dhcp config - 2 subnets on one phys net

Randy Grimshaw rgrimsha at syr.edu
Fri Sep 29 15:25:20 UTC 2006

  If you can identify the participants of your private network by
vendorID, OptionRequest characteristics, PreRegistration you can
configure them into a pool with the settings you need.
  Otherwise, perhaps you should consider Tagging the ports used by your
private network as a separate VLAN?

<><Randall Grimshaw
Room 203 Machinery Hall
Syracuse University
Syracuse, NY   13244
rgrimsha at syr.edu

>>> Glenn.Satchell at uniq.com.au 9/29/2006 7:31:49 AM >>>

>X-Original-To: dhcp-users at webster.isc.org 
>X-Authentication-Warning: dionis.sai.msu.ru: igor owned process doing
>Date: Fri, 29 Sep 2006 13:50:21 +0400 (MSD)
>From: Igor Antokhin <igor at sai.msu.ru>
>To: dhcp-users at isc.org 
>Subject: Re: dhcp config - 2 subnets on one phys net
>X-archive-position: 1865
>X-ecartis-version: Ecartis v1.0.0
>X-original-sender: igor at sai.msu.ru 
>List-software: Ecartis version 1.0.0
>X-List-ID: <dhcp-users.isc.org>
>X-list: dhcp-users
>On Fri, 29 Sep 2006, Simon Hobson wrote:
>> Igor Antokhin wrote:
>>> Sorry for a question from a newbie, but I could not find a clear
answer to
>>> mu problem - only pieces of the puzzle...
>>> I have a computer on a physical network It runs
>>> Fedora Core 5. It is just a client machine not providing any
>>> use services like dns printing etc. Now for some reasons I want to
>>> a private network for my department using the same physical
>>> I understand that what I have to do is this:
>> The problem is that you CANNOT provide DHCP to only one of the
>> subnets - at least not without co-ordination with the admin of the
>> existing DHCP.
>> The problem is that even though you can apparently run two
>> (one 'real', one 'virtual'), DHCP relies on broadcasts which do not
>> respect the distinction between the subnets/interfaces.
>I know that and I am willing to coordinate my efforts with the
>> To make it work you will have to be able to identify every client
>> that will be part of your private network (MAC address is usually
>> easiest). On your new dhcp server you will have to service ONLY
>> clients and ignore all others.
>Right, this is what I do.
>> The admin of the existing dhcp server
>> will have to explicitly ignore your clients.
>Hmm, here I am not quite sure. All my clients are on the private
> I thought their broadcast requests would not be
>to the external network (if I do not explicitely relay them). As for
>other clients on the main network, there is not need to worry - my
>will never serve their requests so they will always be servised by
>dhcp server. The problem you mention would potentially affect my
>only - has to be solved, of course...

You said earlier that the two networks run on the same physical
ethernet. When a dhcp client broadcasts it does not know what network
it is on, and so it broadcasts to Your dhcp server
cannot tell which network the client is supposed to be on based on
broadcast address. The same goes for the main production dhcp server -
your clients could be offered addresses by that server.

>> If you don't do this
>> then you will have two dhcp servers fighting each other - yours
>> offer a private address, the other will offer a public address, and
>> whichever the client decides to accept, one or other dhcp server
>> reply with a NAK.
>So if I am correct above there should be no fight...

Unfortunately, with the information you have provided, you are not

>> Unless you specifically want to play with the dhcp, you might be
>> better talking with the network admin and see if he can just set up
>> the dhcp for your private network on the existing server - be a
>> lot less effort overall.
>That's the whole problem. Unfortunately our local administration is
>very reliable and professional :(. Right now the main dhcp server is
>working (for two days already) and nobody seem to care. Actually
>of those two people who are responsible are at work... My clients 
>complain... So I just forsed to provide an independent service. As I
>in my first message my current problem is that I am not sure how I
>my computer as a router and how to setup NAT.

Setting up the router really is beyond the scope of this group.

You might try looking for an appropriate HOWTO at the Linux
documentation project site http://www.tldp.org. To configure NAT try
the Netfilter home page at http://www.netfilter.org and also look at
the man pages for iptables.

http://www.linuxhomenetworking.com also has lots of procedure
for doing many Linux tasks. Don't let the "home" part put you off -
there's lots of info that's useful for work too.

>Thanks for your help.

This is quite a lot of work, mabe it would be better to just "take
over" the functionality of the main dhcp server? I guess there may be
other work related factors that mean you can or can't do that.

Glenn Satchell     mailto:glenn.satchell at uniq.com.au | Some days we
Uniq Advances Pty Ltd         http://www.uniq.com.au | the flies; 
PO Box 70 Paddington NSW Australia 2021              | days we  are
tel:0409-458-580  tel:02-9380-6360  fax:02-9380-6416 | windscreens...

More information about the dhcp-users mailing list