"
so, for the vlan that we want to have STATIC IP as a transit network of other networks, we can simply define this "EMPTY" subnet and list all other subnets here, while we "ENABLE" dhcp service on this interface. This TRANSIT network will be used at INTERNAL interface of opnSense hauling traffic back and forth for remote networks going to Internet or other opnSense aware networks via directed interface or static routing.
https://community.spiceworks.com/topic/1331562-isc-dhcp-server-for-multiple-vlans (****post on bottom of page***)
The last link that B-C posted was what I used to get it working. The key was dropping all the need for multiple virtual NICs and just use the one. Then spec the ranges and use the "IP Helper" command on my cisco switch for each VLAN definition.
Works flawlessly. Only gotcha is you need to specify a DHCP subnet for the subnet that the DHCP Server is on, but it can be empty (mine is).
Here is my dhcpd.comf and VLAN description from my Cisco switch. I have many more than these two VLANs, but you should get the idea from them.
In isc-dhcp-server's configuration:
# This subnet is the one that the DHCP server is in, has to be here in order
# the server to hand out addresses. It won't hand out IPs on that subnet since
# there is nothing between the curly brackets.
subnet 10.20.20.0 netmask 255.255.255.0 { }
#VLAN - 211
subnet 10.21.12.0 netmask 255.255.252.0 {
range 10.21.12.3 10.21.15.254;
option routers 10.21.12.1;
option subnet-mask 255.255.252.0;
option broadcast-address 10.21.15.255;
}
#VLAN - 212
subnet 10.21.20.0 netmask 255.255.252.0 {
range 10.21.20.3 10.21.23.254;
option routers 10.21.22.1;
option subnet-mask 255.255.252.0;
option broadcast-address 10.21.23.255;
}
In Cisco switch:
interface Vlan211
description VLAN 211
ip address 10.21.12.1 255.255.252.0
ip helper-address 10.20.20.41
interface Vlan212
description VLAN 212
ip address 10.21.22.1 255.255.252.0
ip helper-address 10.20.20.41
It seems to me that both pfSense and opnSense use freeBSD and isc-dhcp-server; if it's doable in isd-dhcp-server, it might be just a matter of have these optional settings available in GUI.
It would be something like, for this opnSense, we have choice of serving DHCP on this interface (yes/no). If we choose no, then DHCP server will not listen on this interface. If we choose yes, then it will listen DHCP request on this interface. We can then define subnet options. With those subnet options, it could have local interface subnet if we want to have this local interface to be serviced; otherwise, we have choice of just to leave it EMPTY. then, we can add more subnets we what this DHCP server to serve for dhcp request coming on this interface.
For the moment, I followed these post in other links and created a LXD container on Ubuntu 16.04. The container running ubuntu 16.04 and it serves well for these subnets for those DHCP request of remote networks, together with Ip-helper on Cisco switches.
I just don't want to add one more box in the network, if we can just use opnSense; since, opnSense is already in the network, is running isc-dhcp-server and just a modification enhancement, we can then do it .
thanks
peng
https://community.spiceworks.com/topic/1331562-isc-dhcp-server-for-multiple-vlans (****post on bottom of page***)
The last link that B-C posted was what I used to get it working. The key was dropping all the need for multiple virtual NICs and just use the one. Then spec the ranges and use the "IP Helper" command on my cisco switch for each VLAN definition.
Works flawlessly. Only gotcha is you need to specify a DHCP subnet for the subnet that the DHCP Server is on, but it can be empty (mine is).
Here is my dhcpd.comf and VLAN description from my Cisco switch. I have many more than these two VLANs, but you should get the idea from them.
In isc-dhcp-server's configuration:
# This subnet is the one that the DHCP server is in, has to be here in order
# the server to hand out addresses. It won't hand out IPs on that subnet since
# there is nothing between the curly brackets.
subnet 10.20.20.0 netmask 255.255.255.0 { }
#VLAN - 211
subnet 10.21.12.0 netmask 255.255.252.0 {
range 10.21.12.3 10.21.15.254;
option routers 10.21.12.1;
option subnet-mask 255.255.252.0;
option broadcast-address 10.21.15.255;
}
#VLAN - 212
subnet 10.21.20.0 netmask 255.255.252.0 {
range 10.21.20.3 10.21.23.254;
option routers 10.21.22.1;
option subnet-mask 255.255.252.0;
option broadcast-address 10.21.23.255;
}
In Cisco switch:
interface Vlan211
description VLAN 211
ip address 10.21.12.1 255.255.252.0
ip helper-address 10.20.20.41
interface Vlan212
description VLAN 212
ip address 10.21.22.1 255.255.252.0
ip helper-address 10.20.20.41
It seems to me that both pfSense and opnSense use freeBSD and isc-dhcp-server; if it's doable in isd-dhcp-server, it might be just a matter of have these optional settings available in GUI.
It would be something like, for this opnSense, we have choice of serving DHCP on this interface (yes/no). If we choose no, then DHCP server will not listen on this interface. If we choose yes, then it will listen DHCP request on this interface. We can then define subnet options. With those subnet options, it could have local interface subnet if we want to have this local interface to be serviced; otherwise, we have choice of just to leave it EMPTY. then, we can add more subnets we what this DHCP server to serve for dhcp request coming on this interface.
For the moment, I followed these post in other links and created a LXD container on Ubuntu 16.04. The container running ubuntu 16.04 and it serves well for these subnets for those DHCP request of remote networks, together with Ip-helper on Cisco switches.
I just don't want to add one more box in the network, if we can just use opnSense; since, opnSense is already in the network, is running isc-dhcp-server and just a modification enhancement, we can then do it .
thanks
peng
