP server(s). Or try this command from the command line:

sudo systemctl restart vyatta-dhcpd

Or as a last resort, reboot the router.

AndyT

164 posts

Master Geek

#2590039 21-Oct-2020 21:04

Thank you Spyware. I'm assuming your instruction are for Unifi Controller not EdgeOS; but as the VLANs are already set up OK in EdgeOS and "pingable" I'm thinking it might duplicate / wreck things if I set up VLANs with the same IDs in Unifi Controller? Or do I delete the VLANs set up in EdgeOS and configure them again from scratch in Unifi Controller?

Thank you too fe31nz.I tried all your suggestions but I'm afraid nothing worked.

I feel stumped, but there must be an answer out there somewhere to getting the DHCP reservations working on the VLANs!

Thanks & regards,

Spyware

3764 posts

Uber Geek

Lifetime subscriber

#2590043 21-Oct-2020 21:17

You just dismissed the answer.

AndyT

164 posts

Master Geek

#2590079 21-Oct-2020 22:51

Apologies Spyware .... I didn't mean to be dismissive, in fact quite the opposite and as a relative newb, I'm really appreciative of all the help and advice here.

If I read you right, I need to forget the EdgeOS VLAN setup and work in Unifi Controller on both the VLANs and UAP setup?

Thanks.

AndyT

164 posts

Master Geek

#2592245 26-Oct-2020 23:08

Well, I'm up and running with the two VLANS; one for IoT Wireless (e.g. Google Home Minis, Chromecast Ultra)and one for security cameras x 3, and everything seems stable and working relatively OK.

I'm running with an adaption of Ui.Com's firewall per their ER VLAN-Aware Switch support article which may need some tweaking.

Several things puzzle me though:

I've set static IPs for the IoT wireless clients and they show as such in Unifi Controller but EdgeOS doesn't show any DHCL leases to the static IP addresses and the IPs can't be pinged
I've set up a sub net on eth3 at 192.168.50.1/24 for IoT wired devices (e.g. Apple Airport Expresses as dumb Airplay clients) but for some reason every time I reset the units to factory defaults and reconfigure for life in the new subnet the devices bomb out. They all worked fine prior to trying to put them on the new subnet

If anyone has any ideas on what may be going on with the above it would much appreciated as it's sure confusing the hell out of me!

Thanks & regards,

fe31nz

1232 posts

Uber Geek

#2592251 27-Oct-2020 00:43

AndyT:

Several things puzzle me though:

I've set static IPs for the IoT wireless clients and they show as such in Unifi Controller but EdgeOS doesn't show any DHCL leases to the static IP addresses and the IPs can't be pinged

If you set up static DHCP leases, they do not show up when you ask the DHCP server for a list of leases. It only lists the dynamic assignments.

Pings not getting through does not mean a device is not connected. It may just mean that the firewall rules are stopping the ping traffic. If the device has a TCP server port, try using telnet to connect to that port.

One of the good reasons for using a router like an ER-X is that you can use the standard Linux tools to find out what is going on. So open a command prompt on the ER-X (via the serial port, ssh or the GUI) and then do "sudo su" and you have a normal bash prompt to play with and some good tools. I would start by running "arp -a" which should list all the IP and MAC addresses that the router has seen recently. Then you can run "tcpdump -i <ethernet port> host <IP address>" and see if it sees traffic from the device's IP address. Or use "tcpdump -i <ethernet port> ether host <MAC address>" to check for all traffic from the MAC address of the device.

AndyT

164 posts

Master Geek

#2598529 5-Nov-2020 22:02

Many thanks fe31nz. I ran "arp -a" and came up with a heap of IP address data. Most it referred to "? (192.168.30.*) at <incomplete> on switch 0.3" with * being a whole series of random numbers. In several instances however I recognised the static IPs on both 192.168.30.0 and 192.168.40.0 which are the two VLANs i have set up for IoT and Security Cameras respectively, and also some devices on the main LAN on 192.168.1.0.

A couple of questions if I may:

What is "? (192.168.30.*) at <incomplete> on switch 0.3" telling me?
When you say run "tcpdump -i <ethernet port> host<IP address>", what is the <ethernet port> information and how do I find it?

Thanks & regards,

fe31nz

1232 posts

Uber Geek

#2598613 5-Nov-2020 23:43

An "incomplete" in an arp listing means that some device requested the IP address in an arp request message, but there was no reply. If you have the option in an Edgerouter enabled that allows it to do scans for new devices for Ubiquiti's UNMS service, you will see lots of these "incomplete" mappings listed, as the scanning will scan for all possible IP addresses on the subnets you have set up on the router. I believe that option is on by default, even if you are not actually using UNMS to monitor and control your network. If you want to get rid of all the "incomplete" messages, you can use grep -v to match for all lines that do not have "incomplete" in them:

arp -a | grep -v "incomplete"

Another thing you may notice is that arp -a on an Edgerouter will report mappings for all the static DHCP mappings you have set up, even if there has been no traffic to or from the device. So if you have an old mapping for a device that is no longer around, you will still find it listed in arp -a until you remember to remove its static DHCP address. That is not normal for arp listings on most systems.

To see all the interface names available for the tcpdump -i command, at the root prompt do one of these commands:

ip link

ifconfig

The names are the same as the ones shown on the Dashboard tab of the GUI and in the CLI "show interfaces" command.

WARNING: If you want to use the tcpdump -w option to write the tcpdump capture data to storage, make sure you only do it to a location that is on the Edgerouter's RAMdisk. If you store it to the USB storage, you will kill the USB storage in a relatively short time by doing too many writes to it. So before using tcpdump -w, always do:

cd /var/log

as the log files in that directory are always stored in RAMdisk.