Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. DISCOVERs from "unkown network segment" - suppress log
messages? (Christina Siegenthaler)
2. Re: DISCOVERs from "unkown network segment" - suppress log
messages? (John W. Blue)
3. Re: DISCOVERs from "unkown network segment" - suppress log
messages? (Darren Ankney)
----------------------------------------------------------------------
Message: 1
Date: Fri, 25 Nov 2022 14:33:51 +0000
From: Christina Siegenthaler <t...@ieu.uzh.ch>
To: "dhcp-users@lists.isc.org" <dhcp-users@lists.isc.org>
Subject: DISCOVERs from "unkown network segment" - suppress log
messages?
Message-ID: <65bfc0fc-c587-4bcf-83c5-da79faa46...@ieu.uzh.ch>
Content-Type: text/plain; charset="utf-8"
Dear all
Is there a possibility to suppress messages like this from being logged:
Nov 25 15:13:46 ieu-dhcp1 dhcpd[23577]: DHCPDISCOVER from 00:07:32:xx:xx:xx via
10.xx.xx.1: unknown network segment
?
Background is, we (unfortunately) got new network hardware (Huawei instead of
Cisco), and now I get also DHCP requests from buildings and networks that do
not belong to our department and that are not served by our DHCP server. This
is usually not a problem since the server simply ignores those requests (though
it logs them), but now there is a client in one of the other subnets which
constantly sends DISCOVERS (about 200 per minute); they fill my log file and
I?d like to get rid of them?
I tried to add the MAC address of the rogue client to the config file with an
?ignore booting? statement, but the DISCOVERs still get logged.
Thanks, Tina
------------------------------
Message: 2
Date: Fri, 25 Nov 2022 14:58:13 +0000
From: "John W. Blue" <john.b...@rrcic.com>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: DISCOVERs from "unkown network segment" - suppress log
messages?
Message-ID: <ba510f86-e84b-4c98-8578-f4a2a267c...@rrcic.com>
Content-Type: text/plain; charset="windows-1252"
Tina,
As I am sure you are aware DHCPDISCOVER is a broadcast message. If you are
getting these from networks that you do not administrate it would seem to
suggest there are engineering flaws with the segmentation of the network or the
configuration of this new Huawei hardware.
Based upon the wording of your email this extra traffic seems to coincide with
the arrival of the new hardware so I would recommend you focus your
troubleshooting efforts on that.
Assuming your network is properly segmented then there is something in the
Huawei config that is flipping WAN side broadcast traffic into your network.
Good hunting.
John
Sent from Nine<http://www.9folders.com/>
________________________________
From: Christina Siegenthaler <t...@ieu.uzh.ch>
Sent: Friday, November 25, 2022 8:34 AM
To: dhcp-users@lists.isc.org
Subject: DISCOVERs from "unkown network segment" - suppress log messages?
Dear all
Is there a possibility to suppress messages like this from being logged:
Nov 25 15:13:46 ieu-dhcp1 dhcpd[23577]: DHCPDISCOVER from 00:07:32:xx:xx:xx via
10.xx.xx.1: unknown network segment
?
Background is, we (unfortunately) got new network hardware (Huawei instead of
Cisco), and now I get also DHCP requests from buildings and networks that do
not belong to our department and that are not served by our DHCP server. This
is usually not a problem since the server simply ignores those requests (though
it logs them), but now there is a client in one of the other subnets which
constantly sends DISCOVERS (about 200 per minute); they fill my log file and
I?d like to get rid of them?
I tried to add the MAC address of the rogue client to the config file with an
?ignore booting? statement, but the DISCOVERs still get logged.
Thanks, Tina
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20221125/c9bb15e7/attachment-0001.htm>
------------------------------
Message: 3
Date: Fri, 25 Nov 2022 10:23:54 -0500
From: Darren Ankney <darren.ank...@gmail.com>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: DISCOVERs from "unkown network segment" - suppress log
messages?
Message-ID:
<cakabwhiw1j51kcqc9kusyq_v-kgid-wjouecmdxfoakaeqs...@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Since the log messages say: via 10.xx.xx.1: unknown network segment, I
assume that the 10.xx.xx.xx/xx subnet is not one you are concerned
with. If that is, indeed, the case, I suggest adding a firewall rule
either on the server itself or further upstream to block traffic from
that subnet (or just the 10.xx.xx.1 host) to UDP port 67. The "via
10.xx.xx.1" indicates that the traffic is being relayed, so it should
be unicast and not difficult to add to the firewall.
On Fri, Nov 25, 2022 at 9:34 AM Christina Siegenthaler <t...@ieu.uzh.ch> wrote:
>
> Dear all
>
>
> Is there a possibility to suppress messages like this from being logged:
>
> Nov 25 15:13:46 ieu-dhcp1 dhcpd[23577]: DHCPDISCOVER from 00:07:32:xx:xx:xx
> via 10.xx.xx.1: unknown network segment
>
> ?
>
> Background is, we (unfortunately) got new network hardware (Huawei instead of
> Cisco), and now I get also DHCP requests from buildings and networks that do
> not belong to our department and that are not served by our DHCP server. This
> is usually not a problem since the server simply ignores those requests
> (though it logs them), but now there is a client in one of the other subnets
> which constantly sends DISCOVERS (about 200 per minute); they fill my log
> file and I?d like to get rid of them?
>
> I tried to add the MAC address of the rogue client to the config file with an
> ?ignore booting? statement, but the DISCOVERs still get logged.
>
>
> Thanks, Tina
>
>
>
>
> --
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
Subject: Digest Footer
_______________________________________________
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 169, Issue 8
******************************************
