[RESOLVED] Re: Wrong net in vlan

2020-11-18 Thread Axel Rau 
Hi Stuart,

> Am 18.11.2020 um 13:20 schrieb Stuart Henderson :
> 
> On 2020/11/18 12:48, Axel Rau wrote:
>> From /etc/dhcpd.conf:
>> - - -
>> shared-network WLAN-NET {
> 
> This is your problem.

Oh yes. The art of carefully reading . . .

Thanks a lot,
Axel
---
PGP-Key: CDE74120  ☀  computing @ chaos claudius



signature.asc
Description: Message signed with OpenPGP

Re: Wrong net in vlan

2020-11-18 Thread Stuart Henderson 
On 2020/11/18 12:48, Axel Rau wrote:
> From /etc/dhcpd.conf:
> - - -
> shared-network WLAN-NET {

This is your problem.

Re: Wrong net in vlan

2020-11-18 Thread Axel Rau 


> Am 18.11.2020 um 11:00 schrieb Stuart Henderson :
> 
> On 2020-11-18, Axel Rau  wrote:
>> I think, the problem is that all vlans share the same lladr (see recent 
>> ifconfigs).
>> To allow dhcpd to distinguish the vlans, I have to set the mac addresses 
>> manually.
>> Will try this later.
> 
> No this is totally normal, there is no need to touch the MAC address.
> All you need to do is configure the parent interface "up", set the
> tag and parent interface, add the subnet to dhcpd.conf (and add the
> interface to dhcpd_flags if you don't let it pick them automatically).

AFAIK, that was exactly, what I did:

dhcpd_flags="em0 em3 vlan11 vlan12 vlan13 vlan14 vlan15 vlan16"

gw1# ifconfig vlan
vlan11: flags=8843 mtu 1500
lladdr 00:60:e0:5a:75:43
index 13 priority 0 llprio 3
encap: vnetid 11 parent em3 txprio packet rxprio outer
groups: vlan
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 172.16.11.1 netmask 0xff00 broadcast 172.16.11.255
inet6 fe80::260:e0ff:fe5a:7543%vlan11 prefixlen 64 scopeid 0xd
inet6 :::16:11::a prefixlen 80
vlan12: flags=8843 mtu 1500
lladdr 00:60:e0:5a:75:43
index 14 priority 0 llprio 3
encap: vnetid 12 parent em3 txprio packet rxprio outer
groups: vlan
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 172.16.12.1 netmask 0xff00 broadcast 172.16.12.255
inet6 fe80::260:e0ff:fe5a:7543%vlan12 prefixlen 64 scopeid 0xe
inet6 :::16:12::a prefixlen 80
vlan13: flags=8843 mtu 1500
lladdr 00:60:e0:5a:75:43
index 15 priority 0 llprio 3
encap: vnetid 13 parent em3 txprio packet rxprio outer
groups: vlan
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 172.16.13.1 netmask 0xff00 broadcast 172.16.13.255
inet6 fe80::260:e0ff:fe5a:7543%vlan13 prefixlen 64 scopeid 0xf
inet6 :::16:13::a prefixlen 80
vlan14: flags=8843 mtu 1500
lladdr 00:60:e0:5a:75:43
index 16 priority 0 llprio 3
encap: vnetid 14 parent em3 txprio packet rxprio outer
groups: vlan
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 172.16.14.1 netmask 0xff00 broadcast 172.16.14.255
inet6 fe80::260:e0ff:fe5a:7543%vlan14 prefixlen 64 scopeid 0x10
inet6 :::16:14::a prefixlen 80
vlan15: flags=8843 mtu 1500
lladdr 00:60:e0:5a:75:43
index 17 priority 0 llprio 3
encap: vnetid 15 parent em3 txprio packet rxprio outer
groups: vlan
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 172.16.15.1 netmask 0xff00 broadcast 172.16.15.255
inet6 fe80::260:e0ff:fe5a:7543%vlan15 prefixlen 64 scopeid 0x11
inet6 :::16:15::a prefixlen 80
vlan16: flags=8843 mtu 1500
lladdr 00:60:e0:5a:75:43
index 18 priority 0 llprio 3
encap: vnetid 16 parent em3 txprio packet rxprio outer
groups: vlan
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 172.16.16.1 netmask 0xff00 broadcast 172.16.16.255
inet6 fe80::260:e0ff:fe5a:7543%vlan16 prefixlen 64 scopeid 0x12
inet6 :::16:16::a prefixlen 80
gw1# ifconfig em3
em3: flags=8b43 mtu 
1500
lladdr 00:60:e0:5a:75:43
index 4 priority 0 llprio 3
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 172.16.63.1 netmask 0xff00 broadcast 172.16.63.255
inet6 fe80::260:e0ff:fe5a:7543%em3 prefixlen 64 scopeid 0x4
inet6 :::16::a prefixlen 80
gw1# ifconfig carp3
carp3: flags=8843 mtu 1500
lladdr 00:00:5e:00:01:04
index 12 priority 15 llprio 3
carp: MASTER carpdev em3 vhid 4 advbase 1 advskew 0
groups: carp
status: master
inet 172.16.63.9 netmask 0xff00 broadcast 172.16.63.255
inet6 fe80::200:5eff:fe00:104%carp3 prefixlen 64 scopeid 0xc
inet6 :::16::c prefixlen 80

>From /etc/dhcpd.conf:
- - -
shared-network WLAN-NET {
option  domain-name "wlan.chaos1.de";
option  domain-name-servers 192.1.2.3, 80.12.4.171;
option  ntp-servers 192.1.2.4, 80.12.4.170;

subnet  172.16.63.0 netmask 255.255.255.0 {
option routers 172.16.63.1;
option  ntp-servers 192.1.2.4, 80.12.4.170;

range 172.16.63.200 172.16.63.230;

#   cap01 MikroTik WLAN Access Point
host static-client {
hardware ethernet 4a:0b:bc:54:0c:fa;
fixed-address 172.16.63.11;
}
#   cap02 MikroTik WLAN Access Point
host static-client {
hardware ethernet c4:ad:34:f5:4d:

Re: Wrong net in vlan

2020-11-18 Thread Stuart Henderson 
On 2020-11-18, Axel Rau  wrote:
> I think, the problem is that all vlans share the same lladr (see recent 
> ifconfigs).
> To allow dhcpd to distinguish the vlans, I have to set the mac addresses 
> manually.
> Will try this later.

No this is totally normal, there is no need to touch the MAC address.
All you need to do is configure the parent interface "up", set the
tag and parent interface, add the subnet to dhcpd.conf (and add the
interface to dhcpd_flags if you don't let it pick them automatically).

Re: Wrong net in vlan

2020-11-18 Thread Axel Rau 
I think, the problem is that all vlans share the same lladr (see recent 
ifconfigs).
To allow dhcpd to distinguish the vlans, I have to set the mac addresses 
manually.
Will try this later.

Axel
---
axel@chaos1.de  PGP-Key:29E99DD6   computing @ chaos claudius


> Am 18.11.2020 um 00:09 schrieb Stuart Henderson :
> 
> On 2020-11-17, Axel Rau  wrote:
>> 
>> 
>> --Apple-Mail=_AD48A584-E586-4B64-9277-CAE8E8103BC1
>> Content-Type: text/plain;
>>charset=utf-8
>> Content-Transfer-Encoding: 8bit
>> 
>> Hi all.
>> 
 Am 16.11.2020 um 11:09 schrieb Axel Rau :
>>> 
>>> - - -
>>> From /etc/rc.conf.local:
>>> - - -
>>> dhcpd_flags="em0 em3 vlan11 vlan12 vlan13 vlan14 vlan15 vlan16"
>>> - - -
>> 
>> I have still no resolution. dhcpd preovides always an address from the 
>> subnet 172.16.11/24 regardless from which vlan comes the request.
>> 172.16.11/24 is the subnet associated with the 1st vlan on em3 (vlan11)
> 
> Your emails are a bit confusing. You have sent one email showing
> current config from ifconfig for vlan11 and vlan13, another email
> showing hostname.if files for vlan11 and vlan12, an excerpt from
> your dhcpd.conf file showing configs for the subnets you showed
> on vlan11 and vlan12, and log from an example request on vlan13.
> 
> Check your configuration methodically, make sure you have sections
> in dhcpd.conf for all the networks you have told it to listen to
> that match the networks configured in hostname.if files.
> 
> Is dhcpd.conf just missing a subnet section for 172.16.13.0?
> 
> If things may have got confused during testing, restart the system to
> make sure the interfaces are configured as set in the files.
> 
>> - - -
>> hardware-type must be the name of a hardware interface type. Currently, the 
>> ethernet, token-ring and fddi physical interface types are recognized, 
>> although support for DHCP-over-IPsec virtual interface type ipsec-tunnel is 
>> provided. The hardware-address should be a set of colon-separated 
>> hexadecimal octets (0-ff) or a hostname that can be looked up in ethers(5) 
>>  when the configuration is read.
>> - - -
> 
> You are unlikely to need to set this. In any event a vlan is an
> ethernet interface type.
> 
>> Are vlans aresupported by dhcpd at all?
> 
> It doesn't need any special support, they just appear as a normal
> ethernet-like interface.
> 
>> 
>> Axel
>> ---
>> PGP-Key: CDE74120  ☀  computing @ chaos claudius
>> 
>> 
>> --Apple-Mail=_AD48A584-E586-4B64-9277-CAE8E8103BC1
>> Content-Transfer-Encoding: 7bit
>> Content-Disposition: attachment;
>>filename=signature.asc
>> Content-Type: application/pgp-signature;
>>name=signature.asc
>> Content-Description: Message signed with OpenPGP
>> 
>> 
>> --Apple-Mail=_AD48A584-E586-4B64-9277-CAE8E8103BC1--
>> 
>> 
>

Re: Wrong net in vlan

2020-11-17 Thread Stuart Henderson 
On 2020-11-17, Axel Rau  wrote:
>
>
> --Apple-Mail=_AD48A584-E586-4B64-9277-CAE8E8103BC1
> Content-Type: text/plain;
>   charset=utf-8
> Content-Transfer-Encoding: 8bit
>
> Hi all.
>
>> Am 16.11.2020 um 11:09 schrieb Axel Rau :
>> 
>> - - -
>> From /etc/rc.conf.local:
>> - - -
>> dhcpd_flags="em0 em3 vlan11 vlan12 vlan13 vlan14 vlan15 vlan16"
>> - - -
>
> I have still no resolution. dhcpd preovides always an address from the subnet 
> 172.16.11/24 regardless from which vlan comes the request.
> 172.16.11/24 is the subnet associated with the 1st vlan on em3 (vlan11)

Your emails are a bit confusing. You have sent one email showing
current config from ifconfig for vlan11 and vlan13, another email
showing hostname.if files for vlan11 and vlan12, an excerpt from
your dhcpd.conf file showing configs for the subnets you showed
on vlan11 and vlan12, and log from an example request on vlan13.

Check your configuration methodically, make sure you have sections
in dhcpd.conf for all the networks you have told it to listen to
that match the networks configured in hostname.if files.

Is dhcpd.conf just missing a subnet section for 172.16.13.0?

If things may have got confused during testing, restart the system to
make sure the interfaces are configured as set in the files.

> - - -
> hardware-type must be the name of a hardware interface type. Currently, the 
> ethernet, token-ring and fddi physical interface types are recognized, 
> although support for DHCP-over-IPsec virtual interface type ipsec-tunnel is 
> provided. The hardware-address should be a set of colon-separated hexadecimal 
> octets (0-ff) or a hostname that can be looked up in ethers(5) 
>  when the configuration is read.
> - - -

You are unlikely to need to set this. In any event a vlan is an
ethernet interface type.

> Are vlans aresupported by dhcpd at all?

It doesn't need any special support, they just appear as a normal
ethernet-like interface.

>
> Axel
> ---
> PGP-Key: CDE74120  ☀  computing @ chaos claudius
>
>
> --Apple-Mail=_AD48A584-E586-4B64-9277-CAE8E8103BC1
> Content-Transfer-Encoding: 7bit
> Content-Disposition: attachment;
>   filename=signature.asc
> Content-Type: application/pgp-signature;
>   name=signature.asc
> Content-Description: Message signed with OpenPGP
>
>
> --Apple-Mail=_AD48A584-E586-4B64-9277-CAE8E8103BC1--
>
>

Re: Wrong net in vlan

2020-11-17 Thread Axel Rau 
Hi all.

> Am 16.11.2020 um 11:09 schrieb Axel Rau :
> 
> - - -
> From /etc/rc.conf.local:
> - - -
> dhcpd_flags="em0 em3 vlan11 vlan12 vlan13 vlan14 vlan15 vlan16"
> - - -

I have still no resolution. dhcpd preovides always an address from the subnet 
172.16.11/24 regardless from which vlan comes the request.
172.16.11/24 is the subnet associated with the 1st vlan on em3 (vlan11)
- - -
gw1# ifconfig vlan11
vlan11: flags=8843 mtu 1500
lladdr 00:60:e0:5a:75:43
index 13 priority 0 llprio 3
encap: vnetid 11 parent em3 txprio packet rxprio outer
groups: vlan
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 172.16.11.1 netmask 0xff00 broadcast 172.16.11.255
inet6 fe80::260:e0ff:fe5a:7543%vlan11 prefixlen 64 scopeid 0xd
inet6 2a05:bec0:26:16:11::a prefixlen 80
gw1# ifconfig vlan13
vlan13: flags=8843 mtu 1500
lladdr 00:60:e0:5a:75:43
index 15 priority 0 llprio 3
encap: vnetid 13 parent em3 txprio packet rxprio outer
groups: vlan
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 172.16.13.1 netmask 0xff00 broadcast 172.16.13.255
inet6 fe80::260:e0ff:fe5a:7543%vlan13 prefixlen 64 scopeid 0xf
inet6 2a05:bec0:26:16:13::a prefixlen 80
- - -
- - -
DHCPREQUEST for 172.16.11.106 from d6:b5:e4:2a:3a:1c via vlan13
Nov 17 19:00:47 gw1 dhcpd[12274]: DHCPACK on 172.16.11.106 to d6:b5:e4:2a:3a:1c 
via vlan13
- - -
The client receives a IPv6 address from the correct subnet via rad.

In DHCPD.CONF(5), I read:
- - -
hardware-type must be the name of a hardware interface type. Currently, the 
ethernet, token-ring and fddi physical interface types are recognized, although 
support for DHCP-over-IPsec virtual interface type ipsec-tunnel is provided. 
The hardware-address should be a set of colon-separated hexadecimal octets 
(0-ff) or a hostname that can be looked up in ethers(5) 
 when the configuration is read.
- - -

Are vlans aresupported by dhcpd at all?

Axel
---
PGP-Key: CDE74120  ☀  computing @ chaos claudius



signature.asc
Description: Message signed with OpenPGP

Re: Wrong net in vlan

2020-11-16 Thread Axel Rau 


> Am 15.11.2020 um 22:33 schrieb Mihai Popescu :
> 
> Hint: show some dhcpd configs.
>From /etc/dhcpd.conf:
- - -
subnet  172.16.11.0 netmask 255.255.255.0 {
option routers 172.16.11.1;
range 172.16.11.100 172.16.11.200;
}
subnet  172.16.12.0 netmask 255.255.255.0 {
option routers 172.16.12.1;
range 172.16.12.100 172.16.12.200;
}
- - -
>From /etc/rc.conf.local:
- - -
dhcpd_flags="em0 em3 vlan11 vlan12 vlan13 vlan14 vlan15 vlan16"
- - -

Axel
---
PGP-Key: CDE74120  ☀  computing @ chaos claudius



signature.asc
Description: Message signed with OpenPGP

Re: Wrong net in vlan

2020-11-15 Thread Mihai Popescu 
> What is wrong here?

You show info about vlans then suddenly complain about non working dhcpd.
Hint: show some dhcpd configs.

Wrong net in vlan

2020-11-15 Thread Axel Rau 
Hi all,

in hostname.vlan11, I have:
- - -
vnetid 11 parent em3
inet 172.16.11.1 255.255.255.0 NONE
- - -
in hostname.vlan12, I have:
- - -
vnetid 12 parent em3
inet 172.16.12.1 255.255.255.0 NONE
- - -

but dhcpd logs:
- - -
DHCPOFFER on 172.16.11.106 to d6:b5:e4:2a:3a:1c via vlan12
- - -

What is wrong here?

Thanks, Axel
---
PGP-Key: CDE74120  ☀  computing @ chaos claudius



signature.asc
Description: Message signed with OpenPGP