Hi Arthur,
The problem is the EdgeRouters do not have an interface each in VLAN that requires DHCP, they only have an interface in a single VLAN that is used in the local network (the rest are the outside interfaces). My switches handle the routing internally for performance reasons (lots of people copying large files around between VLAN's).
As an example, you cannot configure multiple subnets to failover to the same IP address with this config:
Router 1:
[edit]
admin@er1# show service dhcp-server
disabled false
hostfile-update disable
shared-network-name VLAN100 {
authoritative disable
subnet 192.168.1.0/24 {
default-router 192.168.1.251
dns-server 10.254.1.10
dns-server 10.254.1.11
failover {
local-address 192.168.45.129
name VL100
peer-address 192.168.45.130
status primary
}
lease 86400
start 192.168.1.1 {
stop 192.168.1.200
}
}
}
shared-network-name VLAN500 {
authoritative disable
subnet 192.168.5.0/24 {
default-router 192.168.5.251
dns-server 10.254.1.10
dns-server 10.254.1.11
failover {
local-address 192.168.45.129
name VL500
peer-address 192.168.45.130
status primary
}
lease 86400
start 192.168.5.1 {
stop 192.168.5.200
}
}
}Router 2:
[edit]
admin@er2# show service dhcp-server
disabled false
hostfile-update disable
shared-network-name VLAN100 {
authoritative disable
subnet 192.168.1.0/24 {
default-router 192.168.1.251
dns-server 10.254.1.10
dns-server 10.254.1.11
failover {
local-address 192.168.45.130
name VL100
peer-address 192.168.45.129
status secondary
}
lease 86400
start 192.168.1.1 {
stop 192.168.1.200
}
}
}
shared-network-name VLAN500 {
authoritative disable
subnet 192.168.5.0/24 {
default-router 192.168.5.251
dns-server 10.254.1.10
dns-server 10.254.1.11
failover {
local-address 192.168.45.130
name VL500
peer-address 192.168.45.129
status secondary
}
lease 86400
start 192.168.5.1 {
stop 192.168.5.200
}
}
}
use-dnsmasq disableThis configuration will result in the following errors over and over again, the relationship between the two peers does not get setup correctly:
Sep 9 07:48:31 er1 dhcpd: Failover CONNECTACK from VL500: remote failover relationship name VL100 does not match Sep 9 07:48:36 er2 dhcpd: Failover DISCONNECT from VL100: Connection rejected, invalid failover partner.
If you try to set the failover names the same you will get this instead:
admin@er1# commit [ service dhcp-server ] Failover names should be unique: 'VL100' has already been configured DHCP server configuration commit aborted due to error(s).
What I imagine should be possible in the configuration is setting a failover peer up in the global config, then assigning that peer subnet. As an example it would look like this:
disabled false
hostfile-update disable
failover DHCP-Failover {
local-address 192.168.45.129
peer-address 192.168.45.130
status primary
}
shared-network-name VLAN100 {
authoritative disable
subnet 192.168.1.0/24 {
default-router 192.168.1.251
dns-server 10.254.1.10
dns-server 10.254.1.11
failover {
name DHCP-Failover
}
lease 86400
start 192.168.1.1 {
stop 192.168.1.200
}
}
}
shared-network-name VLAN500 {
authoritative disable
subnet 192.168.5.0/24 {
default-router 192.168.5.251
dns-server 10.254.1.10
dns-server 10.254.1.11
failover {
name DHCP-Failover
}
lease 86400
start 192.168.5.1 {
stop 192.168.5.200
}
}
}
use-dnsmasq disableThat way the fail over peer is only declared once for each pair of routers, multiple subnets can be assigned the same failover peers that way.
As a work around I can just edit the dhcp config file and restart the service to make it work, but every time someone else makes a change my changes obviously get removed.