Static DHCP Entries - how do I specify which interface the reservation is for?

[Rob Hammond]

Hi All,

Fairly new to untangle firewalls. Fairly impressed so far.

I am confused about reserving static IP reservations in the DHCP server though.
I have five interfaces. Untangle will run as a DHCP Server on four of them.
I have setup the scopes under the individual network interface settings - that all looks fine.
But when I am entering static entries to reserve specific IP Addresses there is nowhere to specify what DHCP server or interface my reservation relates to.

For example. I have one laptop - it can either be physically plugged into network 1 which has an address space of 192.168.1.0/24 or I can plug it into network 2 which has an address space of 192.168.2.0/24.

Do I simply make two reservations for the laptop - one with an IP in the 192.168.1.0/24 range and another entry with the same Mac address in the 192.168.2.0/24 range and assume the DHCP server is clever enough to know that if the laptop is connected to network 1 it will issue the 192.168.1.0 range address and if its connected to network 2 it will issue the other static address in the 192.168.2.0 range.

What if I connect that laptop to network 3 where it does not have a reservation - will it get a non-reserved address from the pool on that network?

I know I could test this out, but was hoping I could find the answer before getting too much further with my configuration as I am in a test environment at the moment and dont have that many spare networks I can make live to test it easily.

Thanks

Rob

[sky-knight]

You don't... and you don't have to!

DNSMasq knows which range to pass out based on the interface the request comes in on automatically.

So yeah, you need one reservation per range for a given mac, and if it moves to a different range because it's on a different interface it will get a working address over there, and thereby need another reservation if you want that device to be reserved there too.

[soldier]

Won't this lead to duplicate DHCP reservation due to same MAC address (but different IP address)?

[sky-knight]

Won't this lead to duplicate DHCP reservation due to same MAC address (but different IP address)?

No, because each reservation is still unique within the appropriate DHCP scope.

[kisch]

I see Duplicate reservation error message when trying to use same MAC for DHCP reservation in more DHCP scopes.

[Jim.Alles]

oof.
from the GUI, I think you will only be able to make one reservation.
This isn't an issue between Ethernet and Wi-Fi, as they will have different MAC addresses.

DHCP assignments should still work on the other networks.

I don't know your goal, but a work-around would be static IPs on the host for each of the distinct networks that will be seen.

I will be looking into this a bit deeper...

[sky-knight]

The deep recesses of my brain are recalling a possible limitation in DNSMasq... Which means I've been misleading here.

For some reason I'm remembering that this doesn't work, because the dhcp-host directive, which DNSMasq uses to define an IP Reservation, uses the MAC address as a unique identifier. Which means you can't flag a given MAC more than once.

Now the daemon will allow that device to roam networks, but I don't think you can set a reservation on more than one of those networks as a result of the above.

[kisch]

@Jim.Alles
I have Unifi APs and switches. I use guest vlan with Captive portal. APs have static IPs for management lan, but they ask for another IP via (only) DHCP for guest vlan. I would like to have these IPs under my control. So I set DHCP reservations for APs. So I am fine with this solution. I only was surprised by Sky-night mention of possibility use more DHCP reservations for one MAC. Which I tried and it didnt work.

[sky-knight]

Unifi WAPs only have one IP address... on VLAN 1, usually dynamic. If they aren't dynamic, they'll often have the wrong DNS suffix, which negatively impacts their ability to resolve unifi.dns.suffix which is how they find their controller. Unifi gear that cannot find its controller is lost... and impossible to configure, this must be avoided at all costs.

Unifi WAPs should have reserved IP addresses for that reason, with a DNS server configured to respond to the unifi.dns.suffix record.

Switches supporting Unifi devices should extend VLAN 1 untagged to all of the WAPs. That way when they boot, they get an IP address on the ip network that sits on VLAN 1. Once they've booted, they'll setup their SSID broadcasts, and those can be tagged to move the traffic to other VLANs. Switches will need to allow these tagged frames to the router, or whatever is terminating the VLANs.

Do not EVER try to move Unifi management off VLAN 1, move everything else instead... failure to do this means all sorts of very annoying things unfolding that aren't easy to fix. Such is the one complaint I have of Unifi equipment.

I've never seen a Unifi WAP with multiple IP addresses... so I'm not sure what's going on here.

[Rob Hammond]

Ok well thanks for the help everybody. That could be a bit of a limitation for us as we tend to give customer laptops and phones reserved IP addresses and its not un-common we would need to do that on two or more networks depending on where they connect - for example the internal LAN or the Guest WiFi LAN. Configuration on the device is not really a route we would want to go down.

Just as an aside - when I did try and add the Mac address again for another network it made it throw a Java exception error when I hit save, even hitting save again after deleting the entry did the same, the only way I could get out of the loop was to make up another valid reservation and save that at the same time as deleting the one with the duplicate address - this got things back to normal again then.

Thanks again for the pointers.

Rob