Problems with shared-network
Simon Hobson
dhcp1 at thehobsons.co.uk
Tue Oct 10 06:40:49 UTC 2006
Marco Carvalho wrote:
>First, I'm using ISC DHCP Server V3.0.1
There's been quite a few bug fixes since that - though that isn't the
cause of your problem.
>I have a little trouble with follow DHCP configuration. I have some
>shared-networks configured in a single wire, each subnet is a
>separate building connected to a single access point via wireless
>bridge.
>
>My probem is that some clients grab an IP in correct subnet based on
>MAC address, but some insist in grab an IP in first shared-network
>listed on dhcpd.conf (in this case, 192.168.200.0), even if MAC
>address is in another shared-network.
There is no such thing as "MAC address is in another shared-network" !
This topic has been discussed to death in the last month or two and
was a fairly common one before that. You are misusing the HOST
declarations, read this carefully :
Putting a host declaration inside a subnet or shared network does NOT
in any way tie that host to the subnet. The client will still be free
to get an address from any subnet where it's location and/or access
rules allow. The only effect of putting a host statement inside a
subnet is that the client will inherit options from the subnet
instead of the correct options from the subnet where it gets it's
lease.
I suspect you are also having a problem where these clients get what
you think is the wrong address along with things like default routers
from the subnet you expected the address to come from.
>If anyone have any clue, I will be thankful.
Yes, check 'man dhcpd.conf' and look for the part about classes, and
in particular subclasses. You will find there an example of how to
assign clients to classes based on MAC address - you can then
restrict pools to specific classes by adding "allow <someclassname>".
Just remember that this assigns clients to subnets based on MAC
address, NOT physical location - so when a client goes to another
building, they will appear to be in their 'home network' when they
are not.
However, I would suggest that this may be a poor setup for the
network - it all depends on your requirements. Since you have a
different subnet for each building, it's clear that you want the
segregation that goes with it, but a wireless bridge does not
segregate broadcast traffic - I'd go so far as to suggest that the
broadcast traffic with multiple subnets is more than with just one
big subnet. You also don't get much security as any client can be
hard coded with any address and so access any part of the network.
A small router put between each subnet and the wireless bridge would
simplify your network. Your DHCP config is simpler (the server will
use the relay agents address to work out where each client is and
automatically assign an address), and your broadcast traffic on the
wireless bridge is almost eliminated. You gain some slight security
(a user can no longer pretend to be in the wrong building) and you
can apply some access controls bases on IP address if required.
Simon
More information about the dhcp-users
mailing list