How to Install and Configure Multihomed ISC DHCP Server on Debian Linux

By default the server is assumed to NOT be an authority on the network. The rationale behind this is security. If someone unknowingly configures the DHCP server improperly or on a network they shouldn’t, it could cause serious connectivity issues. This line can also be used on a per network basis. This means that if the server is not the entire network’s DHCP server, the authoritative line can instead be used on a per network basis rather than in the global configuration as seen in the above screen-shot.

6. The next step is to configure all of the DHCP pools/networks that this server will manage. For brevities sake, this guide will only walk through one of the pools configured. The administrator will need to have gathered all of the necessary network information (ie domain name, network addresses, how many addresses can be handed out, etc).

For this pool the following information was obtained from the network administrator: network id of 172.27.60.0, subnet mask of 255.255.255.0 or a /24, the default gateway for the subnet is 172.27.60.1, and a broadcast address of 172.27.60.255.
This information is important to building the appropriate network stanza in the dhcpd.conf file. Without further ado, let’s open the configuration file again using a text editor and then add the new network to the server. This must be done with root/sudo!

# nano /etc/dhcp/dhcpd.conf
Configure DHCP Pools and Networks
Configure DHCP Pools and Networks

This is the sample created to hand out IP addresses to a network that is used for the creation of VMWare virtual practice servers. The first line indicates the network as well as the subnet mask for that network. Then inside the brackets are all the options that the DHCP server should provide to hosts on this network.

The first stanza, range 172.27.60.50 172.27.60.254;, is the range of dynamically assignable addresses that the DHCP server can hand out to hosts on this network. Notice that the first 49 addresses aren’t in the pool and can be assigned statically to hosts if needed.

The second stanza, option routers 172.27.60.1; , hands out the default gateway address for all hosts on this network.

The last stanza, option broadcast-address 172.27.60.255;, indicates what the network’s broadcast address. This address SHOULD NOT be a part of the range stanza as the broadcast address can’t be assigned to a host.

Some pointers, be sure to always end the option lines with a semi-colon (;) and always make sure each network created is enclosed in curly braces { }.

7. If there are more networks to create, continue creating them with their appropriate options and then save the text file. Once all configurations have been completed, the ISC-DHCP-Server process will need to be restarted in order to apply the new changes. This can be accomplished with the following command:

# service isc-dhcp-server restart

This will restart the DHCP service and then the administrator can check to see if the server is ready for DHCP requests several different ways. The easiest is to simply see if the server is listening on port 67 via the lsof command:

# lsof -i :67
Check DHCP Listening Port
Check DHCP Listening Port

This output indicates that the DHCPD (DHCP Server daemon) is running and listening on port 67. Port 67 in this output was actually converted to ‘bootps‘ due to a port number mapping for port 67 in /etc/services file.

This is very common on most systems. At this point, the server should be ready for network connectivity and can be confirmed by connecting a machine to the network and having it request a DHCP address from the server.

Step 2: Testing Client Connectivity

8. Most systems now-a-days are using Network Manager to maintain network connections and as such the device should be pre-configured to pull DHCP when the interface is active.

However on machines that aren’t using Network Manager, it may be necessary to manually attempt to pull a DHCP address. The next few steps will show how to do this as well as how to see whether the server is handing out addresses.

The ‘ifconfig‘ utility can be used to check an interface’s configuration. The machine used to test the DHCP server only has one network adapter and it is called ‘eth0‘.

# ifconfig eth0
Check Network Interface IP Address
Check Network Interface IP Address

From this output, this machine currently doesn’t have an IPv4 address, great! Let’s instruct this machine to reach out to the DHCP server and request an address. This machine has the DHCP client utility known as ‘dhclient‘ installed. The DHCP client utility may very from system to system.

# dhclient eth0
Request IP Address from DHCP
Request IP Address from DHCP

Now the 'inet addr:' field shows an IPv4 address that falls within the scope of what was configured for the 172.27.60.0 network. Also notice that the proper broadcast address was handed out as well as subnet mask for this network.

Things are looking promising but let’s check the server to see if it was actually the place where this machine received this new IP address. To accomplish this task, the server’s system log file will be consulted. While the entire log file may contain hundreds of thousands of entries, only a few are necessary for confirming that the server is working properly. Rather than using a full text editor, this time a utility known as ‘tail‘ will be used to only show the last few lines of the log file.

# tail /var/log/syslog
Check DHCP Logs
Check DHCP Logs

Voila! The server recorded handing out an address to this host (HRTDEBXENSRV). It is a safe assumption at this point that the server is working as intended and handing out the appropriate addresses for the networks that it is an authority. At this point the DHCP server is up and running. Configure the other networks, troubleshoot, and secure as necessary.

Enjoy the newly functioning ISC-DHCP-Server and tune in later for more Debian tutorials. In the not too distant future there will be an article on Bind9 and DDNS that will tie into this article.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Rob Turner
Rob Turner is an avid Debian user as well as many of the derivatives of Debian such as Devuan, Mint, Ubuntu, and Kali. Rob holds a Masters in Information and Communication Sciences as well as several industry certifications from Cisco, EC-Council, ISC2, Linux Foundation, and LPI.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

4 Comments

Leave a Reply
  1. Hello Guys,

    I do remember my first dhcp server I ever set up was a Linux machine 12 years ago. Every time people say windows dhcp server for vlans and I smiled.

    Any way keep in mind, Linux kernel which have support for 802.q will able to serve dhcp service also.

    For example here:

    # yum install dhcpd      (for fedora or rhel /cent)
    # dnf install dhcpd      (for fedora 22+)
    # apt-get install dhcpd  (for Ubuntu or Debian)
    

    Create virtual interfaces, you do no need more physical interfaces, in example to make 3 vlan 10.10.10.x, 10.10.20.x, and 10.10.30.x

    # nmcli con modify type vlan ifname vlan10 dev ens33 id 10 ip4 10.10.10.1/24 gw4 10.10.10.254
    # nmcli con add type vlan ifname vlan10 dev ens33 id 10 ip4 10.10.10.1/24 gw4 10.10.10.254
    # nmcli con add type vlan ifname vlan20 dev ens33 id 20 ip4 10.10.20.1/24 gw4 10.10.20.254
    # nmcli con add type vlan ifname vlan30 dev ens33 id 30 ip4 10.10.30.1/24 gw4 10.10.30.254
    

    This for fedora or rhel latest versions.

    For Ubuntu and Debian, command is:

    # vconfig add ens33 10
    # vconfig add ens33 20
    

    Then, configure the network settings for the VLAN interfaces:

    # ip addr add 10.10.10.1/24 dev ens33.10
    

    Bring up the VLAN interface:

    # ip link set eth33.10 up 
    

    Do for all interfaces in Ubuntu and then check ip address and see virutal interfaces pinging..

    Nex, open dhcpd.conf file and edit as follows.

    # option definitions common to all supported networks...
    option domain-name "example.org";
    option domain-name-servers ns1.example.org, ns2.example.org;
    
    default-lease-time 600;
    max-lease-time 7200;
    
    # Use this to enble / disable dynamic dns updates globally.
    #ddns-update-style none;
    
    # If this DHCP server is the official DHCP server for the local
    # network, the authoritative directive should be uncommented.
    #authoritative;
    
    # Use this to send dhcp log messages to a different log file (you also
    # have to hack syslog.conf to complete the redirection).
    log-facility local7;
    
    # No service will be given on this subnet, but declaring it helps the 
    # DHCP server to understand the network topology.
    
    subnet 10.10.0.0 netmask 255.255.0.0 {
    }
    
    # This is a very basic subnet declaration.
    
    subnet 10.10.10.0 netmask 255.255.255.0 {
      range 10.10.10.1 10.10.10.20;
      option routers 10.10.10.1;
    }
    subnet 10.10.20.0 netmask 255.255.255.0 {
      range 10.10.20.1 10.10.20.20;
      option routers 10.10.20.1;
    }
      subnet 10.10.30.0 netmask 255.255.255.0 {
      range 10.10.30.1 10.10.30.20;
      option routers 10.10.30.1;
    }
    

    save the file and start the service and your good to go.

    Connect to trunk port of switch and check it. Any doubts, do let me know.

    my email :[email protected]

    Reply
  2. How many NICs are attached to this server exactly? I’m not too keen on the NIC bonding in Linux yet. Can you elucidate?

    Reply
    • D’jems,

      This particular server only has one NIC. On the network that it was used in, the Cisco router was setup with an ip helper address for other vlans.

      Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.