DHCP, multiple IP-segments, superscope, problem :-( 1

[tuliphead]

I have a strange problem. My network consists of 10 different subnets, divided by routers.

10.0.1.0 /24
10.0.2.0 /24
10.0.3.0 /24
10.0.4.0 /24
10.0.5.0 /24
10.0.6.0 /24
10.0.7.0 /24
10.0.8.0 /24
10.0.9.0 /24
10.0.10.0 /24

I have a DHCP-server located on subnet 10 (10.0.10.0 /24). This DHCP-server has a superscope defined, with 10 scopes in it (one for each location).

The scope for the DHCP-servers subnet is working correctly and is leasing out IP-adresses to its clients. I am now trying to get DHCP to work against one of the other subnets.

The router between the DHCP servers subnet and the other subnet (10.0.3.0 /24) is configured to function as a DHCP relay agent, and the ip-adress of the DHCP-server in subnet 10 is defined as the DHCP-server to send all DHCP requests to. The strange thing is that the client on the remote site is getting an IP-adress, a subnet mask, a gateway and so on, but the lease is from the DHCP-scope for the same network segment as the DHCP-server is located on.

I´ve tried most of the option I am able to think of:
- Configured the 10.0.3.0 /24 scope to lease only DHCP, only BOOTP, or both type of adresses
- Of course both scopes are activated
- I´ve run a network traffic analyzer on the DHCP-server to see what kind of traffic that goes from A to B. The DHCP-server receives a BOOTP packet from the router at the 10.0.3.0 subnet, with the router gateway adress in it (10.0.3.1). The DHCP server sends a DHCP offer in return, with an adress from the 10.0.10.0 /24 scope, the client sends a DHCP REQUEST, and the DHCP server finally closes the deal, sending a DHCP ACK packet in return to the client.

I am unable to understand why the DHCP server picks an adress from the wrong scope. I do not know what to test anymore. Can anyone give me some useful tips?

 

[ADB100]

The SuperScope is the problem...... Remove the SuperScope configuration and have separate scopes and this will cure the problem.

With SuperScopes the DHCP Server considers all the networks to effectively be on the same broadcast domain, hence why you are seeing a remote client lease an IP address from your local subnet.

SuperScopes are designed for situations where you have secondary IP addresses on routers:

interface FastEthernet0/0
ip address 10.0.1.254 255.255.255.0
ip address 10.0.2.254 255.255.255.0 secondary
ip address 10.0.3.254 255.255.255.0 secondary

Your scenario is not like this though as you have distinct IP networks separated by routers.

Remove the SuperScope configuration and have individual scopes.

HTH

Andy

 

[tuliphead]

I thought a superscope were necessary if the DHCP-server only had one network card? I read somewhere that it compared the source IP-adress on the incoming request with its own network ID, if it was not a match, then it looked for a superscope that contained a network range ... and if that did not work ... it dropped the request? Or am I totally wrong? This DHCP server only have one network card ... and is only a part of the 10.0.10.0 /24 network?

 

[tuliphead]

then it looked for a superscope that contained a network range (that matched the incoming source adress)

 

[ADB100]

No.

The DHCP forwarding router modifies the packet and inserts the IP address of its interface it received the DHCP/BOOTP request on. The DHCP server then knows what IP network/subnet to allocate the address from. With Superscopes it assumes all the networks in the Superscope are on the same Broadcast domain.

Believe me I have seen this misconfigured hundreds of times. Remove the SuperScope configuration and you will see it work.....

Andy