This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCPDECLINE message ignored by UTM

I have two networks at home, one for the house, one for the outbuildings. UTM uses the hostname to refer to a MAC/IP pair, and the hostnames must be unique. That means when i connect my wireless devices to the wireless LAN outside, they cannot use the assigned IP address as it is on a different physical network. I do not want any dynamic addressing for known devices.  I see the following options:

   1) use an MS DHCP server. this will do what I need out of the box (same MAC in multiple subnets) but I need a Windows server license, and it's stupidly expensive.

   2) define the host twice using different names, once for each network, with an appropriate address in each case. It works, but it's inelegant and means I have to know which network a device is on to connect to it, because its DNS entry will be based on its logical location. This is another way of saying that the device's name is not the same as its DNS registration, and that is not a good design.

   3) collapse the networks. Yes, I can, and it will work, but my UTM has 3 physical ports and it makes sense to use them like this. Most of the devices outside do not talk to the devices inside, hence the segmentation makes sense (to me anyway).

   4) use a different DHCP implementation. Should work (no idea what to pick, nor how to configure it, but I'm a quick study) but that would mean I'm realistically going to need a DNS server too, and another VM to manage (both of which i'd also need for #1 in fact).

i don't particularly want any of these, as I want UTM to do everything and cope with my network design. Anyone have any suggestions as to how I can overcome this issue before I implement #3? 

As an aside, why does UTM ignore the DHCPDECLINE messages that clients send back when they discover the IP they have been assigned is already in use?  RFC 2131 requires a DHCP server to react to such a message (mark it as unavailable), and it seems odd that this would not be implemented.

As you may guess, i was caught out by doing things the Microsoft way, assigning static assignments from the pool. The reason noobs like me do this is because it's easy - you set up your scope, connect your devices, then use the obvious button to convert them to static mappings. Any easy way out for anyone failing to read the manual is to get your devices set up as statics, but change the scope as you do it (i.e. increase the start IP as you do each device, or group of leases). i have about 30 currently, my scope now starts at 31, and i have nothing in my lease table (if I do, it suggests a rogue client / server that needs investigating).

Thanks.

Dave

 



This thread was automatically locked due to age.
Parents
  • Hi, Dave, and welcome to the UTM Community!

    You've presented us with your solution which you cannot enact with the UTM.  Perhaps if you presented the desired result, we could find a way to create a solution with the UTM.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi, Dave, and welcome to the UTM Community!

    You've presented us with your solution which you cannot enact with the UTM.  Perhaps if you presented the desired result, we could find a way to create a solution with the UTM.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Wow - totally forgot about this until today's post. What I wanted to achieve was to allow my mobile devices to flip between networks when going from the house to the outbuilding whilst keeping the same name, and i couldn't see how to do it. UTM makes statics easy, and I want to control IP / device pairs where possible. I move my client to the outbuilding, and it changes access points. it does a DHCP renew, and it gets NAKd. it does a DHCPDISCOVER, and is offered an IP on the new network, but loses the name registration. The source of this was a desire to control the access of my son's devices to a single name. I did work around it by using multiple host registrations with addresses in different networks, and just applied my rules to them both. 

    I eventually had another reason to move to a single network (bad choice of TV meant that it could also not see the other network where my media lives). searching logs with one network is so much easier too, as i now only have one IP per device to worry about.

    Regards

    Dave

  • "The source of this was a desire to control the access of my son's devices to a single name. I did work around it by using multiple host registrations with addresses in different networks, and just applied my rules to them both."

    This is the best solution, Dave.  Instead of monitoring the logs, use Reporting and make custom reports.  That way, you'll see the names of your Host definitions instead of the IPs.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA