dhcp config - 2 subnets on one phys net

Randy Grimshaw rgrimsha at syr.edu
Fri Sep 29 15:25:20 UTC 2006 

Igor:
  If you can identify the participants of your private network by
vendorID, OptionRequest characteristics, PreRegistration you can
configure them into a pool with the settings you need.
  Otherwise, perhaps you should consider Tagging the ports used by your
private network as a separate VLAN?
<><Randy


<><Randall Grimshaw
Room 203 Machinery Hall
Syracuse University
Syracuse, NY   13244
315-443-5779
rgrimsha at syr.edu

>>> Glenn.Satchell at uniq.com.au 9/29/2006 7:31:49 AM >>>

>X-Original-To: dhcp-users at webster.isc.org 
>X-Authentication-Warning: dionis.sai.msu.ru: igor owned process doing
-bs
>Date: Fri, 29 Sep 2006 13:50:21 +0400 (MSD)
>From: Igor Antokhin <igor at sai.msu.ru>
>To: dhcp-users at isc.org 
>Subject: Re: dhcp config - 2 subnets on one phys net
>X-archive-position: 1865
>X-ecartis-version: Ecartis v1.0.0
>X-original-sender: igor at sai.msu.ru 
>List-software: Ecartis version 1.0.0
>X-List-ID: <dhcp-users.isc.org>
>X-list: dhcp-users
>
>On Fri, 29 Sep 2006, Simon Hobson wrote:
>
>> Igor Antokhin wrote:
>>
>>> Sorry for a question from a newbie, but I could not find a clear
answer to
>>> mu problem - only pieces of the puzzle...
>>>
>>> I have a computer on a physical network 195.208.220.0. It runs
Linux
>>> Fedora Core 5. It is just a client machine not providing any
general
>>> use services like dns printing etc. Now for some reasons I want to
create
>>> a private network for my department using the same physical
ethernet.
>>> I understand that what I have to do is this:
>>
>> The problem is that you CANNOT provide DHCP to only one of the
>> subnets - at least not without co-ordination with the admin of the
>> existing DHCP.
>>
>> The problem is that even though you can apparently run two
interfaces
>> (one 'real', one 'virtual'), DHCP relies on broadcasts which do not
>> respect the distinction between the subnets/interfaces.
>
>I know that and I am willing to coordinate my efforts with the
sysadmins.
>
>> To make it work you will have to be able to identify every client
>> that will be part of your private network (MAC address is usually
>> easiest). On your new dhcp server you will have to service ONLY
those
>> clients and ignore all others.
>
>Right, this is what I do.
>
>> The admin of the existing dhcp server
>> will have to explicitly ignore your clients.
>
>Hmm, here I am not quite sure. All my clients are on the private
network 
>192.168.0.0. I thought their broadcast requests would not be
transferred 
>to the external network (if I do not explicitely relay them). As for
the 
>other clients on the main network, there is not need to worry - my
server 
>will never serve their requests so they will always be servised by
another 
>dhcp server. The problem you mention would potentially affect my
clients 
>only - has to be solved, of course...

You said earlier that the two networks run on the same physical
ethernet. When a dhcp client broadcasts it does not know what network
it is on, and so it broadcasts to 255.255.255.255. Your dhcp server
cannot tell which network the client is supposed to be on based on
this
broadcast address. The same goes for the main production dhcp server -
your clients could be offered addresses by that server.

>> If you don't do this
>> then you will have two dhcp servers fighting each other - yours
will
>> offer a private address, the other will offer a public address, and
>> whichever the client decides to accept, one or other dhcp server
will
>> reply with a NAK.
>
>So if I am correct above there should be no fight...

Unfortunately, with the information you have provided, you are not
correct.

>> Unless you specifically want to play with the dhcp, you might be
>> better talking with the network admin and see if he can just set up
>> the dhcp for your private network on the existing server - be a
whole
>> lot less effort overall.
>
>That's the whole problem. Unfortunately our local administration is
not 
>very reliable and professional :(. Right now the main dhcp server is
not 
>working (for two days already) and nobody seem to care. Actually
nobody 
>of those two people who are responsible are at work... My clients 
>complain... So I just forsed to provide an independent service. As I
said 
>in my first message my current problem is that I am not sure how I
setup 
>my computer as a router and how to setup NAT.

Setting up the router really is beyond the scope of this group.

You might try looking for an appropriate HOWTO at the Linux
documentation project site http://www.tldp.org. To configure NAT try
the Netfilter home page at http://www.netfilter.org and also look at
the man pages for iptables.

http://www.linuxhomenetworking.com also has lots of procedure
documents
for doing many Linux tasks. Don't let the "home" part put you off -
there's lots of info that's useful for work too.

>Thanks for your help.

This is quite a lot of work, mabe it would be better to just "take
over" the functionality of the main dhcp server? I guess there may be
other work related factors that mean you can or can't do that.

regards,
-glenn
--
Glenn Satchell     mailto:glenn.satchell at uniq.com.au | Some days we
are
Uniq Advances Pty Ltd         http://www.uniq.com.au | the flies; 
some
PO Box 70 Paddington NSW Australia 2021              | days we  are
the
tel:0409-458-580  tel:02-9380-6360  fax:02-9380-6416 | windscreens...

More information about the dhcp-users mailing list