What does "Interface xxx matches multiple shared networks" means in the context of VLANs?

Question

I have an AP which broadcasts several SSIDs tagged with different VLANs. The AP is wired to a server which manages the traffic.

There are several different well documented ways to set up a DHCP server to manage such VLANs. For testing purposes I have a tagged and non-tagged network defined on a lan0 interface:

root@srv ~# ip addr

3: lan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:1b:21:5c:29:64 brd ff:ff:ff:ff:ff:ff
    inet 10.100.10.254/24 brd 10.100.10.255 scope global lan0:10
       valid_lft forever preferred_lft forever
    inet 10.10.10.254/24 brd 10.10.10.255 scope global lan0
       valid_lft forever preferred_lft forever
(...)

35: lan0.10@lan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:1b:21:5c:29:64 brd ff:ff:ff:ff:ff:ff
    inet 10.100.10.254/24 brd 10.100.10.255 scope global lan0.10
       valid_lft forever preferred_lft forever

This corresponds to the entries in /etc/network/interfaces

auto lan0
iface lan0 inet static
        address 10.10.10.254
        netmask 255.255.255.0

auto lan0.10
iface lan0.10 inet static
        address 10.100.10.254
        netmask 255.255.255.0
        vlan-raw-device lan0

I want to serve on the DHCP server both of these networks:

subnet 10.10.10.0 netmask 255.255.255.0 {
        range 10.10.10.100 10.10.10.200;
        option routers 10.10.10.254;
        option domain-name-servers 10.10.10.254;
}

subnet 10.100.10.0 netmask 255.255.255.0 {
    range 10.100.10.100 10.100.10.200;
    option routers 10.100.10.254;
    option domain-name-servers 10.100.10.254;
}

When starting the DHCP server I get

root@srv ~# /usr/sbin/dhcpd -d -f
Internet Systems Consortium DHCP Server 4.3.3
Copyright 2004-2015 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /etc/dhcp/dhcpd.conf
Database file: /var/lib/dhcp/dhcpd.leases
PID file: /var/run/dhcpd.pid
Wrote 0 deleted host decls to leases file.
Wrote 0 new dynamic host decls to leases file.
Wrote 14 leases to leases file.
Interface lan0 matches multiple shared networks

What does this error message mean in the context of my configuration?

Answer 1

You have same ip address 10.100.10.254/24 on two different interfaces lan0 and lan0.10. lan0:10 is the same interface lan0. It is used to assign several ip addresses on one interface.

Your /etc/network/interfaces config is right. I think you will not give dhcp error after reboot.

Be sure that network-manager will not add second ip address on interface lan0.

Answer 2

In my case, I created two networks, both attached to the same interface.

This is really easy to do now a day, especially with the netplan setup:

network:
    version: 2
    renderer: networkd
    ethernets:
        eno1:
            addresses:
                - 192.168.11.1/24
                - 10.11.23.1/24

And I use that a lot, all the time, everywhere... Then in the DHCP setup, I created two subnet entries like so:

subnet 192.168.11.0 netmask 255.255.255.0 {
   # various options
}
subnet 10.11.23.0 netmask 255.255.255.0 {
various options
}

What I did not yet know is the fact that the ISC DHCP server is not happy about such. If I want to accept DHCP on more than one network, it just can't be on the same interface.

With such a setup and attempting to allow DHCP on 192.168.11.x. and 10.11.23.x, the current implementation gives me the same error (Interface XXX matches multiple shared networks).

It took me a while to understand the issue. I had to move everything on the same network. I was trying to add a new network as the old one was running out of IPs, but keep the old one as is. No dice...

One possible answer if the network is similar enough is to enlarge your mask as mentioned here.

Why can't DHCP support more than one subnet on one interface?

The DHCP system detects incoming ARP traffic. ARP is specific to an interface, not an IP address. It then sends the IP address information to the client. If you define multiple subnet on the same interface, DHCP would not know which IP address to use for that request.

I suppose it would be possible if you were to define each and every single host (i.e. match on a Mac address and assign a specific IP address to that Mac address). But the point of DHCP is to automatically assign IP addresses, and that's the one limitation imposed by the ISC implementation.