option domain-name "localdomain";option ldap-server code 95 = text;option arch code 93 = unsigned integer 16; # RFC4578option pac-webui code 252 = text;default-lease-time 7200;max-lease-time 86400;log-facility local7;one-lease-per-client true;deny duplicates;ping-check true;update-conflict-detection false;authoritative;failover peer "dhcp_lan" { primary; address 192.168.1.10; port 519; peer address 192.168.1.20; peer port 520; max-response-delay 10; max-unacked-updates 10; split 128; mclt 600; load balance max seconds 3;}subnet 192.168.1.0 netmask 255.255.255.0 { pool { deny dynamic bootp clients; failover peer "dhcp_lan"; range 192.168.1.100 192.168.1.199; } option routers 192.168.1.1; }
option domain-name "localdomain";option ldap-server code 95 = text;option arch code 93 = unsigned integer 16; # RFC4578option pac-webui code 252 = text;default-lease-time 7200;max-lease-time 86400;log-facility local7;one-lease-per-client true;deny duplicates;ping-check true;update-conflict-detection false;authoritative;failover peer "dhcp_lan" { secondary; address 192.168.1.20; port 520; peer address 192.168.1.10; peer port 519; max-response-delay 10; max-unacked-updates 10; load balance max seconds 3;}subnet 192.168.1.0 netmask 255.255.255.0 { pool { deny dynamic bootp clients; failover peer "dhcp_lan"; range 192.168.1.100 192.168.1.199; } option routers 192.168.1.1;}
dhcpd[99045] failover peer dhcp_lan: I move from startup to recover
My State: recoverPeer State: unknown-state
Ok, the ports where automatically enabled. (519,520)In our case it was a problem of the NAT outbound rules:This firewall should not use the VIP address when the destination is in the same net.So invert destination and use as destination net the net of the rule.