Using VLAN's with ISC-DHCP-SERVER

Using VLAN's with ISC-DHCP-SERVER

I decided I wanted to provide DHCP to two different VLAN's each with their own subnet, connected to the same network card in my default router. All packets arriving on that network jack are tagged for either one or the other VLAN.

Initially I had trouble with the DHCP server only seeing packets on the root eth0 device and ignoring all the packets on the vlan devices (eth0.1 for instance.) There's a couple of changes I had to make for this to work. These instructions assume an Ubuntu server

The steps are:

Configure the VLAN devices

Edit your /etc/network/interfaces file for something like this:

# Placeholder IP on the root device - not actually used
iface eth0 inet static
        address 192.168.4.1
        netmask 255.255.255.0
        broadcast 192.168.4.255
        network 192.168.4.0

# VLAN 2
iface eth0.2 inet static
address 192.168.5.1
netmask 255.255.255.0
broadcast 192.168.5.255
network 192.168.5.0
vlan_raw_device eth0

# VLAN 3
iface eth0.3 inet static
address 192.168.6.1
netmask 255.255.255.0
broadcast 192.168.6.255
network 192.168.6.0
vlan_raw_device eth0

Be sure to adjust that config for your environment, and maybe set auto commands to have them start at boot.

In addition, I had to add the following commands, which I placed at the end of /etc/rc.local to have them run after the machine boots:

vconfig set_flag eth0.2 1 1
vconfig set_flag eth0.3 1 1

The vconfig lines tell the devices that they should completely separate the packets, and treat the virtual adapters more like a real network card. This may have a performance impact in your scenario.

Configure the DHCP server at /etc/dhcp/dhcpd.conf

Define a subnet for each vlan, and a placeholder subnet for the root adapter just in case:

# Placeholder for root nic (maybe not needed?)
subnet 192.168.4.0 netmask 255.255.255.0 {}

# VLAN 2
subnet 192.168.5.0 netmask 255.255.255.0 {
        option routers 192.168.5.1;
        option broadcast-address 192.168.5.255;
        pool {
                range 192.168.5.50 192.168.5.200;
        }
}

# VLAN 3
subnet 192.168.6.0 netmask 255.255.255.0 {
        option routers 192.168.6.1;
        option broadcast-address 192.168.6.255;
        pool {
                range 192.168.6.50 192.168.6.200;
        }
}

And, tell the ISC DHCP server what to listen on by editing the /etc/default/isc-dhcp-server file to look something like:

INTERFACES="eth0.2 eth0.3"

Once all the VLAN adapters are up, restart isc-dhcp-server and you should be good to go!

Posted by Tony on Feb 28, 2015 | Networking