Problems with shared-network

Simon Hobson dhcp1 at thehobsons.co.uk
Tue Oct 10 06:40:49 UTC 2006


Marco Carvalho wrote:

>First, I'm using ISC DHCP Server V3.0.1

There's been quite a few bug fixes since that - though that isn't the 
cause of your problem.

>I have a little trouble with follow DHCP configuration. I have some
>shared-networks configured in a single wire,  each subnet is a
>separate building connected to a single access point via wireless
>bridge.
>
>My probem is that some clients grab an IP in correct subnet based on
>MAC address, but some insist in grab an IP in first shared-network
>listed on dhcpd.conf (in this case, 192.168.200.0), even if MAC
>address is in another  shared-network.

There is no such thing as "MAC address is in another shared-network" !

This topic has been discussed to death in the last month or two and 
was a fairly common one before that. You are misusing the HOST 
declarations, read this carefully :

Putting a host declaration inside a subnet or shared network does NOT 
in any way tie that host to the subnet. The client will still be free 
to get an address from any subnet where it's location and/or access 
rules allow. The only effect of putting a host statement inside a 
subnet is that the client will inherit options from the subnet 
instead of the correct options from the subnet where it gets it's 
lease.

I suspect you are also having a problem where these clients get what 
you think is the wrong address along with things like default routers 
from the subnet you expected the address to come from.

>If anyone have any clue, I will be thankful.

Yes, check 'man dhcpd.conf' and look for the part about classes, and 
in particular subclasses. You will find there an example of how to 
assign clients to classes based on MAC address - you can then 
restrict pools to specific classes by adding "allow <someclassname>".

Just remember that this assigns clients to subnets based on MAC 
address, NOT physical location - so when a client goes to another 
building, they will appear to be in their 'home network' when they 
are not.



However, I would suggest that this may be a poor setup for the 
network - it all depends on your requirements. Since you have a 
different subnet for each building, it's clear that you want the 
segregation that goes with it, but a wireless bridge does not 
segregate broadcast traffic - I'd go so far as to suggest that the 
broadcast traffic with multiple subnets is more than with just one 
big subnet. You also don't get much security as any client can be 
hard coded with any address and so access any part of the network.

A small router put between each subnet and the wireless bridge would 
simplify your network. Your DHCP config is simpler (the server will 
use the relay agents address to work out where each client is and 
automatically assign an address), and your broadcast traffic on the 
wireless bridge is almost eliminated. You gain some slight security 
(a user can no longer pretend to be in the wrong building) and you 
can apply some access controls bases on IP address if required.

Simon


More information about the dhcp-users mailing list